问题描述
我正在寻找一种快速的方法来检查ELF二进制文件是共享对象还是位置无关的可执行文件。我认为可以通过检查包含的符号/功能来做到这一点。我正在寻找一种无需读取完整文件的更有效方法。我必须在不同的平台(至少Android,Linux(32和64位))上执行检查。
I'm looking for a fast way to check if a ELF binary is a shared object or a position independent executable. I think a can do that by checking the contained symbols / functions. I'm looking for a more efficient way of not having to read the complete file. I have to perform the check on different platforms, at least Android, Linux (32 and 64 bit).
推荐答案
没有办法进行检查:PIE可执行文件是一个共享对象。
There is no way to check: a PIE executable is a shared object.
可以剥离符号,一旦它们被删除,您就可以不知道。
Symbols can be stripped, and once they are, you can't tell.
是的:PIE通常与 Scrt1.o
链接,但是共享库是通常不会。但是也没有什么可以阻止共享库与 Scrt1.o
链接的,甚至在剥离后的二进制文件中,发现启动代码可能会有些问题。
That's true: the PIE is normally linked with Scrt1.o
, but a shared library is normally not. But there is nothing to prevent a shared library to be linked with Scrt1.o
as well, and in a stripped binary even finding that startup code may be somewhat problematic.
如果您真正想要的是在共享库和您自己构建的PIE可执行文件之间进行区分(而不是解决的一般情况) any 共享库和 any PIE),然后检查是否存在 PT_INTERP
( readelf -l a。 out | grep INTERP
)可能是最简单的方法:一个PIE可执行文件保证具有 PT_INTERP
,而共享库通常没有( libc.so.6
是一个明显的例外)。
If what you really want is to distinguish between a shared library and a PIE executable which you built yourself (rather than solving a general case of any shared library and any PIE), then checking for presence of PT_INTERP
(readelf -l a.out | grep INTERP
) is likely the easiest way to go: a PIE executable is guaranteed to have PT_INTERP
, and shared libraries normally don't have it (libc.so.6
is a notable exception).
这篇关于区分共享对象和位置无关的可执行文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!