chris.bracken.jp

index.xml (54212B)

---

 <?xml version="1.0" encoding="utf-8" standalone="yes"?>
 <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
   <channel>
     <title>Software on Chris Bracken</title>
     <link>https://chris.bracken.jp/tags/software/</link>
     <description>Recent content in Software on Chris Bracken</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en</language>
     <managingEditor>chris@bracken.jp (Chris Bracken)</managingEditor>
     <webMaster>chris@bracken.jp (Chris Bracken)</webMaster>
     <lastBuildDate>Wed, 31 Oct 2018 00:00:00 +0000</lastBuildDate><atom:link href="https://chris.bracken.jp/tags/software/index.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Hand-decoding an ELF binary image</title>
       <link>https://chris.bracken.jp/2018/10/decoding-an-elf-binary/</link>
       <pubDate>Wed, 31 Oct 2018 00:00:00 +0000</pubDate>
       <author>chris@bracken.jp (Chris Bracken)</author>
       <guid>https://chris.bracken.jp/2018/10/decoding-an-elf-binary/</guid>
       <description>&lt;p&gt;While recovering from some dentistry the other day I figured I&amp;rsquo;d have a go at
 better understanding the ELF binary format. What better way to do that than to
 compile a small program and hand-decode the resulting binary with a hex editor
 and whatever ELF format spec I could find.&lt;/p&gt;
 &lt;h2 id=&#34;overview&#34;&gt;Overview&lt;/h2&gt;
 &lt;p&gt;Below, we&amp;rsquo;ll use &lt;code&gt;nasm&lt;/code&gt; to build a small assembly Hello World program to a
 64-bit ELF object file, then link that into an ELF executable with GNU &lt;code&gt;ld&lt;/code&gt;.
 Finally, we&amp;rsquo;ll run the resulting object file and binary image through &lt;code&gt;xxd&lt;/code&gt; and
 hand-decode the resulting hex.&lt;/p&gt;
 &lt;p&gt;The code and instructions below work on FreeBSD 11 on x86_64 hardware. For
 other operating systems, hardware, and toolchains, you&amp;rsquo;re on your own! I&amp;rsquo;d
 imagine this should all work just fine on Linux. If I get bored one day, I may
 redo this for Mach-O binaries on macOS.&lt;/p&gt;
 &lt;h2 id=&#34;helloasm&#34;&gt;hello.asm&lt;/h2&gt;
 &lt;p&gt;First we&amp;rsquo;ll bang up a minimal Hello World program in assembly. In the &lt;code&gt;.data&lt;/code&gt;
 section, we add a null-terminated string, &lt;code&gt;hello&lt;/code&gt;, and its length &lt;code&gt;hbytes&lt;/code&gt;. In
 the program text, we set up and execute the &lt;code&gt;write(stdout, hello, hbytes)&lt;/code&gt;
 syscall, then set up and execute an &lt;code&gt;exit(0)&lt;/code&gt; syscall.&lt;/p&gt;
 &lt;p&gt;Note that 64-bit FreeBSD, macOS, and Linux all use the SysV AMD64 calling
 convention. For calls against the kernel interface, the syscall number is
 stored in &lt;code&gt;rax&lt;/code&gt; and up to six parameters are passed, in order, in &lt;code&gt;rdi&lt;/code&gt;, &lt;code&gt;rsi&lt;/code&gt;,
 &lt;code&gt;rdx&lt;/code&gt;, &lt;code&gt;r10&lt;/code&gt;, &lt;code&gt;r8&lt;/code&gt;, &lt;code&gt;r9&lt;/code&gt;. For user calls, replace &lt;code&gt;r10&lt;/code&gt; with &lt;code&gt;rcx&lt;/code&gt; in this
 list, and pass further arguments on the stack. In all cases, the return value
 is passed through &lt;code&gt;rax&lt;/code&gt;.  More details can be found in section A.2.1 of the
 &lt;a href=&#34;https://software.intel.com/sites/default/files/article/402129/mpx-linux64-abi.pdf&#34;&gt;System V AMD64 ABI Reference&lt;/a&gt;.&lt;/p&gt;
 &lt;pre&gt;&lt;code&gt;; hello.asm
 
 %define stdin       0
 %define stdout      1
 %define stderr      2
 %define SYS_exit    1
 %define SYS_write   4
 
 %macro  system      1
         mov         rax, %1
         syscall
 %endmacro
 
 %macro  sys.exit    0
         system      SYS_exit
 %endmacro
 
 %macro  sys.write   0
         system      SYS_write
 %endmacro
 
 section  .data
     hello   db      &#39;Hello, World!&#39;, 0Ah
     hbytes  equ     $-hello
 
 section .text
 global  _start
 _start:
     mov         rdi, stdout
     mov         rsi, hello
     mov         rdx, hbytes
     sys.write
 
     xor         rdi,rdi
     sys.exit
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h2 id=&#34;compile-to-object-code&#34;&gt;Compile to object code&lt;/h2&gt;
 &lt;p&gt;Next, we&amp;rsquo;ll compile &lt;code&gt;hello.asm&lt;/code&gt; to a 64-bit ELF object file using &lt;code&gt;nasm&lt;/code&gt;:&lt;/p&gt;
 &lt;pre&gt;&lt;code&gt;% nasm -f elf64 hello.asm
 &lt;/code&gt;&lt;/pre&gt;
 &lt;p&gt;This emits &lt;code&gt;hello.o&lt;/code&gt;, an 880-byte ELF-64 object file. Since we haven&amp;rsquo;t yet run
 this through the linker, addresses of global symbols (in this case, &lt;code&gt;hello&lt;/code&gt;)
 are not yet known and thus left with address 0x0 placeholders. We can see this
 in the &lt;code&gt;movabs&lt;/code&gt; instruction at offset 0x15 of the &lt;code&gt;.text&lt;/code&gt; section below.&lt;/p&gt;
 &lt;p&gt;The relocation section (Section 6: &lt;code&gt;.rela.text&lt;/code&gt;) contains an entry for each
 symbolic reference that needs to be filled in by the linker. In this case
 there&amp;rsquo;s just a single entry for the symbol &lt;code&gt;hello&lt;/code&gt; (which points to our hello
 world string). The relocation table entry&amp;rsquo;s &lt;code&gt;r_offset&lt;/code&gt; indicates the address to
 replace is at an offset of 0x7 into the section of the associated symbol table
 entry. Its &lt;code&gt;r_info&lt;/code&gt; (0x0000000200000001) encodes a relocation type in its lower
 4 bytes (0x1: &lt;code&gt;R_AMD64_64&lt;/code&gt;) and the associated symbol table entry in its upper
 4 bytes (0x2, which, if we look it up in the symbol table is the &lt;code&gt;.text&lt;/code&gt;
 section).  The &lt;code&gt;r_addend&lt;/code&gt; field (0x0) specifies an additional adjustment to the
 substituted symbol to be applied at link time; specifically, for the
 &lt;code&gt;R_AMD64_64&lt;/code&gt;, the final address is computed as S + A, where S is the
 substituted symbol value (in our case, the address of &lt;code&gt;hello&lt;/code&gt;) and A is the
 addend (in our case, 0x0).&lt;/p&gt;
 &lt;p&gt;Without further ado, let&amp;rsquo;s dump the object file:&lt;/p&gt;
 &lt;pre&gt;&lt;code&gt;% xxd hello.o
 &lt;/code&gt;&lt;/pre&gt;
 &lt;p&gt;With whatever ELF64 &lt;a href=&#34;https://docs.oracle.com/cd/E19120-01/open.solaris/819-0690/index.html&#34;&gt;linker &amp;amp; loader guide&lt;/a&gt; we can find at hand,
 let&amp;rsquo;s get decoding this thing:&lt;/p&gt;
 &lt;h3 id=&#34;elf-header&#34;&gt;ELF Header&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000000: 7f45 4c46 0201 0100 0000 0000 0000 0000|  .ELF............
 |00000010: 0100 3e00 0100 0000 0000 0000 0000 0000|  ..&amp;gt;.............
 |00000020: 0000 0000 0000 0000 4000 0000 0000 0000|  ........@.......
 |00000030: 0000 0000 4000 0000 0000 4000 0700 0300|  ....@.....@.....
 
