Home > Archive > Unix Programming > May 2004 > Analysis of exports and imports by executable files
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Analysis of exports and imports by executable files
|
|
| Markus Elfring 2004-05-12, 9:08 pm |
| Hello,
I know that I can use the program "quickview" on Windows to look at
some contents of these file formats. (The program "pedump" can show me
those informations from the command line.)
- http://en.wikipedia.org/wiki/Portable_Executable
- http://en.wikipedia.org/wiki/COFF
Do you know similar Unix tools that can display the exported and
imported functions or symbols for ELF files? (I think that the command
"nm" does not provide all the functionality.)
I want to check dependencies between shared libraries. (.dll or .so
files)
Sincerely,
Markus Elfring
| |
| Jens.Toerring@physik.fu-berlin.de 2004-05-12, 9:08 pm |
| In comp.programming Markus Elfring <Markus.Elfring@web.de> wrote:
> I know that I can use the program "quickview" on Windows to look at
> some contents of these file formats. (The program "pedump" can show me
> those informations from the command line.)
> - http://en.wikipedia.org/wiki/Portable_Executable
> - http://en.wikipedia.org/wiki/COFF
> Do you know similar Unix tools that can display the exported and
> imported functions or symbols for ELF files? (I think that the command
> "nm" does not provide all the functionality.)
> I want to check dependencies between shared libraries. (.dll or .so
> files)
I have no idea what exactly the Windows tools do, but to find out
on which other libraries a shared library (or also a program) depend
can be easily found out using the 'ldd' utility. The '-r' option
allows you to figure out which symbols must be supplied by the
user of the library. But 'nm' also tells you which symbols are
defined in the library and which must be imported, look for the
characters directly after the address (you get the complete docu-
mentation for 'nm' by invoking info with "info binutils" and the
go to the entry for nm, using "info nm" just gives you the man page).
Regards, Jens
--
\ Jens Thoms Toerring ___ Jens.Toerring@physik.fu-berlin.de
\__________________________ http://www.toerring.de
| |
| Nils O. Selåsdal 2004-05-12, 9:08 pm |
| On Thu, 06 May 2004 03:42:59 -0700, Markus Elfring wrote:
> Hello,
>
> I know that I can use the program "quickview" on Windows to look at some
> contents of these file formats. (The program "pedump" can show me those
> informations from the command line.) -
> http://en.wikipedia.org/wiki/Portable_Executable -
> http://en.wikipedia.org/wiki/COFF
>
> Do you know similar Unix tools that can display the exported and imported
> functions or symbols for ELF files? (I think that the command "nm" does
> not provide all the functionality.) I want to check dependencies between
> shared libraries. (.dll or .so files)
readelf,nm,ldd and objdump should get you going. They have many
options, and can operate in many modes.
Try e.g. readelf -a thefile
--
Nils Olav Selåsdal
System Engineer
w w w . u t e l s y s t e m s . c o m
| |
| CBFalconer 2004-05-12, 9:08 pm |
| Markus Elfring wrote:
>
> I know that I can use the program "quickview" on Windows to look
> at some contents of these file formats. (The program "pedump" can
> show me those informations from the command line.)
> - http://en.wikipedia.org/wiki/Portable_Executable
> - http://en.wikipedia.org/wiki/COFF
>
> Do you know similar Unix tools that can display the exported and
> imported functions or symbols for ELF files? (I think that the
> command "nm" does not provide all the functionality.)
> I want to check dependencies between shared libraries. (.dll or
> .so files)
The GNU binutilities objdump and objcopy should handle things.
You can install them under DJGPP on DOS or Windoze.
<http://www.delorie.com>
--
fix (vb.): 1. to paper over, obscure, hide from public view; 2.
to work around, in a way that produces unintended consequences
that are worse than the original problem. Usage: "Windows ME
fixes many of the shortcomings of Windows 98 SE". - Hutchison
| |
| Paul Pluzhnikov 2004-05-12, 9:08 pm |
| Markus.Elfring@web.de (Markus Elfring) writes:
> I want to check dependencies between shared libraries. (.dll or .so
> files)
In addition to 'nm', 'readelf', etc. already mentioned, note that the
symbol/library dependency model on UNIX [1] is drastically different
from that of Win32: on UNIX, the executable/DSO records that it
needs e.g. malloc() from somewhere, but it does *not* record which
other DSO provided that symbol at link time.
