- Learning Linux Binary Analysis
- Ryan “elfmaster” O'Neill
- 328字
- 2021-07-16 12:56:52
Chapter 2. The ELF Binary Format
In order to reverse-engineer Linux binaries, you must understand the binary format itself. ELF has become the standard binary format for Unix and Unix-flavor OSes. In Linux, BSD variants, and other OSes, the ELF format is used for executables, shared libraries, object files, coredump files, and even the kernel boot image. This makes ELF very important to learn for those who want to better understand reverse engineering, binary hacking, and program execution. Binary formats such as ELF are not generally a quick study, and to learn ELF requires some degree of application of the different components that you learn as you go. Real, hands-on experience is necessary to achieve proficiency. The ELF format is complicated and dry, but can be learned with some enjoyment when applying your developing knowledge of it in reverse engineering and programming tasks. ELF is really quite an incredible composition of computer science at work, with program loading, dynamic linking, symbol table lookups, and many other tightly orchestrated components.
I believe that this chapter is perhaps the most important in this entire book because it will give the reader a much greater insight into topics pertaining to how a program is actually mapped out on disk and loaded into memory. The inner workings of program execution are complicated, and understanding it is valuable knowledge to the aspiring binary hacker, reverse engineer, or low-level programmer. In Linux, program execution implies the ELF binary format.
My approach to learning ELF is through investigation of the ELF specifications as any Linux reverse engineer should, and then applying each aspect of what we learn in a creative way. Throughout this book, you will visit many facets of ELF and see how knowledge of it is pertinent to viruses, process-memory forensics, binary protection, rootkits, and more.
In this chapter, you will cover the following ELF topics:
- ELF file types
- Program headers
- Section headers
- Symbols
- Relocations
- Dynamic linking
- Coding an ELF parser
- C++面向?qū)ο蟪绦蛟O(shè)計(jì)(第三版)
- 程序員數(shù)學(xué):用Python學(xué)透線(xiàn)性代數(shù)和微積分
- Python高級(jí)編程
- 營(yíng)銷(xiāo)數(shù)據(jù)科學(xué):用R和Python進(jìn)行預(yù)測(cè)分析的建模技術(shù)
- NativeScript for Angular Mobile Development
- GitLab Repository Management
- Android系統(tǒng)級(jí)深入開(kāi)發(fā)
- PLC應(yīng)用技術(shù)(三菱FX2N系列)
- Learning YARN
- 智能手機(jī)APP UI設(shè)計(jì)與應(yīng)用任務(wù)教程
- 自學(xué)Python:編程基礎(chǔ)、科學(xué)計(jì)算及數(shù)據(jù)分析(第2版)
- Oracle實(shí)用教程
- Redmine Cookbook
- Mastering SciPy
- Python第三方庫(kù)開(kāi)發(fā)應(yīng)用實(shí)戰(zhàn)