 e_ident[EI_MAG0..EI_MAG3]  0x7f + ELF          Magic
 e_ident[EI_CLASS]          0x02                64-bit
 e_ident[EI_DATA]           0x01                Little-endian
 e_ident[EI_VERSION]        0x01                ELF v1
 e_ident[EI_OSABI]          0x00                System V
 e_ident[EI_ABIVERSION]     0x00                Unused
 e_ident[EI_PAD]            0x00000000000000    7 bytes unused padding
 e_type                     0x0001              ET_REL
 e_machine                  0x003e              x86_64
 e_version                  0x00000001          Version 1
 e_entry                    0x0000000000000000  Entrypoint address (none)
 e_phoff                    0x0000000000000000  Program header table offset in image
 e_shoff                    0x0000000000000040  Section header table offset in image
 e_flags                    0x00000000          Architecture-dependent interpretation
 e_ehsize                   0x0040              Size of this ELF header (64B)
 e_phentsize                0x0000              Size of program header table entry
 e_phnum                    0x0000              Number of program header table entries
 e_shentsize                0x0040              Size of section header table entry (64B)
 e_shnum                    0x0007              Number of section header table entries
 e_shstrndx                 0x0003              Index of section header for .shstrtab
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-header-table-entry-0-null&#34;&gt;Section header table: Entry 0 (null)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000040: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 |00000050: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 |00000060: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 |00000070: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 
 sh_name                    0x00000000          Offset into .shstrtab
 sh_type                    0x00000000          SHT_NULL
 sh_flags                   0x0000000000000000  Section attributes
 sh_addr                    0x0000000000000000  Virtual address of section in memory
 sh_offset                  0x0000000000000000  Offset of section in file image
 sh_size                    0x0000000000000000  Size in bytes of section in file image
 sh_link                    0x00000000          Section index of associated section
 sh_info                    0x00000000          Extra info about section
 sh_addralign               0x0000000000000000  Alignment
 sh_entsize                 0x0000000000000000  Size in bytes of each entry
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-header-table-entry-1-data&#34;&gt;Section header table: Entry 1 (.data)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000080: 0100 0000 0100 0000 0300 0000 0000 0000|  ................
 |00000090: 0000 0000 0000 0000 0002 0000 0000 0000|  ................
 |000000a0: 0e00 0000 0000 0000 0000 0000 0000 0000|  ................
 |000000b0: 0400 0000 0000 0000 0000 0000 0000 0000|  ................
 
 sh_name                    0x00000001          Offset into .shstrtab
 sh_type                    0x00000001          SHT_PROGBITS
 sh_flags                   0x0000000000000003  SHF_WRITE | SHF_ALLOC
 sh_addr                    0x0000000000000000  Virtual address of section in memory
 sh_offset                  0x0000000000000200  Offset of section in file image
 sh_size                    0x000000000000000e  Size in bytes of section in file image
 sh_link                    0x00000000          Section index of associated section
 sh_info                    0x00000000          Extra info about section
 sh_addralign               0x0000000000000004  Alignment
 sh_entsize                 0x0000000000000000  Size in bytes of each entry
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-header-table-entry-2-text&#34;&gt;Section header table: Entry 2 (.text)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|000000c0: 0700 0000 0100 0000 0600 0000 0000 0000|  ................
 |000000d0: 0000 0000 0000 0000 1002 0000 0000 0000|  ................
 |000000e0: 2500 0000 0000 0000 0000 0000 0000 0000|  %...............
 |000000f0: 1000 0000 0000 0000 0000 0000 0000 0000|  ................
 
 sh_name                    0x00000007          Offset into .shstrtab
 sh_type                    0x00000001          SHT_PROGBITS
 sh_flags                   0x0000000000000006  SHF_ALLOC | SHF_EXECINSTR
 sh_addr                    0x0000000000000000  Virtual address of section in memory
 sh_offset                  0x0000000000000210  Offset of section in file image
 sh_size                    0x0000000000000025  Size in bytes of section in file image
 sh_link                    0x00000000          Section index of associated section
 sh_info                    0x00000000          Extra info about section
 sh_addralign               0x0000000000000001  Alignment
 sh_entsize                 0x0000000000000000  Size in bytes of each entry
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-header-table-entry-3-shstrtab&#34;&gt;Section header table: Entry 3 (.shstrtab)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000100: 0d00 0000 0300 0000 0000 0000 0000 0000|  ................
 |00000110: 0000 0000 0000 0000 4002 0000 0000 0000|  ........@.......
 |00000120: 3200 0000 0000 0000 0000 0000 0000 0000|  2...............
 |00000130: 0100 0000 0000 0000 0000 0000 0000 0000|  ................
 
 sh_name                    0x0000000d          Offset into .shstrtab
 sh_type                    0x00000003          SHT_STRTAB
 sh_flags                   0x0000000000000000  Section attributes
 sh_addr                    0x0000000000000000  Virtual address of section in memory
 sh_offset                  0x0000000000000240  Offset of section in file image
 sh_size                    0x0000000000000032  Size in bytes of section in file image
 sh_link                    0x00000000          Section index of associated section
 sh_info                    0x00000000          Extra info about section
 sh_addralign               0x0000000000000001  Alignment
 sh_entsize                 0x0000000000000000  Size in bytes of each entry
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-header-table-entry-4-symtab&#34;&gt;Section header table: Entry 4 (.symtab)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000140: 1700 0000 0200 0000 0000 0000 0000 0000|  ................
 |00000150: 0000 0000 0000 0000 8002 0000 0000 0000|  ................
 |00000160: a800 0000 0000 0000 0500 0000 0600 0000|  ................
 |00000170: 0800 0000 0000 0000 1800 0000 0000 0000|  ................
 
