Clever Geek Handbook

Search for strings in a text section

I have an example of the following code:

Foo( "Test1" );

void Foo(const char* const i_Test )
{
     // Some logic
}

Pointer i_Test

in Foo()

contains a pointer to string in .rodata section

.

Is there a way to look up a pointer value i_Text

in a binary to find a related string? Or can I create any debug information with a help gcc

that will contain this information?

+3


source to share


2 answers


If you're talking about the ELF file format , constant strings are stored in the .rodata strong> (read-only) section . Basically, only the instructions (codes) of your program are stored in the .text section in this binary. You can examine these sections using an object dump program (such as objdump ) as follows:

objdump -drS program.o           // to see .text section of your program

objdump -s -j .rodata program.o  // to see .rodata section of your program


In the above example, the code "Test1"

that you pass to your function Foo

will be treated as a constant string by the compiler. This way, you can find its relative memory address before starting loading, and the pointer i_Test

will point to that constant string. However, if you have compiled your code as an independent position (using an option -fPIC

in gcc ), you may also find out that the compiler will add a writable attribute to this read-only section of the .rodata. Alternatively, you can also use the readelf binary utility to display detailed information about your ELF object files.

More information on the ELF file format can be found in here

+2


source


Actually, constant strings are not stored in the .text section, but in the .rodata section.

To see all your persistent lines, you can run:

readelf -S ./[your binary file]

Notice the section number for the .rodata section from the above output



readelf -p [.rodata section number you got before] ./[your binary name]

This command prints all lines within a section, since lines are constant data, you will get all lines in the file. You can also change these lines by calculating the address of the .rodata section and the offset within it, but it's much easier for me to open a hex editor, search for a string, and manipulate it (assuming I don't go to a longer string)

EDIT

You can use readelf -p .rodata

directly instead of specifying the section number

+1


source






More articles:


All Articles