1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Shared object file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x0
Start of program headers: 64 (bytes into file)
Start of section headers: 6665504 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 9
Size of section headers: 64 (bytes)
Number of section headers: 26
Section header string table index: 25
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .note.gnu.bu[...] NOTE 0000000000000238 00000238
0000000000000024 0000000000000000 A 0 0 4
[ 2] .gnu.hash GNU_HASH 0000000000000260 00000260
00000000000000b8 0000000000000000 A 3 0 8
[ 3] .dynsym DYNSYM 0000000000000318 00000318
0000000000000468 0000000000000018 A 4 1 8
[ 4] .dynstr STRTAB 0000000000000780 00000780
000000000000024a 0000000000000000 A 0 0 1
[ 5] .gnu.version VERSYM 00000000000009ca 000009ca
000000000000005e 0000000000000002 A 3 0 2
[ 6] .gnu.version_r VERNEED 0000000000000a28 00000a28
0000000000000060 0000000000000000 A 4 1 8
[ 7] .rela.dyn RELA 0000000000000a88 00000a88
00000000001c5b10 0000000000000018 A 3 0 8
[ 8] .rela.plt RELA 00000000001c6598 001c6598
00000000000001c8 0000000000000018 AI 3 21 8
[ 9] .init PROGBITS 00000000001c7000 001c7000
0000000000000017 0000000000000000 AX 0 0 4
[10] .plt PROGBITS 00000000001c7020 001c7020
0000000000000140 0000000000000010 AX 0 0 16
[11] .plt.got PROGBITS 00000000001c7160 001c7160
0000000000000008 0000000000000008 AX 0 0 8
[12] .text PROGBITS 00000000001c7170 001c7170
00000000000b6efe 0000000000000000 AX 0 0 16
[13] .fini PROGBITS 000000000027e070 0027e070
0000000000000009 0000000000000000 AX 0 0 4
[14] .rodata PROGBITS 000000000027f000 0027f000
0000000000219820 0000000000000000 A 0 0 32
[15] .eh_frame_hdr PROGBITS 0000000000498820 00498820
0000000000001db4 0000000000000000 A 0 0 4
[16] .eh_frame PROGBITS 000000000049a5d8 0049a5d8
000000000000c930 0000000000000000 A 0 0 8
[17] .init_array INIT_ARRAY 00000000004a7db0 004a7db0
0000000000000008 0000000000000008 WA 0 0 8
[18] .fini_array FINI_ARRAY 00000000004a7db8 004a7db8
0000000000000008 0000000000000008 WA 0 0 8
[19] .data.rel.ro PROGBITS 00000000004a7dc0 004a7dc0
0000000000146dc0 0000000000000000 WA 0 0 32
[20] .dynamic DYNAMIC 00000000005eeb80 005eeb80
00000000000001f0 0000000000000010 WA 4 0 8
[21] .got PROGBITS 00000000005eed70 005eed70
0000000000000278 0000000000000008 WA 0 0 8
[22] .data PROGBITS 00000000005ef000 005ef000
000000000006c400 0000000000000000 WA 0 0 32
[23] .bss NOBITS 000000000065b400 0065b400
0000000000000748 0000000000000000 WA 0 0 32
[24] .gnu_debuglink PROGBITS 0000000000000000 0065b400
0000000000000034 0000000000000000 0 0 4
[25] .shstrtab STRTAB 0000000000000000 0065b434
00000000000000eb 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
D (mbind), l (large), p (processor specific)
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x00000000001c6760 0x00000000001c6760 R 0x1000
LOAD 0x00000000001c7000 0x00000000001c7000 0x00000000001c7000
0x00000000000b7079 0x00000000000b7079 R E 0x1000
LOAD 0x000000000027f000 0x000000000027f000 0x000000000027f000
0x0000000000227f08 0x0000000000227f08 R 0x1000
LOAD 0x00000000004a7db0 0x00000000004a7db0 0x00000000004a7db0
0x00000000001b3650 0x00000000001b3d98 RW 0x1000
DYNAMIC 0x00000000005eeb80 0x00000000005eeb80 0x00000000005eeb80
0x00000000000001f0 0x00000000000001f0 RW 0x8
NOTE 0x0000000000000238 0x0000000000000238 0x0000000000000238
0x0000000000000024 0x0000000000000024 R 0x4
GNU_EH_FRAME 0x0000000000498820 0x0000000000498820 0x0000000000498820
0x0000000000001db4 0x0000000000001db4 R 0x4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x10
GNU_RELRO 0x00000000004a7db0 0x00000000004a7db0 0x00000000004a7db0
0x0000000000147250 0x0000000000147250 R 0x1
Section to Segment mapping:
Segment Sections...
00 .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt
01 .init .plt .plt.got .text .fini
02 .rodata .eh_frame_hdr .eh_frame
03 .init_array .fini_array .data.rel.ro .dynamic .got .data .bss
04 .dynamic
05 .note.gnu.build-id
06 .eh_frame_hdr
07
08 .init_array .fini_array .data.rel.ro .dynamic .got
Dynamic section at offset 0x5eeb80 contains 27 entries:
Tag Type Name/Value
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
0x000000000000000e (SONAME) Library soname: [libcapstone.so.4]
0x000000000000000c (INIT) 0x1c7000
0x000000000000000d (FINI) 0x27e070
0x0000000000000019 (INIT_ARRAY) 0x4a7db0
0x000000000000001b (INIT_ARRAYSZ) 8 (bytes)
0x000000000000001a (FINI_ARRAY) 0x4a7db8
0x000000000000001c (FINI_ARRAYSZ) 8 (bytes)
0x000000006ffffef5 (GNU_HASH) 0x260
0x0000000000000005 (STRTAB) 0x780
0x0000000000000006 (SYMTAB) 0x318
0x000000000000000a (STRSZ) 586 (bytes)
0x000000000000000b (SYMENT) 24 (bytes)
0x0000000000000003 (PLTGOT) 0x5eed70
0x0000000000000002 (PLTRELSZ) 456 (bytes)
0x0000000000000014 (PLTREL) RELA
0x0000000000000017 (JMPREL) 0x1c6598
0x0000000000000007 (RELA) 0xa88
0x0000000000000008 (RELASZ) 1858320 (bytes)
0x0000000000000009 (RELAENT) 24 (bytes)
0x000000000000001e (FLAGS) BIND_NOW
0x000000006ffffffb (FLAGS_1) Flags: NOW
0x000000006ffffffe (VERNEED) 0xa28
0x000000006fffffff (VERNEEDNUM) 1
0x000000006ffffff0 (VERSYM) 0x9ca
0x000000006ffffff9 (RELACOUNT) 77421
0x0000000000000000 (NULL) 0x0
