{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 淡お忘 的问题《In an ELF file, how does the address for _start ge》','https://www.manongdao.com/q-173357.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I've been reading the ELF specification and cannot figure out where the program entry point and _start address come from.
It seems like they should have to be in a pretty consistent place, but I made a few trivial programs, and _start is always in a different place.
Can anyone clarify?
The
_startsymbol may be defined in any object file. Normally it is generated automatically (it corresponds tomainin C). You can generate it yourself, for instance in an assembler source file:When the linker has processed all object files it looks for the
_startsymbol and puts its value in thee_entryfield of the elf header. The loader takes the address from this field and makes a call to it after it has finished loading all sections in memory and is ready to execute the file.Take a look at the linker script
ldis using:The format is documented at: https://sourceware.org/binutils/docs-2.25/ld/Scripts.html
It determines basically everything about how the executable will be generated.
On Binutils 2.24 Ubuntu 14.04 64-bit, it contains the line:
which sets the entry point to the
_startsymbol (goes to the ELF header as mentioned by ctn)And then:
which sets the address of the first headers to
0x400000+SIZEOF_HEADERS.I have modified that address to
0x800000, passed my custom script withld -Tand it worked:readelf -ssays that_startis at that address.Another way to change it is to use the
-Ttext-segment=0x800000option.The reason for using
0x400000= 4Mb =getconf PAGE_SIZEis to start at the beginning of the second page as asked at: Why is the ELF execution entry point virtual address of the form 0x80xxxxx and not zero 0x0?A question describes how to set
_startfrom the command line: Why is the ELF entry point 0x8048000 not changeable with the "ld -e" option?SIZEOF_HEADERSis the size of the ELF + program headers, which are at the beginning of the ELF file. That data gets loaded into the very beginning of the virtual memory space by Linux (TODO why?) In a minimal Linux x86-64 hello world with 2 program headers it is worth0xb0, so that the_startsymbol comes at 0x4000b0.I'm not sure but try this link http://www.docstoc.com/docs/23942105/UNIX-ELF-File-Format at page 8 it is shown where the entry point is if it is executable. Basically you need to calculate the offset and you got it. Make sure to remember the little endianness of x86 ( i guess you use it) and reorder if you read bytewise edit: or maybe not i'm not quit sure about this to be honest.