内核本身和内核模块有哪些ELF类型?

tag-icon tag-icon linux linux-kernel kernel-modules elf
内核本身和内核模块有哪些ELF类型?

https://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/

类型字段告诉我们该文件的用途是什么。有几种常见的文件类型。

CORE (value 4)
DYN (Shared object file), for libraries (value 3)
EXEC (Executable file), for binaries (value 2)
REL (Relocatable file), before linked into an executable file (value 1)

...

一个常见的误解是 ELF 文件仅适用于二进制文件或可执行文件。我们已经看到它们可以用于部分片段(目标代码)。另一个例子是共享库甚至核心转储(那些核心或 a.out 文件)。 ELF 规范也用于 Linux 上的内核本身和 Linux 内核模块。

内核本身和内核模块有哪些ELF类型?

您能否给出一些内核本身和内核模块的文件示例,供我尝试file?我使用的是 Ubuntu 18.04。

谢谢。

答案1

你可以自己去了解一下:

对于模块,请查看/lib/modules/$(uname -r)/kernel/.../*.ko

$ file xfs.ko 
xfs.ko: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), BuildID[sha1]=bcb5e287509cedbb0c5ece383e0b97fb99e4781e, not stripped

$ readelf -h xfs.ko 
ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              REL (Relocatable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x0
  Start of program headers:          0 (bytes into file)
  Start of section headers:          1829088 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           0 (bytes)
  Number of program headers:         0
  Size of section headers:           64 (bytes)
  Number of section headers:         45
  Section header string table index: 44

对于内核,一种简单的方法是编译内核并查看 vmlinux:

$ file vmlinux
vmlinux: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=eaf006a7ccfedbc40a6feddb04088bdb2ef0112f, with debug_info, not stripped

$ readelf -h vmlinux
ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x1000000
  Start of program headers:          64 (bytes into file)
  Start of section headers:          171602920 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         5
  Size of section headers:           64 (bytes)
  Number of section headers:         43
  Section header string table index: 42

答案2

对于大多数 Linux 发行版,内核存储/boot为压缩文件bz图像。可以使用脚本( Ubuntu 系统上的软件包extract-vmlinux提供)对其进行解压。linux-headers在 Ubuntu 16.04 中,我可以通过运行以下命令来确定 4.4.0 内核的 ELF 类型:

$ sudo /usr/src/linux-headers-4.4.0-127/scripts/extract-vmlinux /boot/vmlinuz-4.4.0-127-generic > /tmp/vmlinux &&
readelf -h /tmp/vmlinux | grep Type

Type:                              EXEC (Executable file)

相关内容