readelf Command in Linux

Previous
Quiz

The readelf command in Linux is a powerful utility for displaying information about ELF (Executable and Linkable Format) files. ELF is a standard format for executables, object code, shared libraries, and core dumps in Unix-like operating systems.

The readelf command is part of the GNU Binutils package and provides detailed information about the structure and contents of ELF files.

Table of Contents

Here is a comprehensive guide to the options available with the readelf command −

Understanding readelf Command

The readelf command provides detailed insights into the structure and contents of ELF files, which are commonly used for executables, object code, shared libraries, and core dumps in Unix-like operating systems.

Let's install it −

sudo apt install binutils
readelf Command in Linux1

With readelf, users can examine headers, sections, symbols, and other components of ELF files, making it an invaluable tool for developers and system administrators who need to debug or analyze binary files.

readelf
readelf Command in Linux2

Syntax of readelf Command

The basic syntax of the readelf command is as follows −

readelf [options] filename

filename − The ELF file to be examined.

How to Use readelf Command in Linux

The readelf command in Linux is a powerful utility used to display information about ELF (Executable and Linkable Format) files. ELF is a common file format for executables, object files, and shared libraries in Unix-like systems.

Display All Information

To display all information about an ELF file, you can use the following command −

readelf -a myprogram

For example, to display all information about a file named myprogram, you would use −

readelf -a myprogram
readelf Command in Linux3

Displaying Strings

-p <section_name>: The -p option displays the contents of a specific section. In this case, it displays the string table (.strtab) section, which contains the actual names of symbols and sections.

readelf -p .strtab myprogram
readelf Command in Linux4

Display the ELF File Header

The ELF file header contains important information about the ELF file, such as the file type, architecture, entry point address, and the offsets and sizes of the program and section headers. The readelf -h command displays this information in a readable format.

To display the ELF file header, you can use the following command −

readelf -h example.elf

For example, to display the ELF file header of a file named myprogram, you would use −

readelf -h myprogram
readelf Command in Linux5

Display the Program Headers

The program headers describe the segments of the ELF file that are loaded into memory when the program is executed. Each program header contains information about the segment's type, offset, virtual address, physical address, file size, memory size, and permissions.

To display the program headers, you can use the following command −

readelf -l example.elf

The -l option displays the program headers, which describe how the file should be loaded into memory when executed.

For example, to display the program headers of a file named myprogram, you would use −

readelf -l myprogram
readelf Command in Linux6

Display the Section Headers

The section headers describe the sections of the ELF file, which include code, data, and other information needed by the program. Each section header contains information about the section's name, type, address, offset, size, and attributes.

To display the section headers, you can use the following command −

readelf -S example.elf

For example, to display the section headers of a file named myprogram, you would use −

readelf -S myprogram
readelf Command in Linux7

Display the Symbol Table

The symbol table contains information about the symbols defined and used by the program, such as function names, variable names, and their addresses. The readelf -s command displays the symbol table.

To display the symbol table, you can use the following command −

readelf -s example.elf

For example, to display the symbol table of a file named myprogram, you would use −

readelf -s myprogram
readelf Command in Linux8

Display the Relocation Entries

The relocation entries describe how the addresses in the program should be adjusted when the program is loaded into memory. Each relocation entry contains information about the offset, type, and symbol to be relocated. The readelf -r command displays the relocation entries.

To display the relocation entries, you can use the following command −

readelf -r example.elf

The -r option displays relocation entries, which describe how to adjust addresses of symbols at runtime.

For example, to display the relocation entries of a file named myprogram, you would use −

readelf -r myprogram
readelf Command in Linux9

Display Notes

-n: The -n option displays any notes associated with the ELF file. Notes are used to store additional information, such as build information or debugging data.

readelf -n <elf_file>

Display the Dynamic Section

The dynamic section contains information needed for dynamic linking, such as the names and addresses of shared libraries used by the program. The readelf -d command displays the dynamic section.

To display the dynamic section, you can use the following command −

readelf -d example.elf

For example, to display the dynamic section of a file named myprogram, you would use −

readelf -d myprogram
readelf Command in Linux10

Display Version Information

The version information describes the versions of the shared libraries used by the program. The readelf -V command displays the version information.

To display the version information, you can use the following command −

readelf -V example.elf

For example, to display the version information of a file named myprogram, you would use −

readelf -V myprogram
readelf Command in Linux11

Displaying the Contents of a Section in Hexadecimal

The hexadecimal dump displays the contents of a specified section in hexadecimal format. This can be useful for examining the raw data in a section. The readelf -x command displays the hexadecimal dump of a section.

To display the contents of a section in hexadecimal, you can use the following command −

readelf -x .text example.elf

For example, to display the contents of the .text section of a file named myprogram in hexadecimal, you would use −

readelf -x .text myprogram
readelf Command in Linux12

You can combine multiple options to display various aspects of an ELF file in a single command. For example −

readelf -h -S -s my_program
readelf Command in Linux13

This command will display the ELF header, section headers, and symbol table for the my_program executable.

readelf is an essential tool for understanding the structure and contents of ELF files.It provides valuable information for debugging, analysis, and reverse engineering. By using different options, you can extract specific information tailored to your needs.

Conclusion

The readelf command is a powerful tool for examining the structure and contents of ELF files. By understanding the syntax, options, and common use cases of the readelf command, you can effectively use it to analyze and debug ELF files.

Whether you are a developer, system administrator, or security researcher, the readelf command provides valuable insights into the inner workings of ELF files.

Print Page
Previous
Next