Sponsored Links
-->

Saturday, July 28, 2018

UNIX 10. Procesy © Milan Keršláger - ppt stáhnout
src: slideplayer.cz

In computing, the Executable and Linkable Format (ELF, formerly named Extensible Linking Format), is a common standard file format for executable files, object code, shared libraries, and core dumps. First published in the specification for the application binary interface (ABI) of the Unix operating system version named System V Release 4 (SVR4), and later in the Tool Interface Standard, it was quickly accepted among different vendors of Unix systems. In 1999, it was chosen as the standard binary file format for Unix and Unix-like systems on x86 processors by the 86open project.

By design, the ELF format is flexible, extensible, and cross-platform. For instance it supports different endiannesses and address sizes so it does not exclude any particular central processing unit (CPU) or instruction set architecture. This has allowed it to be adopted by many different operating systems on many different hardware platforms.


Video Executable and Linkable Format



File layout

Each ELF file is made up of one ELF header, followed by file data. The data can include:

  • Program header table, describing zero or more memory segments
  • Section header table, describing zero or more sections
  • Data referred to by entries in the program header table or section header table

The segments contain information that is needed for run time execution of the file, while sections contain important data for linking and relocation. Any byte in the entire file can be owned by one section at most, and orphan bytes can occur which are unowned by any section.

File header

The ELF header defines whether to use 32- or 64-bit addresses. The header contains three fields that are affected by this setting and offset other fields that follow them. The ELF header is 52 or 64 bytes long for 32-bit and 64-bit binaries respectively.

Program header

The program header table tells the system how to create a process image. It is found at file offset e_phoff, and consists of e_phnum entries, each with size e_phentsize. The layout is slightly different in 32-bit ELF vs 64-bit ELF, because the p_flags are in a different structure location for alignment reasons. Each entry is structured as:

Section header


Maps Executable and Linkable Format



Tools

  • readelf is a Unix binary utility that displays information about one or more ELF files. A free software implementation is provided by GNU Binutils.
  • elfutils provides alternative tools to GNU Binutils purely for Linux.
  • elfdump is a command for viewing ELF information in an ELF file, available under Solaris and FreeBSD.
  • objdump provides a wide range of information about ELF files and other object formats. objdump uses the Binary File Descriptor library as a back-end to structure the ELF data.
  • The Unix file utility can display some information about ELF files, including the instruction set architecture for which the code in a relocatable, executable, or shared object file is intended, or on which an ELF core dump was produced.

dwarf format - Exper.orderingsystem.co
src: images.slideplayer.com


Applications

Unix-like systems

The ELF format has replaced older executable formats in various environments. It has replaced a.out and COFF formats in Unix-like operating systems:

  • Linux
  • Solaris
  • IRIX
  • FreeBSD
  • NetBSD
  • OpenBSD
  • Redox
  • DragonFly BSD
  • Syllable
  • HP-UX (except for 32-bit PA-RISC programs which continue to use SOM)
  • QNX Neutrino
  • MINIX

Non-Unix adoption

ELF has also seen some adoption in non-Unix operating systems, such as:

  • OpenVMS, in its Itanium and x86-64 versions
  • BeOS Revision 4 and later for x86 based computers (where it replaced the Portable Executable format; the PowerPC version stayed with Preferred Executable Format)
  • Haiku, an open source reimplementation of BeOS
  • RISC OS
  • Stratus VOS, in PA-RISC and x86 versions
  • Windows 10 Anniversary Update using the Windows Subsystem for Linux.
  • SkyOS
  • Fuchsia OS
  • Z/TPF
  • HPE NonStop OS

Game consoles

Some game consoles also use ELF:

  • PlayStation Portable, PlayStation Vita, PlayStation 2, PlayStation 3, PlayStation 4
  • GP2X
  • Dreamcast
  • Nintendo DS

PowerPC

Other (operating) systems running on PowerPC that use ELF:

  • AmigaOS 4, the ELF executable has replaced the prior Extended Hunk Format (EHF) which was used on Amigas equipped with PPC processor expansion cards.
  • MorphOS
  • AROS
  • GameCube, Wii, Wii U

Mobile phones

Some operating systems for mobile phones and mobile devices use ELF:

  • Symbian OS v9 uses E32Image format that is based on the ELF file format;
  • Sony Ericsson, for example, the W800i, W610, W300, etc.
  • Siemens, the SGOLD and SGOLD2 platforms: from Siemens C65 to S75 and BenQ-Siemens E71/EL71;
  • Motorola, for example, the E398, SLVR L7, v360, v3i (and all phone LTE2 which has the patch applied).
  • Bada, for example, the Samsung Wave S8500.
  • Nokia phones or tablets running the Maemo or the Meego OS, for example, the Nokia N900.
  • Android uses ELF .so (shared object) libraries for the Java Native Interface. With Android Runtime (ART), the default since Android 5.0 "Lollipop", all applications are compiled into native ELF binaries on installation.