 sh_name                    0x00000017          Offset into .shstrtab
 sh_type                    0x00000002          SHT_SYMTAB
 sh_flags                   0x0000000000000000  Section attributes
 sh_addr                    0x0000000000000000  Virtual address of section in memory
 sh_offset                  0x0000000000000280  Offset of section in file image
 sh_size                    0x00000000000000a8  Size in bytes of section in file image
 sh_link                    0x00000005          Section index of associated section
 sh_info                    0x00000006          Extra info about section
 sh_addralign               0x0000000000000008  Alignment
 sh_entsize                 0x0000000000000018  Size in bytes of each entry
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-header-table-entry-5-strtab&#34;&gt;Section header table: Entry 5 (.strtab)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000180: 1f00 0000 0300 0000 0000 0000 0000 0000|  ................
 |00000190: 0000 0000 0000 0000 3003 0000 0000 0000|  ........0.......
 |000001a0: 1f00 0000 0000 0000 0000 0000 0000 0000|  ................
 |000001b0: 0100 0000 0000 0000 0000 0000 0000 0000|  ................
 
 sh_name                    0x0000001f          Offset into .shstrtab
 sh_type                    0x00000003          SHT_STRTAB
 sh_flags                   0x0000000000000000  Section attributes
 sh_addr                    0x0000000000000000  Virtual address of section in memory
 sh_offset                  0x0000000000000330  Offset of section in file image
 sh_size                    0x000000000000001f  Size in bytes of section in file image
 sh_link                    0x00000000          Section index of associated section
 sh_info                    0x00000000          Extra info about section
 sh_addralign               0x0000000000000001  Alignment
 sh_entsize                 0x0000000000000000  Size in bytes of each entry
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-header-table-entry-6-relatext&#34;&gt;Section header table: Entry 6 (.rela.text)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|000001c0: 2700 0000 0400 0000 0000 0000 0000 0000|  &#39;...............
 |000001d0: 0000 0000 0000 0000 5003 0000 0000 0000|  ........P.......
 |000001e0: 1800 0000 0000 0000 0400 0000 0200 0000|  ................
 |000001f0: 0800 0000 0000 0000 1800 0000 0000 0000|  ................
 
 sh_name                    0x00000027          Offset into .shstrtab
 sh_type                    0x00000004          SHT_RELA
 sh_flags                   0x0000000000000000  Section attributes
 sh_addr                    0x0000000000000000  Virtual address of section in memory
 sh_offset                  0x0000000000000350  Offset of section in file image
 sh_size                    0x0000000000000018  Size in bytes of section in file image
 sh_link                    0x00000004          Section index of associated section
 sh_info                    0x00000002          Extra info about section
 sh_addralign               0x0000000000000008  Alignment
 sh_entsize                 0x0000000000000018  Size in bytes of each entry
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-1-data-sht_progbits-shf_write--shf_alloc&#34;&gt;Section 1: .data (SHT_PROGBITS; SHF_WRITE | SHF_ALLOC)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000200: 4865 6c6c 6f2c 2057 6f72 6c64 210a 0000|  Hello, World!...
 
 0x000000  &#39;Hello, World!\n&#39;
 Zero-padding (2 bytes starting at 0x20e)
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-2-text-sht_progbits-shf_alloc--shf_execinstr&#34;&gt;Section 2: .text (SHT_PROGBITS; SHF_ALLOC | SHF_EXECINSTR)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000210: bf01 0000 0048 be00 0000 0000 0000 00ba|  .....H..........
 |00000220: 0e00 0000 b804 0000 000f 0548 31ff b801|  ...........H1...
 |00000230: 0000 000f 0500 0000 0000 0000 0000 0000|  ................
 
 0x00000010  mov       edi, 0x1
 0x00000015  movabs    rsi, 0x000000 (placeholder for db hello)
 0x0000001f  mov       edx, 0xe
 0x00000024  mov       eax, 0x4
 0x00400029  syscall
 0x0040002b  xor       rdi, rdi
 0x0040002e  mov       eax, 0x1
 0x00400033  syscall
 Zero-padding (11 bytes starting at 0x235)
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-3-shstrtab-sht_strtab&#34;&gt;Section 3: .shstrtab (SHT_STRTAB;)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000240: 002e 6461 7461 002e 7465 7874 002e 7368|  ..data..text..sh
 |00000250: 7374 7274 6162 002e 7379 6d74 6162 002e|  strtab..symtab..
 |00000260: 7374 7274 6162 002e 7265 6c61 2e74 6578|  strtab..rela.tex
 |00000270: 7400 0000 0000 0000 0000 0000 0000 0000|  t...............
 
 0x00000000: &#39;&#39;
 0x00000001: &#39;.data&#39;
 0x00000007: &#39;.text&#39;
 0x0000000d: &#39;.shstrtab&#39;
 0x00000017: &#39;.symtab&#39;
 0x0000001f: &#39;.strtab&#39;
 0x00000027: &#39;.rela.text&#39;
 Zero-padding (14 bytes starting at 0x272)
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-4-symtab-sht_symtab&#34;&gt;Section 4: .symtab&amp;rsquo; (SHT_SYMTAB;)&lt;/h3&gt;
 &lt;h4 id=&#34;symbol-table-entry-0&#34;&gt;Symbol table entry 0&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|00000280: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 |00000290: 0000 0000 0000 0000                    |  ........
 
 st_name                    0x00000000
 st_info                    0x00
 st_other                   0x00
 st_shndx                   0x0000 (SHN_UNDEF)
 st_value                   0x0000000000000000
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-1-helloasm&#34;&gt;Symbol table entry 1 (hello.asm)&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|00000298:                     0100 0000 0400 f1ff|          ........
 |000002a0: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 
 st_name                    0x00000001
 st_info                    0x04 (STT_FILE)
 st_other                   0x00
 st_shndx                   0xfff1 (SHN_ABS)
 st_value                   0x0000000000000000
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-2&#34;&gt;Symbol table entry 2&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|000002b0: 0000 0000 0300 0100 0000 0000 0000 0000|  ................
 |000002c0: 0000 0000 0000 0000                    |  ........
 
 st_name                    0x00000000
 st_info                    0x03 (STT_OBJECT | STT_FUNC)
 st_other                   0x00
 st_shndx                   0x0001 (Section 1: .data)
 st_value                   0x0000000000000000
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-3&#34;&gt;Symbol table entry 3&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|000002c8:                     0000 0000 0300 0200|          ........
 |000002d0: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 
 st_name                    0x00000000
 st_info                    0x03 (STT_OBJECT | STT_FUNC)
 st_other                   0x00
 st_shndx                   0x0002 (Section 2: .text)
 st_value                   0x0000000000000000
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-4-hello&#34;&gt;Symbol table entry 4 (hello)&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|000002e0: 0b00 0000 0000 0100 0000 0000 0000 0000|  ................
 |000002f0: 0000 0000 0000 0000                    |  ........
 
