readelf | Linux-Cli-Tutorial(by Saman Khalife)

Linux-Cli-Tutorial(by Saman Khalife)

readelf

The readelf command in Linux is used to display information about ELF (Executable and Linking Format) files. This can be useful for debugging, troubleshooting, and reverse engineering ELF files.

The readelf command is used in the following syntax:

The file is the ELF file to display information about.

The options can be used to specify the following:

-a : Display all available information about the ELF file.
-h : Display the ELF header information.
-l : Display the section header information.
-s : Display the symbol table information.

For example, to display all available information about the ELF file myfile, you would run the following command:

This command will display all available information about the ELF file myfile, including the ELF header information, the section header information, and the symbol table information.

To display the ELF header information for the ELF file myfile, you would run the following command:

This command will display the ELF header information for the ELF file myfile, including the file type, the machine type, the ELF version, and the entry point address.

To display the section header information for the ELF file myfile, you would run the following command:

This command will display the section header information for the ELF file myfile, including the section name, the section type, the section flags, and the section size.

To display the symbol table information for the ELF file myfile, you would run the following command:

This command will display the symbol table information for the ELF file myfile, including the symbol name, the symbol value, and the symbol type.

The readelf command is a versatile tool that can be used to display information about ELF files. It is a powerful tool for debugging, troubleshooting, and reverse engineering ELF files.

Here are some additional things to note about the readelf command:

The readelf command can be used to display information about all types of ELF files, including executables, shared libraries, and core dumps.
The readelf command can be used to display information about the ELF header, the section headers, and the symbol table.
The readelf command can be used to debug, troubleshoot, and reverse engineer ELF files.
The readelf command is a powerful tool that is supported by most Linux distributions.

help

breakdown

Usage: readelf <option(s)> elf-file(s)
 Display information about the contents of ELF format files
 Options are:
  -a --all               Equivalent to: -h -l -S -s -r -d -V -A -I
  -h --file-header       Display the ELF file header
  -l --program-headers   Display the program headers
     --segments          An alias for --program-headers
  -S --section-headers   Display the sections' header
     --sections          An alias for --section-headers
  -g --section-groups    Display the section groups
  -t --section-details   Display the section details
  -e --headers           Equivalent to: -h -l -S
  -s --syms              Display the symbol table
     --symbols           An alias for --syms
     --dyn-syms          Display the dynamic symbol table
     --lto-syms          Display LTO symbol tables
     --sym-base=[0|8|10|16] 
                         Force base for symbol sizes.  The options are 
                         mixed (the default), octal, decimal, hexadecimal.
  -C --demangle[=STYLE]  Decode mangled/processed symbol names
                           STYLE can be "none", "auto", "gnu-v3", "java",
                           "gnat", "dlang", "rust"
     --no-demangle       Do not demangle low-level symbol names.  (default)
     --recurse-limit     Enable a demangling recursion limit.  (default)
     --no-recurse-limit  Disable a demangling recursion limit
     -U[dlexhi] --unicode=[default|locale|escape|hex|highlight|invalid]
                         Display unicode characters as determined by the current locale
                          (default), escape sequences, "<hex sequences>", highlighted
                          escape sequences, or treat them as invalid and display as
                          "{hex sequences}"
  -n --notes             Display the core notes (if present)
  -r --relocs            Display the relocations (if present)
  -u --unwind            Display the unwind info (if present)
  -d --dynamic           Display the dynamic section (if present)
  -V --version-info      Display the version sections (if present)
  -A --arch-specific     Display architecture specific information (if any)
  -c --archive-index     Display the symbol/file index in an archive
  -D --use-dynamic       Use the dynamic section info when displaying symbols
  -L --lint|--enable-checks
                         Display warning messages for possible problems
  -x --hex-dump=<number|name>
                         Dump the contents of section <number|name> as bytes
  -p --string-dump=<number|name>
                         Dump the contents of section <number|name> as strings
  -R --relocated-dump=<number|name>
                         Dump the relocated contents of section <number|name>
  -z --decompress        Decompress section before dumping it
  -w --debug-dump[a/=abbrev, A/=addr, r/=aranges, c/=cu_index, L/=decodedline,
                  f/=frames, F/=frames-interp, g/=gdb_index, i/=info, o/=loc,
                  m/=macro, p/=pubnames, t/=pubtypes, R/=Ranges, l/=rawline,
                  s/=str, O/=str-offsets, u/=trace_abbrev, T/=trace_aranges,
                  U/=trace_info]
                         Display the contents of DWARF debug sections
  -wk --debug-dump=links Display the contents of sections that link to separate
                          debuginfo files
  -P --process-links     Display the contents of non-debug sections in separate
                          debuginfo files.  (Implies -wK)
  -wK --debug-dump=follow-links
                         Follow links to separate debug info files (default)
  -wN --debug-dump=no-follow-links
                         Do not follow links to separate debug info files
  --dwarf-depth=N        Do not display DIEs at depth N or greater
  --dwarf-start=N        Display DIEs starting at offset N
  --ctf=<number|name>    Display CTF info from section <number|name>
  --ctf-parent=<name>    Use CTF archive member <name> as the CTF parent
  --ctf-symbols=<number|name>
                         Use section <number|name> as the CTF external symtab
  --ctf-strings=<number|name>
                         Use section <number|name> as the CTF external strtab
  -I --histogram         Display histogram of bucket list lengths
  -W --wide              Allow output width to exceed 80 characters
  -T --silent-truncation If a symbol name is truncated, do not add [...] suffix
  @<file>                Read options from <file>
  -H --help              Display this information
  -v --version           Display the version number of readelf
Report bugs to <https://sourceware.org/bugzilla/>