Some phones can run ELF files through the use of a patch that adds assembly code to the main firmware, which is a feature known as ELFPack in the underground modding culture. The ELF file format is also used with the Atmel AVR (8-bit), AVR32 and with Texas Instruments MSP430 microcontroller architectures. Some implementations of Open Firmware can also load ELF files, most notably Apple's implementation used in almost all PowerPC machines the company produced.


Free Pascal App Tutorial 2 - Shrinking The Application File Size ...
src: i.ytimg.com


Specifications

The Linux Standard Base (LSB) supplements some of the above specifications for architectures in which it is specified. For example, that is the case for the System V ABI, AMD64 Supplement.


What a successful exploit of a Linux server looks like | Ars Technica
src: cdn.arstechnica.net


86open

86open was a project to form consensus on a common binary file format for Unix and Unix-like operating systems on the common PC compatible x86 architecture, to encourage software developers to port to the architecture. The initial idea was to standardize on a small subset of Spec 1170, a predecessor of the Single UNIX Specification, and the GNU C Library (glibc) to enable unmodified binaries to run on the x86 Unix-like operating systems. The project was originally designated "Spec 150".

The format eventually chosen was ELF, specifically the Linux implementation of ELF, after it had turned out to be a de facto standard supported by all involved vendors and operating systems.

The group began email discussions in 1997 and first met together at the Santa Cruz Operation offices on August 22, 1997.

The steering committee was Marc Ewing, Dion Johnson, Evan Leibovitch, Bruce Perens, Andrew Roach, Bryan Sparks and Linus Torvalds. Other people on the project were Keith Bostic, Chuck Cranor, Michael Davidson, Chris G. Demetriou, Ulrich Drepper, Don Dugger, Steve Ginzburg, Jon "maddog" Hall, Ron Holt, Jordan Hubbard, Dave Jensen, Kean Johnston, Andrew Josey, Robert Lipe, Bela Lubkin, Tim Marsland, Greg Page, Ronald Joe Record, Tim Ruckle, Joel Silverstein, Chia-pi Tien, and Erik Troan. Operating systems and companies represented were BeOS, BSDI, FreeBSD, Intel, Linux, NetBSD, SCO and SunSoft, Inc..

The project progressed and in mid-1998, SCO began developing lxrun, an open-source compatibility layer able to run Linux binaries on OpenServer, UnixWare, and Solaris. SCO announced official support of lxrun at LinuxWorld in March 1999. Sun Microsystems began officially supporting lxrun for Solaris in early 1999, and later moved to integrated support of the Linux binary format via Solaris Containers for Linux Applications.

With the BSDs having long supported Linux binaries (through a compatibility layer) and the main x86 Unix vendors having added support for the format, the project decided that Linux ELF was the format chosen by the industry and "declare[d] itself dissolved" on July 25, 1999.


Unipanel bouwpanelen. Superieur aan hout, in elk opzicht. | BPG ...
src: i.pinimg.com


FatELF: universal binaries for Linux

FatELF is an ELF binary-format extension that adds fat binary capabilities. It is aimed for Linux and other Unix-like operating systems. Additionally to the CPU architecture abstraction (byte order, word size, CPU instruction set etc.), there is the potential advantage of software-platform abstraction e.g., binaries which support multiple kernel ABI versions. As of 2014, support for FatELF is not integrated in the Linux kernel mainline.


Android Malware Appears Linked to Lazarus Cybercrime Group
src: securingtomorrow.mcafee.com


See also

  • Application binary interface
  • Comparison of executable file formats
  • DWARF - a format for debugging data
  • Intel Binary Compatibility Standard
  • Portable Executable
  • vDSO - virtual DSO

Computer Icons Smiley Emoticon Clip art - Happy Save Icon Format ...
src: icon.kisspng.com


References


Code in
src: i.stack.imgur.com


Further reading


Malware Forensics Research Blog
src: 2.bp.blogspot.com


External links

Source of article : Wikipedia