 st_name                    0x0000000b
 st_info                    0x00
 st_other                   0x00
 st_shndx                   0x0001 (Section 1: .data)
 st_value                   0x0000000000000000
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;symbol-table-entry-5-hbytes&#34;&gt;Symbol table entry 5 (hbytes)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|000002f8:                     1100 0000 0000 f1ff|          ........
 |00000300: 0e00 0000 0000 0000 0000 0000 0000 0000|  ................
 
 st_name                    0x00000011
 st_info                    0x00
 st_other                   0x00
 st_shndx                   0xfff1 (SHN_ABS)
 st_value                   0x000000000000000e
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-6-_start&#34;&gt;Symbol table entry 6 (_start)&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|00000310: 1800 0000 1000 0200 0000 0000 0000 0000|  ................
 |00000320: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 
 st_name                    0x00000018
 st_info                    0x01 (STT_OBJECT)
 st_other                   0x00
 st_shndx                   0x0002 (Section 2: .text)
 st_value                   0x0000000000000000
 st_size                    0x0000000000000000
 Zero-padding (8 bytes starting at 0x328)
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-5-strtab-sht_strtab&#34;&gt;Section 5: .strtab (SHT_STRTAB;)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000330: 0068 656c 6c6f 2e61 736d 0068 656c 6c6f|  .hello.asm.hello
 |00000340: 0068 6279 7465 7300 5f73 7461 7274 0000|  .hbytes._start..
 
 0x00000000: &#39;&#39;
 0x00000001: &#39;hello.asm&#39;
 0x0000000b: &#39;hello&#39;
 0x00000011: &#39;hbytes&#39;
 0x00000018: &#39;_start&#39;
 Zero-padding (1 byte starting at 0x34f)
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-6-relatext-sht_rela&#34;&gt;Section 6: .rela.text (SHT_RELA;)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000350: 0700 0000 0000 0000 0100 0000 0200 0000|  ................
 |00000360: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 
 r_offset                   0x0000000000000007
 r_info                     0x0000000200000001 (Symbol table entry 2, type R_AMD64_64)
 r_addend                   0x0000000000000000
 Zero-padding (8 bytes starting at 0x368)
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h2 id=&#34;link-to-executable-image&#34;&gt;Link to executable image&lt;/h2&gt;
 &lt;p&gt;Next, let&amp;rsquo;s link &lt;code&gt;hello.o&lt;/code&gt; into a 64-bit ELF executable:&lt;/p&gt;
 &lt;pre&gt;&lt;code&gt;% ld -o hello hello.o
 &lt;/code&gt;&lt;/pre&gt;
 &lt;p&gt;This emits &lt;code&gt;hello&lt;/code&gt;, a 951-byte ELF-64 executable image.&lt;/p&gt;
 &lt;p&gt;Since the linker has decided which segment each section maps into (if any) and
 what the segment addresses are, addresses are now known for all (statically
 linked) symbols, and address 0x0 placeholders have been replaced with actual
 addresses. We can see this in the &lt;code&gt;mov&lt;/code&gt; instruction at address 0x4000b5, which
 now specifies an address of 0x6000d8.&lt;/p&gt;
 &lt;p&gt;Running the linked executable image through &lt;code&gt;xxd&lt;/code&gt; as above and picking our
 trusty linker &amp;amp; loader guide back up, here we go again:&lt;/p&gt;
 &lt;h3 id=&#34;elf-header-1&#34;&gt;ELF Header&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000000: 7f45 4c46 0201 0109 0000 0000 0000 0000|  .ELF............
 |00000010: 0200 3e00 0100 0000 b000 4000 0000 0000|  ..&amp;gt;.......@.....
 |00000020: 4000 0000 0000 0000 1001 0000 0000 0000|  @...............
 |00000030: 0000 0000 4000 3800 0200 4000 0600 0300|  ....@.8...@.....
 
 e_ident[EI_MAG0..EI_MAG3]  0x7f + ELF          Magic
 e_ident[EI_CLASS]          0x02                64-bit
 e_ident[EI_DATA]           0x01                Little-endian
 e_ident[EI_VERSION]        0x01                ELF v1
 e_ident[EI_OSABI]          0x09                FreeBSD
 e_ident[EI_ABIVERSION]     0x00                Unused
 e_ident[EI_PAD]            0x0000000000        7 bytes unused padding
 e_type                     0x0002              ET_EXEC
 e_machine                  0x003e              x86_64
 e_version                  0x00000001          Version 1
 e_entry                    0x00000000004000b0  Entrypoint addr
 e_phoff                    0x0000000000000040  Program header table offset in image
 e_shoff                    0x0000000000000110  Section header table offset in image
 e_flags                    0x00000000          Architecture-dependent interpretation
 e_ehsize                   0x0040              Size of this ELF header
 e_phentsize                0x0038              Size of program header table entry
 e_phnum                    0x0002              Number of program header table entries
 e_shentsize                0x0040              Size of section header table entry
 e_shnum                    0x0006              Number of section header table entries
 e_shstrndx                 0x0003              Index of section header for .shstrtab
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;program-header-table-entry-0-pf_x--pf_r&#34;&gt;Program header table: Entry 0 (PF_X | PF_R)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000040: 0100 0000 0500 0000 0000 0000 0000 0000|  ................
 |00000050: 0000 4000 0000 0000 0000 4000 0000 0000|  ..@.......@.....
 |00000060: d500 0000 0000 0000 d500 0000 0000 0000|  ................
 |00000070: 0000 2000 0000 0000                    |  .. .............
 
 p_type                     0x00000001          PT_LOAD
 p_flags                    0x00000005          PF_X | PF_R
 p_offset                   0x00000000          Offset of segment in file image
 p_vaddr                    0x0000000000400000  Virtual address of segment in memory
 p_paddr                    0x0000000000400000  Physical address of segment
 p_filesz                   0x00000000000000d5  Size in bytes of segment in file image
 p_memsz                    0x00000000000000d5  Size in bytes of segment in memory
 p_align                    0x0000000000200000  Alignment (2MB)
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;program-header-table-entry-1-pf_w--pf_r&#34;&gt;Program header table: Entry 1 (PF_W | PF_R)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000078:                     0100 0000 0600 0000|          ........
 |00000080: d800 0000 0000 0000 d800 6000 0000 0000|  ..........`.....
 |00000090: d800 6000 0000 0000 0e00 0000 0000 0000|  ..`.............
 |000000a0: 0e00 0000 0000 0000 0000 2000 0000 0000|  .......... .....
 
 p_type                     0x00000001          PT_LOAD
 p_flags                    0x00000006          PF_W | PF_R
 p_offset                   0x00000000000000d8  Offset of segment in file image
 p_vaddr                    0x00000000006000d8  Virtual address of segment in memory
 p_paddr                    0x00000000006000d8  Physical address of segment
 p_filesz                   0x000000000000000e  Size in bytes of segment in file image
 p_memsz                    0x000000000000000e  Size in bytes of segment in memory
 p_align                    0x0000000000200000  Alignment (2MB)
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-1-text-sht_progbits-shf_alloc--shf_execinstr&#34;&gt;Section 1: .text (SHT_PROGBITS; SHF_ALLOC | SHF_EXECINSTR)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|000000b0: bf01 0000 0048 bed8 0060 0000 0000 00ba|  .....H...`......
 |000000c0: 0e00 0000 b804 0000 000f 0548 31ff b801|  ...........H1...
 |000000d0: 0000 000f 05                           |  .....
 
