Linux Commands

Understanding the Readelf Linux Command

2 years ago
by Denis Kariuki
When working with different programs and compilers like the gcc, you often end up compiling the programs in a binary format that are executable. The object file generated is only understandable by the machine, and the only way that humans can work and understand its contents is by using the readelf command. With readelf, you can extract the information from the ELF (Executable and Linkable Format) files. The readelf program is almost similar to the objdump. But with readelf, you get more specific details and unlike objdump, it doesn’t rely on the BFD library.

Working with the Readelf Linux Command

Before you start using the readelf command, install it using the following command:

$ sudo apt install binutils

Once installed, you can open its help page by typing its name on the terminal.

$ readelf

There are different options to use with readelf. We will try to cover most of them using the examples. First, ensure that you have an ELF file to use for the sample.

For our example, we will use a C program code that we will compile with gcc to convert it to ELF, as shown in the following:

Use the following syntax to verify that the file is in ELF format.

$ file file-name

If the file is ELF, it should return as ELF in its output, as shown in the following image:

Displaying the ELF File’s Headers

The readelf offers the -h flag which lists all the headers in the specified ELF. In our case, we can list all the headers in the elf-file1 as shown in the following:

$ readelf -h elf-file1

Displaying the ELF Program Headers

If you wish to view the program headers of the file, use the -l flag.

Similarly, you can get the section headers using the -S flag. The output shows the different sections contained in the address space of the processes:

Displaying the Symbol Table

An ELF file contains symbol tables. You can extract their information using the -s flag.

You can note the different entries in the symbol table sections of your file like in the previous output.

Furthermore, it’s possible to narrow down the output and specify which section among the section headers to get its details. The syntax for this is:

$ readelf -p [section-name] [file-name]

For instance, let’s use the .strtab.

Our output would be:

The previous output is more understandable and specific for the section.

Displaying the Core Notes

If the file has any NOTE segments or sections, the -n flag displays the contents. You can use it like in the following example image:

Some of the contents displayed include the owner details and the data size.

Displaying the Histogram

You can represent the bucket list lengths in a histogram when displaying the symbol table’s contents. The -I option is used or –histogram.

Displaying the Relocation Section

If the ELF file has relocation sections, you can get the contents using the -r or –relocs flag.

Also, if the file has any dynamic sections, the section’s contents can be retrieved using the -d flag.

The contents include the tag, the type, and the name or value for each content.

The amount of information about the ELF file that you can extract using the readelf Linux command is endless. The man page offers multiple options that you can use for different tasks. All you need is to look for one option that achieves what you intend and use it for.

Conclusion

We covered the readelf Linux command, how to install it, and how to get started using the tool. If you are looking for a tool to display the different information about ELF files, readelf is perfect for the job. It has plenty of options and the good thing is that it’s easy to use, as we’ve seen in the given examples. Try it out!

About the author

Denis Kariuki

Denis is a Computer Scientist with a passion for Networking and Cyber Security. I love the terminal, and using Linux is a hobby. I am passionate about sharing tips and ideas about Linux and computing.

View all posts