5

I was working through my C programs, I am new to Linux/UNIX development and was having a look around.

I created a simple C program of Hello world and was inspecting the compilation process.

I tried to read the file header of the final executable and got the Output as this

$ objdump -f my_output
file format elf32-i386
architecture: i386, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x08048320**

I understand the elf32-i386 part but I am not pretty sure with the other portions of the header.

is D_PAGED somehow related to demand paging? and what does EXEC_P, HAS_SYSMS mean? is start address , the logical address of main() of the program?

Improve this question
4
  • Close: stackoverflow.com/questions/5235844/… libbfd is I presume used by objdump, so those flags values are not part of the header, they're part of objdump's assessment. Commented May 3, 2013 at 18:17
  • thanks @goldilocks got the answer, but still some details would be appreciated Commented May 3, 2013 at 18:34
  • I don't have much more than that for you, but the symbol table (HAS_SYMS) is necessary for dynamic linking. You may find this interesting: wiki.osdev.org/ELF Commented May 3, 2013 at 18:52
  • BTW in my first comment by "Close:" I meant "closely related", not "close this it's a duplicate". Just noticed that might be misinterpreted. Happy coding :) Commented May 3, 2013 at 20:26

1 Answer 1

Reset to default
1

The flags in the output are BFD - Binary File Descriptors. They're part of the binutils package, you can read what the flags mean if you look in the bfd header file /usr/include/bfd.h for their meaning or here.

The reference to the "flags" 0x00000112 is what's called a flag field. It's binary and each bit represents a particular feature, a one means the flag is on, or set, and a zero means it's not. Also note that the "0x..." means it's a hexidecimal value so if you convert it from HEX to BIN:

0x00000112 = 0001 0001 0010 in binary.

So the flags that correspond to the 2nd, 5th, and 9th bits in the flag field are set. Those are the flags that are being shown by name in the 3rd line of output from the objdump command.

Meaning of Flags

The 3 flags that your executable has are pretty standard. Read the bits from right to left!

1st bit - 0000 0000 0010

  /* BFD is directly executable.  */
#define EXEC_P         0x02

2nd bit - 0000 0001 0000

  /* BFD has symbols.  */
#define HAS_SYMS       0x10

3rd bit - 0001 0000 0000

  /* BFD is dynamically paged (this is like an a.out ZMAGIC file) (the
     linker sets this by default, but clears it for -r or -n or -N).  */
#define D_PAGED        0x100

So the take aways:

  • this is an executable file
  • it includes a symbol table if you want to debug it using Gnu Debugger, gdb, so the functions will have meaningful names
  • the executable is dynamically linked to the standard libraries such as glibc etc.

Start Address

The last line, start address ..., is as you guessed it, where the actual .CODE starts for the executable.

Improve this answer
2
  • my system didn't have any file called bfd.h in /usr/include/ but i got the details through the link. \m/ Commented May 4, 2013 at 11:34
  • You might not have the binutils-devel package installed. That's the name of it on my Fedora system. Might be a slightly different package name on Ubuntu/Debian. Commented May 4, 2013 at 11:37

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.