 0x4000b0  mov       edi, 0x1
 0x4000b5  movabs    rsi, 0x6000d8
 0x4000bf  mov       edx, 0xe
 0x4000c4  mov       eax, 0x4
 0x4000c9  syscall
 0x4000cb  xor       rdi, rdi
 0x4000ce  mov       eax, 0x1
 0x4000d3  syscall
 Zero-padding (5 bytes starting at 0x000000d5)
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-2-data-sht_progbits-shf_write--shf_alloc&#34;&gt;Section 2: .data (SHT_PROGBITS; SHF_WRITE | SHF_ALLOC)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|000000d8:                     4865 6c6c 6f2c 2057|          Hello, W
 |000000e0: 6f72 6c64 210a                         |  orld!.
 
 0x6000d8  &#39;Hello, World!\n&#39;
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-3-shstrtab-sht_strtab-1&#34;&gt;Section 3: .shstrtab (SHT_STRTAB;)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|000000e6:                002e 7379 6d74 6162 002e|        ..symtab..
 |000000f0: 7374 7274 6162 002e 7368 7374 7274 6162|  strtab..shstrtab
 |00000100: 002e 7465 7874 002e 6461 7461 0000 0000|  ..text..data.
 
 0x00000000: &#39;&#39;
 0x00000001: &#39;.symtab&#39;
 0x00000009: &#39;.strtab&#39;
 0x00000011: &#39;.shstrtab&#39;
 0x0000001b: &#39;.text&#39;
 0x00000021: &#39;.data&#39;
 Zero-padding (3 bytes starting at 0x0000010d)
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-header-table-entry-0-null-1&#34;&gt;Section header table: Entry 0 (null)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000110: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 |00000120: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 |00000130: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 |00000140: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 
 sh_name                    0x00000000          Offset into .shstrtab
 sh_type                    0x00000000          SHT_NULL
 sh_flags                   0x0000000000000000  Section attributes
 sh_addr                    0x0000000000000000  Virtual address of section in memory
 sh_offset                  0x0000000000000000  Offset of section in file image
 sh_size                    0x0000000000000000  Size in bytes of section in file image
 sh_link                    0x00000000          Section index of associated section
 sh_info                    0x00000000          Extra info about section
 sh_addralign               0x0000000000000000  Alignment
 sh_entsize                 0x0000000000000000  Size in bytes of each entry
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-header-table-entry-1-text&#34;&gt;Section header table: Entry 1 (.text)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000150: 1b00 0000 0100 0000 0600 0000 0000 0000|  ................
 |00000160: b000 4000 0000 0000 b000 0000 0000 0000|  ..@.............
 |00000170: 2500 0000 0000 0000 0000 0000 0000 0000|  %...............
 |00000180: 1000 0000 0000 0000 0000 0000 0000 0000|  ................
 
 sh_name                    0x0000001b          Offset into .shstrtab
 sh_type                    0x00000001          SHT_PROGBITS
 sh_flags                   0x00000006          SHF_ALLOC | SHF_EXECINSTR
 sh_addr                    0x00000000004000b0  Virtual address of section in memory
 sh_offset                  0x00000000000000b0  Offset of section in file image
 sh_size                    0x0000000000000025  Size in bytes of section in file image
 sh_link                    0x00000000          Section index of associated section
 sh_info                    0x00000000          Extra info about section
 sh_addralign               0x0000000000000010  Alignment (2B)
 sh_entsize                 0x0000000000000000  Size in bytes of each entry
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-header-table-entry-2-data&#34;&gt;Section header table: Entry 2 (.data)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000190: 2100 0000 0100 0000 0300 0000 0000 0000|  !...............
 |000001a0: d800 6000 0000 0000 d800 0000 0000 0000|  ..`.............
 |000001b0: 0e00 0000 0000 0000 0000 0000 0000 0000|  ................
 |000001c0: 0400 0000 0000 0000 0000 0000 0000 0000|  ................
 
 sh_name                    0x00000021          Offset into .shstrtab
 sh_type                    0x00000001          SHT_PROGBITS
 sh_flags                   0x0000000000000003  SHF_WRITE | SHF_ALLOC
 sh_addr                    0x00000000006000d8  Virtual address of section in memory
 sh_offset                  0x00000000000000d8  Offset of section in file image
 sh_size                    0x000000000000000e  Size in bytes of section in file image
 sh_link                    0x00000000          Section index of associated section
 sh_info                    0x00000000          Extra info about section
 sh_addralign               0x0000000000000004  Alignment (4B)
 sh_entsize                 0x0000000000000000  Size in bytes of each entry
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-header-table-entry-3-shstrtab-1&#34;&gt;Section header table: Entry 3 (.shstrtab)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|000001d0: 1100 0000 0300 0000 0000 0000 0000 0000|  ................
 |000001e0: 0000 0000 0000 0000 e600 0000 0000 0000|  ................
 |000001f0: 2700 0000 0000 0000 0000 0000 0000 0000|  &#39;...............
 |00000200: 0100 0000 0000 0000 0000 0000 0000 0000|  ................
 
 sh_name                    0x00000011          Offset into .shstrtab
 sh_type                    0x00000003          SHT_STRTAB
 sh_flags                   0x00000000          No flags
 sh_addr                    0x0000000000000000  Virtual address of section in memory
 sh_offset                  0x00000000000000e6  Offset of section in file image
 sh_size                    0x0000000000000027  Size in bytes of section in file image
 sh_link                    0x00000000          Section index of associated section
 sh_info                    0x00000000          Extra info about section
 sh_addralign               0x0000000000000001  Alignment (1B)
 sh_entsize                 0x0000000000000000  Size in bytes of each entry
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-header-table-entry-4-symtab-1&#34;&gt;Section header table: Entry 4 (.symtab)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000210: 0100 0000 0200 0000 0000 0000 0000 0000|  ................
 |00000220: 0000 0000 0000 0000 9002 0000 0000 0000|  ................
 |00000230: f000 0000 0000 0000 0500 0000 0600 0000|  ................
 |00000240: 0800 0000 0000 0000 1800 0000 0000 0000|  ................
 
