to understand the concept of relocation, i wrote a simple chk.c program as follows :
1 #include<stdio.h>
2 main(){
3 int x,y,sum;
4 x = 3;
5 y = 4;
6 sum = x + y;
7 printf("sum = %d\n",sum);
8 }
its equivalent assembly code, using “objdump -d chk.o” is :
00000000 <main>:
0: 55 push %ebp
1: 89 e5 mov %esp,%ebp
3: 83 e4 f0 and $0xfffffff0,%esp
6: 83 ec 20 sub $0x20,%esp
9: c7 44 24 1c 03 00 00 movl $0x3,0x1c(%esp)
10: 00
11: c7 44 24 18 04 00 00 movl $0x4,0x18(%esp)
18: 00
19: 8b 44 24 18 mov 0x18(%esp),%eax
1d: 8b 54 24 1c mov 0x1c(%esp),%edx
21: 8d 04 02 lea (%edx,%eax,1),%eax
24: 89 44 24 14 mov %eax,0x14(%esp)
28: b8 00 00 00 00 mov $0x0,%eax
2d: 8b 54 24 14 mov 0x14(%esp),%edx
31: 89 54 24 04 mov %edx,0x4(%esp)
35: 89 04 24 mov %eax,(%esp)
38: e8 fc ff ff ff call 39 <main+0x39>
3d: c9 leave
3e: c3 ret
and .rel.text section seen using readelf is as follows :
Relocation section '.rel.text' at offset 0x360 contains 2 entries:
Offset Info Type Sym.Value Sym. Name
00000029 00000501 R_386_32 00000000 .rodata
00000039 00000902 R_386_PC32 00000000 printf
i have following questions based on this :
1) from 2nd entry in .rel.text section, i am able to understand that value at offset 0x39 in .text section (which is 0xfcffffff here) has to be replaced with address of a symbol associated with index 9 of symbol table (& that comes out to be printf). But i am not able to clearly understand the meaning of 0x02 (ELF32_R_TYPE) here. What does R_386_PC32 specify here ? Can anyone please explain its meaning clearly.
2) i am also not able to understand the 1st entry. what needs to be replaced at offset of 0x29 in .text section and why is not clear here. Again i want to know the meaning of R_386_32 here. i found one pdf elf_format.pdf, but i am not able to clearly understand the meaning of “Type” in .rel.text section from that.
3) Also i want to know the meaning of assembly inst “lea (%edx,%eax,1),%eax”. Though i found a very good link (What's the purpose of the LEA instruction?) describing the meaning of lea, but the format of lea (what are 3 arg’s inside brackets) is not clear.
if anyone can clearly explain the answers of above questions, it will be greatly appreciated. i am still struggling to find the answers to these questions,though i have tried a lot with google.
one more question. i have shown the symbol table entries for both offset 5 and 9 below.
Num: Value Size Type Bind Vis Ndx Name
5: 00000000 0 SECTION LOCAL DEFAULT 5
9: 00000000 0 NOTYPE GLOBAL DEFAULT UND printf'
The info field for the first entry in .rel.text table is 0x05 which indicates the index of symbol table. I have shown the symbol table entry for index 5 above, but not able to understand how that tells us that it is for .rodata .
1), 2):
R_386_32is a relocation that places the absolute 32-bit address of the symbol into the specified memory location.R_386_PC32is a relocation that places the PC-relative 32-bit address of the symbol into the specified memory location.R_386_32is useful for static data, as shown here, since the compiler just loads the relocated symbol address into some register and then treats it as a pointer.R_386_PC32is useful for function references since it can be used as an immediate argument tocall. See elf_machdep.c for an example of how the relocations are processed.3)
lea (%edx,%eax,1),%eaxmeans simply%eax = %edx + 1*%eaxif expressed in C syntax. Here, it’s basically being used as a substitute for theaddopcode.EDIT: Here’s an example.
Suppose your code gets loaded into memory starting at 0x401000, that the string
"sum = %d\n"ends up at 0x401800 (at the start of the.rodatasection), and thatprintfis at 0x1400ab80, in libc.Then, the
R_386_32relocation at 0x29 will place the bytes00 18 40 00at 0x401029 (simply copying the absolute address of the symbol), making the instruction at 0x401028The
R_386_PC32relocation at 0x39 places the bytes43 9b c0 13at 0x401039 (the value 0x1400ab80 – 0x40103d = 0x13c09b43 in hex), making that instructionWe subtract 0x40103d to account for the value of %pc (which is the address of the instruction after
call).