使用readelf分析so文件

版权归作者所有，如有转发，请注明文章出处：https://cyrus-studio.github.io/blog/

readelf

readelf 是一个用于读取和显示 ELF（Executable and Linkable Format）文件信息的工具。虽然 readelf 工具本身是为 Unix-like 操作系统设计的，但你可以在 Windows 上通过 WSL 使用它。

WSL 允许你在 Windows 上运行 Linux 发行版，并且可以在其中使用 readelf 工具。

安装 WSL

打开 PowerShell 以管理员身份运行，并执行以下命令启用 WSL 并安装 Ubuntu 系统

wsl --install -d Ubuntu

然后设置用户账户和密码。

通过 wsl 命令进入 Ubuntu 系统。

在 wsl 中 /mnt/d 对应的就是 windows 下的 D 盘，其他同理。

使用 readelf

调用 readelf -a 一次性查看文件中的所有信息，包括文件头、程序头、节头、符号表、动态节等。

readelf -a libGameVMP.so

ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              DYN (Shared object file)
  Machine:                           AArch64
  Version:                           0x1
  Entry point address:               0x2650
  Start of program headers:          64 (bytes into file)
  Start of section headers:          130160 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         7
  Size of section headers:           64 (bytes)
  Number of section headers:         7
  Section header string table index: 1

Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 1] .shstrtab         STRTAB           000000000001fe30  0001fe30
       0000000000000035  0000000000000000           0     0     0
  [ 2] .dynsym           DYNSYM           0000000000000518  00000518
       0000000000000048  0000000000000018   A       3     1     4
  [ 3] .dynstr           STRTAB           0000000000000ec0  00000ec0
       0000000000000342  0000000000000000   A       0     0     0
  [ 4] .symtab           SYMTAB           000000000001fe65  0001fe65
       0000000000000048  0000000000000018   A       5     1     4
  [ 5] .strtab           STRTAB           000000000001fead  0001fead
       000000000000002b  0000000000000000   A       0     0     1
  [ 6] .dynamic          DYNAMIC          000000000006eae8  0001dae8
       0000000000000240  0000000000000008  AX       3     0     4
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
  L (link order), O (extra OS processing required), G (group), T (TLS),
  C (compressed), x (unknown), o (OS specific), E (exclude),
  D (mbind), p (processor specific)

There are no section groups in this file.

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x000000000001cba4 0x000000000001cba4  R E    0x10000
  LOAD           0x000000000001d9e8 0x000000000006e9e8 0x000000000006e9e8
                 0x00000000000021de 0x0000000000002418  RW     0x1000
  DYNAMIC        0x000000000001dae8 0x000000000006eae8 0x000000000006eae8
                 0x0000000000000240 0x0000000000000240  RW     0x8
  NOTE           0x00000000000001c8 0x00000000000001c8 0x00000000000001c8
                 0x0000000000000024 0x0000000000000024  R      0x4
  GNU_EH_FRAME   0x0000000000015634 0x0000000000056634 0x0000000000056634
                 0x0000000000001afc 0x0000000000001afc  R      0x4
  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000000000 0x0000000000000000  RW     0x10
  GNU_RELRO      0x000000000001d9e8 0x000000000006e9e8 0x000000000006e9e8
                 0x0000000000000618 0x0000000000000618  R      0x1

 Section to Segment mapping:
  Segment Sections...
   00     .dynsym .dynstr
   01     .dynamic
   02     .dynamic
   03
   04
   05
   06     .dynamic