 sh_name                    0x00000001          Offset into .shstrtab
 sh_type                    0x00000002          SHT_SYMTAB
 sh_flags                   0x00000000          No flags
 sh_addr                    0x0000000000000000  Virtual address of section in memory
 sh_offset                  0x0000000000000290  Offset of section in file image
 sh_size                    0x00000000000000f0  Size in bytes of section in file image
 sh_link                    0x00000005          Section index of associated section
 sh_info                    0x00000006          Flags
 sh_addralign               0x0000000000000008  Alignment (8B)
 sh_entsize                 0x0000000000000018  Size in bytes of each entry (24B)
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-header-table-entry-5-strtab-1&#34;&gt;Section header table: Entry 5 (.strtab)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000250: 0900 0000 0300 0000 0000 0000 0000 0000|  ................
 |00000260: 0000 0000 0000 0000 8003 0000 0000 0000|  ................
 |00000270: 3700 0000 0000 0000 0000 0000 0000 0000|  7...............
 |00000280: 0100 0000 0000 0000 0000 0000 0000 0000|  ................
 
 sh_name                    0x00000009          Offset into .shstrtab
 sh_type                    0x00000003          SHT_STRTAB
 sh_flags                   0x0000000000000000  No flags
 sh_addr                    0x0000000000000000  Virtual address of section in memory
 sh_offset                  0x0000000000000380  Offset of section in file image
 sh_size                    0x0000000000000037  Size in bytes of section in file image
 sh_link                    0x00000000          Section index of associated section
 sh_info                    0x00000000          Extrac info about section
 sh_addralign               0x0000000000000001  Alignment (1B)
 sh_entsize                 0x0000000000000000  Size in bytes of each entry
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-4-symtab-sht_symtab-1&#34;&gt;Section 4: .symtab (SHT_SYMTAB;)&lt;/h3&gt;
 &lt;h4 id=&#34;symbol-table-entry-0-1&#34;&gt;Symbol table entry 0&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|00000290: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 |000002a0: 0000 0000 0000 0000                    |  ........
 
 st_name                    0x00000000
 st_info                    0x00
 st_other                   0x00
 st_shndx                   0x0000 (SHN_UNDEF)
 st_value                   0x0000000000000000
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-1&#34;&gt;Symbol table entry 1&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|000002a8:                     0000 0000 0300 0100|          ........
 |000002b0: b000 4000 0000 0000 0000 0000 0000 0000|  ..@.............
 
 st_name                    0x00000000
 st_info                    0x03 (STT_OBJECT | STT_FUNC)
 st_other                   0x00
 st_shndx                   0x0001 (Section 1: .text)
 st_value                   0x00000000004000b0
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-2-1&#34;&gt;Symbol table entry 2&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|000002c0: 0000 0000 0300 0200 d800 6000 0000 0000|  ..........`.....
 |000002d0: 0000 0000 0000 0000                    |  ........
 
 st_name                    0x00000000
 st_info                    0x03 (STT_OBJECT | STT_FUNC)
 st_other                   0x00
 st_shndx                   0x0002 (Section 2: .data)
 st_value                   0x00000000006000d8
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-3-helloasm&#34;&gt;Symbol table entry 3 (hello.asm)&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|000002d0:                     0100 0000 0400 f1ff|          ........
 |000002e0: 0000 0000 0000 0000 0000 0000 0000 0000|  ................
 
 st_name                    0x00000001
 st_info                    0x04 (STT_FILE)
 st_other                   0x00
 st_shndx                   0xfff1 (SHN_ABS)
 st_value                   0x0000000000000000
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-4-hello-1&#34;&gt;Symbol table entry 4 (hello)&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|000002f0: 0b00 0000 0000 0200 d800 6000 0000 0000|  ..........`.....
 |00000300: 0000 0000 0000 0000                    |  ................
 
 st_name                    0x0000000b
 st_info                    0x00
 st_other                   0x00
 st_shndx                   0x0002 (Section 2: .data)
 st_value                   0x00000000006000d8
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-5-hbytes-1&#34;&gt;Symbol table entry 5 (hbytes)&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|00000300:                     1100 0000 0000 f1ff|          ........
 |00000310: 0e00 0000 0000 0000 0000 0000 0000 0000|  ................
 
 st_name                    0x00000011
 st_info                    0x00
 st_other                   0x00
 st_shndx                   0xfff1 (SHN_ABS)
 st_value                   0x000000000000000e
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-6-_start-1&#34;&gt;Symbol table entry 6 (_start)&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|00000320: 1800 0000 1000 0100 b000 4000 0000 0000|  ..........@.....
 |00000330: 0000 0000 0000 0000                    |  ........
 
 st_name                    0x00000018
 st_info                    0x10 (STB_GLOBAL)
 st_other                   0x00
 st_shndx                   0x0001 (Section 1: .text)
 st_value                   0x00000000004000b0
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-7-__bss_start&#34;&gt;Symbol table entry 7 (__bss_start)&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|00000330:                     1f00 0000 1000 f1ff|          ........
 |00000340: e600 6000 0000 0000 0000 0000 0000 0000|  ..`.............
 
 st_name                    0x0000001f
 st_info                    0x10 (STB_GLOBAL)
 st_other                   0x00
 st_shndx                   0xfff1 (SHN_ABS)
 st_value                   0x00000000006000e6
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-8-_edata&#34;&gt;Symbol table entry 8 (_edata)&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|00000350: 2b00 0000 1000 f1ff e600 6000 0000 0000|  +.........`.....
 |00000360: 0000 0000 0000 0000                    |  ........
 
 st_name                    0x0000002b
 st_info                    0x10 (STB_GLOBAL)
 st_other                   0x00
 st_shndx                   0xfff1 (SHN_ABS)
 st_value                   0x00000000006000e6
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h4 id=&#34;symbol-table-entry-9-_end&#34;&gt;Symbol table entry 9 (_end)&lt;/h4&gt;
 &lt;pre&gt;&lt;code&gt;|00000360:                     3200 0000 1000 f1ff|          2.......
 |00000370: e800 6000 0000 0000 0000 0000 0000 0000|  ..`.............
 
 st_name                    0x00000032
 st_info                    0x10 (STB_GLOBAL)
 st_other                   0x00
 st_shndx                   0xfff1 (SHN_ABS)
 st_value                   0x00000000006000e8
 st_size                    0x0000000000000000
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h3 id=&#34;section-6-strtab-sht_strtab&#34;&gt;Section 6: .strtab (SHT_STRTAB;)&lt;/h3&gt;
 &lt;pre&gt;&lt;code&gt;|00000380: 0068 656c 6c6f 2e61 736d 0068 656c 6c6f|  .hello.asm.hello
 |00000390: 0068 6279 7465 7300 5f73 7461 7274 005f|  .hbytes._start._
 |000003a0: 5f62 7373 5f73 7461 7274 005f 6564 6174|  _bss_start._edat
 |000003b0: 6100 5f65 6e64 00                      |  a._end.
 
