What exactly is the size of an ELF symbol (both for 64 & 32 bit) & how do you parse it
According to oracles documentation on the ELF file format a 64 bit elf symbol is 30 bytes in size (8 + 1 + 1 + 4 + 8 + 8), However when i use readelf to print out the sections headers of an elf file, & then inspect the "EntSize" (entry size) member of the symbol table section header, it reads that the symbol entries are in fact only hex 0x18 (dec 24) in size.
I have attached a picture of readelfs output next to the oracle documentation. The highlighted characters under "SYMTAB" is the "EntSize" member.
As i am about to write an ELF parser i am curious as to which i should believe? the read value of the EntSize member or the documentation?
I have also attempted to look for an answer in this ELF documentation however it doesn't seem to go into any detail of the 64 bit ELF structures.
It should be noted that the ELF file i run readelf on, in the above picture, is a 64bit executable
EICLASS, the byte just after the ELF magic number, contains the "class" of the ELF file, with the value "2" (in hex of course) meaning a 64 bit class.
When the 32 bit standard was drafted there were competing popular 64 bit architectures. The 32 bit standard was a bit vague about the 64 bit standard as it was quite possible at that time to imagine multiple competing 64 bit standards
https://www.uclibc.org/docs/elf-64-gen.pdf
should cover the 64 bit standard with better attention to the 64 bit layouts.
The way you "parse" it is to read the bytes in the order described in the struct.
typedef struct { Elf64_Word st_name; unsigned char st_info; unsigned char st_other; Elf64_Half st_shndx; Elf64_Addr st_value; Elf64_Xword st_size; } Elf64_Sym;
The first 8 bytes are a st_name, the next byte is a st_info, and so on. Of course, it is critical to know where the struct "starts" within the file, and the spec above should help with that.
"64" in this case means a "64 bit entry", byte means an 8 bit entry, and so on.
the Elf64_Sym has 8+1+1+8+8+8 bytes in it, or 34 bytes.
- Is it possible to generate an executable (.exe) of a jupyter-notebook?
- How to pack a python to exe while keeping .py source code editable?
- Pyinstaller EXE's __file__ refers to a .py file
- How can the terminal output of executables run by Python functions be silenced in a general way?
- Getting the error: bash: (program): cannot execute binary file: Exec format error, on both 32-bit and 64-bit Windows
- When to use embed?
- Pyinstaller setting icons don't change
- conda executable not found in pycharm
- How do I get my executable's location using Fortran?
- How to bind 64-bit and 32-bit executable into one?
- Get paths of all applications in the registry
- Single executable binary of Ruby gem
- Is it possible to decompile a C++ executable file
- Segments with the same offset and permissions in /proc/procid/maps
- How to package an html webpage such as html, js, css into a single .exe executable program file?
- How to check the size of packages linked into my Go code
- Determine target ISA extensions of binary file in Linux (library or executable)
- How can I generate an ELF file with GCC?
- Python files to an MSI Windows installer
- creating 100% standalone executable jar that doesn't require the java command
- How to convert a .java or a .jar file into a Linux executable file ( without a .jar extension, which means it's not a .jar file )
- How to disassemble a binary executable in Linux to get the assembly code?
- How do I produce multiple executables using Nuitka for Python?
- Why can't I run my python executables in busybox?
- Use poetry to create binary distributable with pyinstaller on 'package'?
- Python executable not working if console is hidden, using Tkinter GUI
- Change the executable name after compiling Python code with cx_freeze
- Merge a Json and python file into a single .EXE
- making a single-jar java application
- Custom installation file for Windows program