我试图找到ELF文件的基地址.我知道您可以使用readelf查找程序入口点和不同的部分详细信息(基址,大小,标志等).

例如,x86体系结构的程序基于链接器的0x8048000.使用readelf我可以看到程序入口点,但输出中没有特定字段告诉基地址.

$readelf -e test

ELF Header:

Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00

Class: ELF32

Data: 2's complement,little endian

Version: 1 (current)

OS/ABI: UNIX - System V

ABI Version: 0

Type: EXEC (Executable file)

Machine: Intel 80386

Version: 0x1

Entry point address: 0x8048390

Start of program headers: 52 (bytes into file)

Start of section headers: 4436 (bytes into file)

Flags: 0x0

Size of this header: 52 (bytes)

Size of program headers: 32 (bytes)

Number of program headers: 9

Size of section headers: 40 (bytes)

Number of section headers: 30

Section Headers:

[Nr] Name Type Addr Off Size ES Flg Lk Inf Al

[ 0] NULL 00000000 000000 000000 00 0 0 0

[ 1] .interp PROGBITS 08048154 000154 000013 00 A 0 0 1

[ 2] .note.ABI-tag NOTE 08048168 000168 000020 00 A 0 0 4

[ 3] .note.gnu.build-i NOTE 08048188 000188 000024 00 A 0 0 4

[ 4] .gnu.hash GNU_HASH 080481ac 0001ac 000024 04 A 5 0 4

[ 5] .dynsym DYNSYM 080481d0 0001d0 000070 10 A 6 1 4

在部分细节中,我可以看到Offset是根据ELF的基地址计算的.

因此,.dynsym部分从地址0x080481d0开始,偏移量为0x1d0.这意味着基地址为0x08048000.它是否正确？

同样,对于在PPC,ARM,MIPS等不同架构上编译的程序,我看不到它们的基址,只能看到OEP,Section Headers.