 0x00000000: &#39;&#39;
 0x00000001: &#39;hello.asm&#39;
 0x0000000b: &#39;hello&#39;
 0x00000011: &#39;hbytes&#39;
 0x00000018: &#39;_start&#39;
 0x0000001f: &#39;__bss_start&#39;
 0x0000002b: &#39;_edata&#39;
 0x00000032: &#39;_end&#39;
 &lt;/code&gt;&lt;/pre&gt;
 &lt;h2 id=&#34;effect-of-stripping&#34;&gt;Effect of stripping&lt;/h2&gt;
 &lt;p&gt;Running &lt;code&gt;strip&lt;/code&gt; on the binary has the effect of dropping the &lt;code&gt;.symtab&lt;/code&gt; and
 &lt;code&gt;.strtab&lt;/code&gt; sections along with their section headers and 16 bytes of data (the
 section names &lt;code&gt;.symtab&lt;/code&gt; and &lt;code&gt;.strtab&lt;/code&gt;) from the &lt;code&gt;.shstrtab&lt;/code&gt; section, reducing the
 total binary size to 512 bytes.&lt;/p&gt;
 &lt;h2 id=&#34;in-memory-process-image&#34;&gt;In-memory process image&lt;/h2&gt;
 &lt;p&gt;FreeBSD uses a memory superpage size of 2MB (page size of 4kB) on x86_64. Since
 attributes are set at the page level, read+execute program &lt;code&gt;.text&lt;/code&gt; and
 read+write &lt;code&gt;.data&lt;/code&gt; are loaded into two separate segments on separate pages, as
 laid-out by the linker.&lt;/p&gt;
 &lt;p&gt;On launch, the kernel maps the binary image into memory as specified in the
 program header table:&lt;/p&gt;
 &lt;ul&gt;
 &lt;li&gt;PHT Entry 0: The ELF header, program header table, and Section 1 (&lt;code&gt;.text&lt;/code&gt;)
 are mapped from offset 0x00 of the binary image (with length 0xd6 bytes)
 into Segment 1 (readable, executable) at address 0x400000.&lt;/li&gt;
 &lt;li&gt;PHT Entry 1: Section 2 (&lt;code&gt;.data&lt;/code&gt;) at offset 0xd8 of the binary image is
 mapped into Segment 2 (readable, writeable) at address 0x6000d8 from offset
 0xd8 with length 0x0e bytes.&lt;/li&gt;
 &lt;/ul&gt;
 &lt;p&gt;The program entrypoint is specified to be 0x4000b0, the start of the &lt;code&gt;.text&lt;/code&gt;
 section.&lt;/p&gt;
 &lt;p&gt;And that&amp;rsquo;s it! Any corrections or comments are always welcome. Shoot me an
 email at &lt;a href=&#34;mailto:chris@bracken.jp&#34;&gt;chris@bracken.jp&lt;/a&gt;.&lt;/p&gt;
 </description>
     </item>
     
     <item>
       <title>Installing Mozc on Ubuntu</title>
       <link>https://chris.bracken.jp/2011/04/installing-mozc-on-ubuntu/</link>
       <pubDate>Fri, 22 Apr 2011 00:00:00 +0000</pubDate>
       <author>chris@bracken.jp (Chris Bracken)</author>
       <guid>https://chris.bracken.jp/2011/04/installing-mozc-on-ubuntu/</guid>
       <description>&lt;p&gt;If you&amp;rsquo;re a Japanese speaker, one of the first things you do when you install a
 fresh Linux distribution is to install a decent &lt;a href=&#34;https://en.wikipedia.org/wiki/Japanese_IME&#34;&gt;Japanese IME&lt;/a&gt;.
 Ubuntu defaults to &lt;a href=&#34;https://sourceforge.jp/projects/anthy/news/&#34;&gt;Anthy&lt;/a&gt;, but I personally prefer &lt;a href=&#34;https://code.google.com/p/mozc/&#34;&gt;Mozc&lt;/a&gt;, and
 that&amp;rsquo;s what I&amp;rsquo;m going to show you how to install here.&lt;/p&gt;
 &lt;p&gt;&lt;em&gt;Update (2011-05-01):&lt;/em&gt; Found an older &lt;a href=&#34;https://www.youtube.com/watch?v=MfgjTCXZ2-s&#34;&gt;video tutorial&lt;/a&gt; on YouTube
 which provides an alternative (and potentially more comprehensive) solution for
 Japanese support on 10.10 using ibus instead of uim, which is the better choice
 for newer releases.&lt;/p&gt;
 &lt;p&gt;&lt;em&gt;Update (2011-10-25):&lt;/em&gt; The software installation part of this process got a
 whole lot easier in Ubuntu releases after Natty, and as noted above, I&amp;rsquo;d
 recommend sticking with ibus over uim.&lt;/p&gt;
 &lt;h3 id=&#34;japanese-input-basics&#34;&gt;Japanese Input Basics&lt;/h3&gt;
 &lt;p&gt;Before we get going, let&amp;rsquo;s understand a bit about how Japanese input works on
 computers. Japanese comprises three main character sets: the two phonetic
 character sets, hiragana and katakana at 50 characters each, plus many
 thousands of Kanji, each with multiple readings. Clearly a full keyboard is
 impractical, so a mapping is required.&lt;/p&gt;
 &lt;p&gt;Input happens in two steps. First, you input the text phonetically, then you
 convert it to a mix of kanji and kana.&lt;/p&gt;
 &lt;figure&gt;&lt;img src=&#34;https://chris.bracken.jp/post/2011-04-22-henkan.png&#34;
     alt=&#34;Japanese IME completion menu&#34;&gt;
 &lt;/figure&gt;
 