This allows one to build DSOs (UNIX equivalent of DLLs) with
unresolved symbols, and to "override" symbol definitions at
runtime. For example:
$ cat junk.c
#include <stdlib.h>
int main() { void *p = malloc(20); return 0; }
$ gcc junk.c
$ ./a.out # malloc from libc.so is used
$ LD_PRELOAD=/usr/lib/libmtmalloc.so ./a.out # different malloc
# implementation is used
[1] AIX is the only UNIX I know that (by default) uses Win32-like
binding:
$ gcc junk.c
$ dump -Tv a.out | grep malloc
[6] 0x00000000 undef IMP DS EXTref libc.a(shr.o) malloc
This AIX (mis)feature causes no end of grief when UNIX programs
utilizing dynamic linking are ported to it. Fortunately IBM recently
introduced "deferred binding", which makes it work similar to all
other UNIXes.
Cheers,
--
In order to understand recursion you must first understand recursion.
Remove /-nsp/ for email.
| |
| Markus Elfring 2004-05-12, 9:08 pm |
| > I have no idea what exactly the Windows tools do, but to find out
> on which other libraries a shared library (or also a program) depend
> can be easily found out using the 'ldd' utility.
Thanks for this hint. The programm "ldd" can find other libraries, but
it does not display the referenced functions.
How can be looked into the executables if the tool "readelf" is not
installed?
What are the names of similar programs from different Unix flavors?
| |
| Jens.Toerring@physik.fu-berlin.de 2004-05-12, 9:08 pm |
| In comp.unix.programmer Markus Elfring <Markus.Elfring@web.de> wrote:
[color=darkred]
> Thanks for this hint. The programm "ldd" can find other libraries, but
> it does not display the referenced functions.
I am probably not understanding exactly what you're looking for.
It seems as you want to take an executable and find out which
functions (or symbols) it references in which library. Is that
correct? I've got to admit that my interest never went that far.
If I would like to have that kind of information I probably would
start with writing Perl script that takes the output of 'nm' when
run on the executable, extracting the undefined symbols in it,
and matching that symbols against the symbols marked as defined
from the output of 'nm' when run on the libraries listed by 'ldd'
- I guess cobbling such a script together wouldn't take too much
effort. But I am probably underestimating the complexity of the
problem and, even worse, lacking the knowledge about tools that
may already exist for that purpose.
> How can be looked into the executables if the tool "readelf" is not
> installed? What are the names of similar programs from different
> Unix flavors?
Looks like your not using a system where the usual GNU tools (i.e.
from the binutils package) are available, like one of the machines
I have access to at the moment. I hope that when you tell on what
system you want to do that the more experienced people reading
this will come to the rescue. Alternatively, look out for a group
dealing with the system(s) you're interested in. I obviously don't
have the knowledge to answer these questions.
Regards, Jens
--
\ Jens Thoms Toerring ___ Jens.Toerring@physik.fu-berlin.de
\__________________________ http://www.toerring.de
| |
| Shaun Clowes 2004-05-12, 9:08 pm |
|
"Markus Elfring" <Markus.Elfring@web.de> wrote in message
news:40ed1d8f.0405070739.601b6cb9@posting.google.com...
>
> Thanks for this hint. The programm "ldd" can find other libraries, but
> it does not display the referenced functions.
It's apparently a little known fact that ldd is a very simple shim for the
system dynamic linker. In it's most simple case all it does it set the
LD_TRACE_LOADED_OBJECTS environment variable and run the program:
$ LD_TRACE_LOADED_OBJECTS=1 ls
libtermcap.so.2 => /lib/libtermcap.so.2 (0x40021000)
libc.so.6 => /lib/libc.so.6 (0x40025000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
But you can do all sorts of other things by providing environment variables
to the dynamic linker (on Linux at least). For example, you wanted to see
the binding of symbols to libraries:
$ LD_DEBUG=bindings ls
....
