How to obtain number of entries in ELF's symbol table?

Question

Consider standard hello world program in C compiled using GCC without any switches. As readelf -s says, it contains 64 symbols. It says also that .symtab section is 1024 bytes long. However each symbol table entry has 18 bytes, so how it is possible it contains 64 entries? It should be 56 entries. I'm constructing my own program which reads symbol table and it does not see those "missing" entries as it reads till section end. How readelf knows how long to read?

Answer 1

As one can see in elf.h, symbol entry structure looks like that:

typedef struct elf32_sym {
  Elf32_Word    st_name;
  Elf32_Addr    st_value;
  Elf32_Word    st_size;
  unsigned char st_info;
  unsigned char st_other;
  Elf32_Half    st_shndx;
} Elf32_Sym;

Elf32_Word and Elf32_Addr are 32 bit values, `Elf32_Half' is 16 bit, chars are 8 bit. That means that size of structure is 16 not 18 bytes. Therefore 1024 bytes long section gives exactly 64 entries.

Answer 2

The file size of an ELF data type can differ from the size of its in-memory representation.

You can use the elf32_fsize() and elf64_fsize() functions in libelf to retrieve the file size of an ELF data type.

Answer 3

The entries are aligned to each other and padded with blanks, therefore the size mismatch. Check out this mailthread for a similar discussion.

As for your code, I suggest to check out the source for readelf, especially the function process_symbol_table() in binutils/readelf.c.