Dynamic section at offset 0x1dae8 contains 32 entries:
  Tag        Type                         Name/Value
 0x0000000000000001 (NEEDED)             Shared library: [liblog.so]
 0x0000000000000001 (NEEDED)             Shared library: [libandroid.so]
 0x0000000000000001 (NEEDED)             Shared library: [libz.so]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so]
 0x0000000000000001 (NEEDED)             Shared library: [libm.so]
 0x0000000000000001 (NEEDED)             Shared library: [libstdc++.so]
 0x0000000000000001 (NEEDED)             Shared library: [libdl.so]
 0x000000000000000e (SONAME)             Library soname: [libGameVMP.so]
 0x000000000000000c (INIT)               0x1bd68
 0x0000000000000019 (INIT_ARRAY)         0x6e9e8
 0x000000000000001b (INIT_ARRAYSZ)       216 (bytes)
 0x000000000000001a (FINI_ARRAY)         0x6eac0
 0x000000000000001c (FINI_ARRAYSZ)       16 (bytes)
 0x0000000000000004 (HASH)               0x1f0
 0x0000000000000005 (STRTAB)             0xec0
 0x0000000000000006 (SYMTAB)             0x518
 0x000000000000000a (STRSZ)              834 (bytes)
 0x000000000000000b (SYMENT)             24 (bytes)
 0x0000000000000003 (PLTGOT)             0x6ed28
 0x0000000000000002 (PLTRELSZ)           1488 (bytes)
 0x0000000000000014 (PLTREL)             RELA
 0x0000000000000017 (JMPREL)             0x1c78
 0x0000000000000007 (RELA)               0x1330
 0x0000000000000008 (RELASZ)             2376 (bytes)
 0x0000000000000009 (RELAENT)            24 (bytes)
 0x0000000000000018 (BIND_NOW)
 0x000000006ffffffb (FLAGS_1)            Flags: NOW
 0x000000006ffffffe (VERNEED)            0x12d0
 0x000000006fffffff (VERNEEDNUM)         3
 0x000000006ffffff0 (VERSYM)             0x1202
 0x000000006ffffff9 (RELACOUNT)          76
 0x0000000000000000 (NULL)               0x0

There are no static relocations in this file.
To see the dynamic relocations add --use-dynamic to the command line.

The decoding of unwind sections for machine type AArch64 is not currently supported.

Symbol table '.dynsym' contains 3 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 0000000000002650     0 SECTION LOCAL  DEFAULT bad section index[ 10]
readelf: Warning: local symbol 1 found at index >= .dynsym's sh_info value of 1
     2: 000000000006ead0     0 SECTION LOCAL  DEFAULT bad section index[ 16]
readelf: Warning: local symbol 2 found at index >= .dynsym's sh_info value of 1

Symbol table '.symtab' contains 3 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __stack_chk_fail
     2: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __intel_security[...]

Histogram for bucket list length (total of 97 buckets):
 Length  Number     % of total  Coverage
      0  38         ( 39.2%)
      1  29         ( 29.9%)     29.0%
      2  20         ( 20.6%)     69.0%
      3  9          (  9.3%)     96.0%
      4  1          (  1.0%)    100.0%

No version information found in this file.

Displaying notes found at file offset 0x000001c8 with length 0x00000024:
  Owner                Data size        Description
  GNU                  0x00000014       NT_GNU_BUILD_ID (unique build ID bitstring)
    Build ID: 7e55cc28965ecb053c55055043d9f1ed3260a498

自动化脚本

新一个 soinfo.sh，编写一个简单的Shell脚本，调用 readelf -a 命令并将输出保存到同名的 .txt 文件中。

#!/bin/bash

# 检查是否提供了SO文件
if [ -z "$1" ]; then
  echo "Usage: $0 <path_to_so_file>"
  exit 1
fi

# 提取输入文件的文件名
so_file="$1"

# 检查文件是否存在
if [ ! -f "$so_file" ]; then
  echo "Error: File '$so_file' not found!"
  exit 1
fi

# 获取文件名（不含扩展名）
base_name=$(basename "$so_file" .so)

# 创建输出文件名（.txt文件）
output_file="${base_name}.txt"

# 调用 readelf -a 并将结果导出到输出文件
readelf -a "$so_file" > "$output_file"

# 提示用户操作成功
echo "Information exported to $output_file"

创建 scripts 目录，并把 soinfo.sh 放到该目录下。
执行 nano ~/.bashrc 命令，把 scripts 目录添加到环境变量

export PATH=$PATH:/mnt/e/scripts

修改保存后，执行 source ~/.bashrc 使其生效。

之后就可以调用 soinfo.sh <so_path> 将 SO 文件的信息导出到同名的
.txt 文件

soinfo.sh libGameVMP.so

readelf: Warning: local symbol 1 found at index >= .dynsym's sh_info value of 1
readelf: Warning: local symbol 2 found at index >= .dynsym's sh_info value of 1
Information exported to libGameVMP.txt

原文地址：https://blog.csdn.net/linchaolong/article/details/142643160

免责声明：本站文章内容转载自网络资源，如本站内容侵犯了原著者的合法权益，可联系本站删除。更多内容请关注自学内容网（zxcms.com）！