09545: binding file ls to /lib/libc.so.6: normal symbol `realloc'
[GLIBC_2.0]
You can see the other debug options using LD_DEBUG=help
Cheers,
Shaun
| |
| those who know me have no need of my name 2004-05-12, 9:08 pm |
| in comp.unix.programmer i read:
>It's apparently a little known fact that ldd is a very simple shim for the
>system dynamic linker.
this is not universally true.
--
a signature
| |
| Shaun Clowes 2004-05-12, 9:08 pm |
| "those who know me have no need of my name" <not-a-real-address@usa.net>
wrote in message news:m13c69nosz.gnus@usa.net...
> in comp.unix.programmer i read:
>
the[color=darkred]
>
> this is not universally true.
Indeed, so very very little is in the Unix world.
To clarify, the basic functionality of ldd (i.e listing dependent libraries)
is performed using LD_TRACE_LOADED_OBJECTS on Linux, Solaris and UnixWare.
On HPUX it's performed using _HP_DLDOPTS="-ldd". On Irix it's a little more
complicated, check out rld(5). For other platforms (especially everyone's
favourite, AIX), it can be totally different, though it does make sense
using these sorts of interfaces since they ask the one who really knows (i.e
the dynamic linker) exactly what's going on. Not all of the dynamic linkers
have the GNU style functionality to list symbol binding, Solaris however
works almost exactly as the GNU version does.
In regards to the original question of which tools can list ELF imports and
exports:
All/Linux:
- readelf, objdump
Solaris & Irix:
- elfdump
UnixWare & AIX:
- dump
Cheers,
Shaun
| |
| Markus Elfring 2004-05-12, 9:08 pm |
| > It seems as you want to take an executable and find out which
> functions (or symbols) it references in which library. Is that
> correct?
Yes, exactly.
| |
| Mohun Biswas 2004-05-12, 9:08 pm |
| Shaun Clowes wrote:
> Not all of the dynamic linkers
> have the GNU style functionality to list symbol binding, Solaris however
> works almost exactly as the GNU version does.
I think it would be a bit more precise to say that the GNU version works
almost exactly as the Solaris version does. The GNU/Linux developers
have generally taken SVR4/Solaris as the reference standard (which I
think was the right decision BTW), and specifically in the runtime
linker area. I'm pretty sure it's GNU emulating SVR4, not the other way.
--
Thanks,
M.Biswas
| |
| Markus Elfring 2004-05-12, 9:08 pm |
| > In regards to the original question of which tools can list ELF imports and
> exports:
>
> All/Linux:
> - readelf, objdump
> Solaris & Irix:
> - elfdump
> UnixWare & AIX:
> - dump
I want to get a table with the fields "function" and "library".
A command like "elfdump /bin/cat | grep FUNC" does not display the
informations in a format that I imagine for my purpose.
| |
| Shaun Clowes 2004-05-12, 9:08 pm |
|
"Markus Elfring" <Markus.Elfring@web.de> wrote in message
news:40ed1d8f.0405100645.f935051@posting.google.com...
and[color=darkred]
>
> I want to get a table with the fields "function" and "library".
> A command like "elfdump /bin/cat | grep FUNC" does not display the
> informations in a format that I imagine for my purpose.
Indeed, which is exactly why I suggested using LD_DEBUG=bindings. If you're
not on a platform that supports that then you'll have to hack something
together yourself using the output from ldd and the above tools. Even then,
you'll still be wrong because at run time someone could have modified the
libraries, set LD_LIBRARY_PATH, set LD_PRELOAD or all other manner of
interesting combinations.
The end result: except on AIX (sometimes) you can't definitively know which
lib will provide which sym when someone runs your program.
Cheers,
Shaun
| |
| Markus Elfring 2004-05-19, 4:31 am |
| > I want to check dependencies between shared libraries. (.dll or .so
> files)
I am looking for tools that deal with a specific aspect of static code
analysis and reverse engineering:
How often are which functions called?
|
|
|
|
|