readelf command in Linux with Examples (original) (raw)
Last Updated : 3 Sep, 2024
When we compile source code, an object file is generated of the program and with the help of linker, this object files gets converted to a binary file which, only the machine can understand. This kind of file follows some structures one of which is **ELF(Executable and Linkable Format). And to get the information of these ELF files '**readelf' command is used.
Here, we will explore how to effectively use the 'readelf' command to work with ELF files in Linux.
What is the 'readelf' Command?
****'readelf'** is a command-line tool that allows you to view detailed information about ELF files. ELF is a common file format for executables, object code, shared libraries, and core dumps in Unix-based systems. The '**readelf' command provides insights into the structure of these files, displaying headers, sections, symbols, and other critical information needed for understanding and debugging ELF binaries.
Syntax:
readelf [options] elf_file
where,
- ****'[options]'**: Various command-line options that determine the output and level of detail displayed by '**readelf'.
- ****'elf_file'**: The ELF file to be analyzed.
Common Options for the 'readelf' Command
The '**readelf' command offers a variety of options to explore different aspects of ELF files. Here are some commonly used options:
| Option | Description |
|---|---|
| -h | Displays the ELF header, which contains key information about the file's structure. |
| -S | Lists all the sections in the ELF file, showing details about each section's address, size, type, and attributes. |
| -l | Displays the program headers, which describe the segments used at runtime. |
| -s | Shows the symbol table, including symbols defined and used in the ELF file. |
| -r | Displays the relocation sections, showing how the binary modifies itself at runtime. |
| -d | Displays the dynamic section, which contains information about dynamic linking. |
| -n | Displays core notes, which include metadata such as the build ID. |
| -V | Displays the version information of the '**readelf' command. |
| --help | Provides a help message listing all available options for the '**readelf' command. |
Working with readelf command and ELF files
Let's look into the practical examples of how to use the '**readelf' command to extract information from ELF files.
**1. To display help of readelf command.
$readelf
This displays the help section of the command containing all its parameters and their uses.
**2. To check whether a file is ELF file.
$file elf_file
If it prints ELF in the output then the file is an ELF file. **Note: In our case, file name is '**elf_file'.
**3. To generate a elf file using gcc compiler.
$gcc filename.c -o elf_file
The above command will generate an executable elffile. **Note: In our case, the name of file is filename.c and the name of elf file is '**elf_file'.
**4. To display file headers of a elf file.
$readelf -h elf_file
This will display the top-level headers of the elf file.
**Note: In our case, the name of elf file is '**elf_file'.
**5. To display information about the different sections of the process' address space.
$readelf -S elf_file
This will display the different sections of the process' address space.
**Note: In our case, the name of elf file is '**elf_file'.
**6. To display symbols table.
$readelf -s elf_file
This will display the symbols table of the file.
**Note: In our case, the name of elf file is '**elf_file'.
**7. To display core notes.
$readelf -n elf_files
This will display the core notes related to the file.
**Note: In our case, the name of elf file is '**elf_file'.
**8. To display relocation section.
$readelf -r elf_file
This will display the relocks(if present).
**Note: In our case, the name of elf file is '**elf_file'.
**9. To display the dynamic section.
$readelf -d elf_file
This will display the dynamic section of the file.
**Note: In our case, the name of elf file is elf_file.
**10. To get the version of the readelf command.
$readelf -v
This will display the version information of the '**readelf' command.
Conclusion
The '**readelf' command is a powerful tool for working with ELF files in Linux, providing deep insights into the structure and contents of executable binaries. Mastering '**readelf' is an essential skill for a developer debugging an application, a security professional conducting binary analysis, or a system administrator verifying software configurations.