Kindle Notes & Highlights
The text segment (also known as the code segment)
The text segment is READ+EXECUTE and the data segment is READ+WRITE, and
A section is not a segment.
every ELF object has sections, but not all ELF objects have section headers,
The .text section is a code section that contains program code instructions.
The rodata section contains read-only data such as strings from a line of C code, such as the following
.rodata within the range of the text segment (not the data segment).
it contains code necessary for the dynamic linker to call functions that are imported from shared libraries.
The bss section contains uninitialized global data as part of the data segment and therefore takes up no space on disk other than 4 bytes, which represents the section itself.
The dynsym section contains dynamic symbol information imported from shared libraries.
The dynstr section contains the string table for dynamic symbols that has the name of each symbol in a series of null terminated strings.
The hash section, sometimes called .gnu.hash, contains a hash table for symbol lookup.
So .symtab contains all of the symbols, whereas .dynsym contains just the dynamic/global symbols.
dynamically linked executable will always retain .dynsym but will discard .symtab if it is stripped, so only the imported library symbols will show up.
Relocation is the process of connecting symbolic references with symbolic definitions.
The relocation records for 32-bit ELF files are the same as for 64-bit, but
.text: 00000000 <func>
The ldd command will show you the shared library dependencies of a given executable.
PLT (procedure linkage table) and GOT (Global offset table)
__libc_dlopen_mode() to load your shared library into the process,
The __libc_dlsym() function can then be used to resolve symbols within your shared library.
The stub is generally compiled without any libc linkings
The function for loading shared objects is named dlopen, and the function for resolving symbols is named dlsym.
core files are not expected to have section headers but ECFS files do have section headers,
A directory listing in Linux (such as with ps or ls) uses the sys_getdents64 system call and the filldir64 kernel function.
