Introduction to ELF format

For every great thing that we do in computing, we need formats, that way we can agree to work in the same parameters and build awesome stuff… well, when we are in Linux and we want to work with executables, object code, shared libraries or core dumps, the Executable and Linkable Format (ELF) comes into the game.

What is ELF?

So, in simple words, ELF is a standard format used by systems like BSD, Solaris, and of course GNU/Linux.

https://upload.wikimedia.org/wikipedia/commons/7/77/Elf-layout--en.svg

Why ELF?

Because with a unified format we can achieve communication between several libraries and count with the support of different endianness and get communication between different hardware.

What information can I find?

Generally, we can see 3 important groups:

• The object file architecture.
• Information about the segments or sections.
• List of symbols (If they exist).

One important thing to notice is that depending on the architecture each value of this information is going to be stored in a different number of bytes and organized in inner header tables.

https://upload.wikimedia.org/wikipedia/commons/thumb/e/e4/ELF_Executable_and_Linkable_Format_diagram_by_Ange_Albertini.png/1280px-ELF_Executable_and_Linkable_Format_diagram_by_Ange_Albertini.png

How to parse an ELF?

Thanks to the awesomeness of Linux we got all we need in

/usr/include/elf.h

torvalds/linux

Here we can find all the data structures defined for the ELF format.

Last, advise

If you get to this point and get curious I highly recommend checking these 3 commands and leave in the comments the interesting things you find and the applications in your field of expertise:

• readelf: Displays information about ELF files.
• nm: List symbols from object files
• objdump: Display information from object files.

Happy Hacking!!!