 &lt;p&gt;Over the years, two main mechanisms evolved to input kana. The first was common
 on old &lt;em&gt;wapuro&lt;/em&gt;, and assigns a kana to each key on the keyboard—e.g. where
 the &lt;em&gt;A&lt;/em&gt; key appears on a QWERTY keyboard, you&amp;rsquo;ll find a ち. This is how our
 grandparents hacked out articles for the local &lt;em&gt;shinbun&lt;/em&gt;, but I suspect only a
 few die-hard traditionalists still do this. The second and more common method
 is literal &lt;a href=&#34;https://en.wikipedia.org/wiki/Wapuro&#34;&gt;transliteration of roman characters into kana&lt;/a&gt;. You
 type &lt;em&gt;fujisan&lt;/em&gt; and out comes ふじさん.&lt;/p&gt;
 &lt;p&gt;Once the phonetic kana have been input, you execute a conversion step wherein
 the input is transformed into the appropriate mix of kanji and kana. Given the
 large number of homonyms in Japanese, this step often involves disambiguating
 your input by selecting the intended kanji. For example, the &lt;em&gt;mita&lt;/em&gt; in &lt;em&gt;eiga wo
 mita&lt;/em&gt; (I watched a movie) is properly rendered as 観た whereas the &lt;em&gt;mita&lt;/em&gt; in
 &lt;em&gt;kuruma wo mita&lt;/em&gt; (I saw a car) should be 見た, and in neither case is it &lt;em&gt;mita&lt;/em&gt;
 as in the place name &lt;em&gt;Mita-bashi&lt;/em&gt; (Mita bridge) which is written 三田.&lt;/p&gt;
 &lt;h3 id=&#34;some-implementation-details&#34;&gt;Some Implementation Details&lt;/h3&gt;
 &lt;p&gt;Let&amp;rsquo;s look at implementation. There are two main components used in inputting
 Japanese text:&lt;/p&gt;
 &lt;p&gt;The GUI system (e.g. ibus, uim) is responsible for:&lt;/p&gt;
 &lt;ol&gt;
 &lt;li&gt;Maintaining and switching the current input mode:
 ローマ字、ひらがな、カタカナ、半額カタカナ.&lt;/li&gt;
 &lt;li&gt;Transliteration of character input into kana: &lt;em&gt;ku&lt;/em&gt; into く,
 &lt;em&gt;nekko&lt;/em&gt; into ねっこ, &lt;em&gt;xtu&lt;/em&gt; into っ.&lt;/li&gt;
 &lt;li&gt;Managing the text under edit (the underlined stuff) and the
 drop-down list of transliterations.&lt;/li&gt;
 &lt;li&gt;Ancillary functions such as supplying a GUI for custom dictionary
 management, kanji lookup by radical, etc.&lt;/li&gt;
 &lt;/ol&gt;
 &lt;p&gt;The transliteration engine (e.g. Anthy, Mozc) is responsible for transforming a
 piece of input text, usually in kana form, into kanji: for example みる into
 one of: 見る、観る、診る、視る. This involves:&lt;/p&gt;
 &lt;ol&gt;
 &lt;li&gt;Breaking the input phrase into components.&lt;/li&gt;
 &lt;li&gt;Transforming each component into the appropriate best guess based on context
 and historical input.&lt;/li&gt;
 &lt;li&gt;Supplying alternative transformations in case the best guess was incorrect.&lt;/li&gt;
 &lt;/ol&gt;
 &lt;h3 id=&#34;why-mozc&#34;&gt;Why Mozc?&lt;/h3&gt;
 &lt;p&gt;TL;DR: because it&amp;rsquo;s better. Have a look at the conversion list up at the top of
 this post. The input is &lt;em&gt;kinou&lt;/em&gt;, for which there are two main conversion
 candidates: 機能 (feature) and 昨日 (yesterday). Notice however, that it also
 supplies several conversions for yesterday&amp;rsquo;s date in various formats, including
 「平成23年4月21日」 using &lt;a href=&#34;https://en.wikipedia.org/wiki/Japanese_era_name&#34;&gt;Japanese Era Name&lt;/a&gt; rather than the
 Western notation 2011. This is just one small improvement among dozens of
 clever tricks it performs. If you&amp;rsquo;re thinking this bears an uncanny resemblance
 to tricks that &lt;a href=&#34;https://www.google.com/intl/ja/ime/&#34;&gt;Google&amp;rsquo;s Japanese IME&lt;/a&gt; supports, you&amp;rsquo;re right: Mozc
 originated from the same codebase.&lt;/p&gt;
 &lt;h3 id=&#34;switching-to-mozc&#34;&gt;Switching to Mozc&lt;/h3&gt;
 &lt;p&gt;So let&amp;rsquo;s assume you&amp;rsquo;re now convinced to abandon Anthy and switch to Mozc.
 You&amp;rsquo;ll need to make some changes. Here are the steps:&lt;/p&gt;
 &lt;p&gt;If you haven&amp;rsquo;t yet done so, install some Japanese fonts from either Software
 Centre or Synaptic. I&amp;rsquo;d recommend grabbing the &lt;em&gt;ttf-takao&lt;/em&gt; package.&lt;/p&gt;
 &lt;p&gt;Next up, we&amp;rsquo;ll install and configure Mozc.&lt;/p&gt;
 &lt;ol&gt;
 &lt;li&gt;&lt;strong&gt;Install ibus-mozc:&lt;/strong&gt; &lt;code&gt;sudo apt-get install ibus-mozc&lt;/code&gt;&lt;/li&gt;
 &lt;li&gt;&lt;strong&gt;Restart the ibus daemon:&lt;/strong&gt; &lt;code&gt;/usr/bin/ibus-daemon --xim -r -d&lt;/code&gt;&lt;/li&gt;
 &lt;li&gt;&lt;strong&gt;Set your input method to mozc:&lt;/strong&gt;
 &lt;ol&gt;
 &lt;li&gt;Open &lt;em&gt;Keyboard Input Methods&lt;/em&gt; settings.&lt;/li&gt;
 &lt;li&gt;Select the &lt;em&gt;Input Method&lt;/em&gt; tab.&lt;/li&gt;
 &lt;li&gt;From the &lt;em&gt;Select an input method&lt;/em&gt; drop-down, select Japanese, then mozc from
 the sub-menu.&lt;/li&gt;
 &lt;li&gt;Select &lt;em&gt;Japanese - Anthy&lt;/em&gt; from the list, if it appears there, and click
 &lt;em&gt;Remove&lt;/em&gt;.&lt;/li&gt;
 &lt;/ol&gt;
 &lt;/li&gt;
 &lt;li&gt;&lt;strong&gt;Optionally, remove Anthy from your system:&lt;/strong&gt; &lt;code&gt;sudo apt-get autoremove anthy&lt;/code&gt;&lt;/li&gt;
 &lt;/ol&gt;
 &lt;p&gt;Log out, and back in. You should see an input method menu in the menu
 bar at the top of the screen.&lt;/p&gt;
 &lt;p&gt;That&amp;rsquo;s it, Mozcを楽しんでください！&lt;/p&gt;
 </description>
     </item>
     
     <item>
       <title>Google Reader</title>
       <link>https://chris.bracken.jp/2007/05/google-reader/</link>
       <pubDate>Wed, 30 May 2007 00:00:00 +0000</pubDate>
       <author>chris@bracken.jp (Chris Bracken)</author>
       <guid>https://chris.bracken.jp/2007/05/google-reader/</guid>
       <description>&lt;p&gt;For years, I&amp;rsquo;ve been a fan of &lt;a href=&#34;http://inessential.com/&#34;&gt;Brent Simmons&amp;rsquo;&lt;/a&gt; OS X-based feed
 reader, &lt;a href=&#34;http://www.newsgator.com/Individuals/NetNewsWire/&#34;&gt;NetNewsWire&lt;/a&gt;. It&amp;rsquo;s a fantastic application, and I&amp;rsquo;ve definitely
 got my money&amp;rsquo;s worth out of it. After partnering with &lt;a href=&#34;http://newsgator.com/&#34;&gt;NewsGator&lt;/a&gt;, I
 started using their online feed-reader on and off, with mixed
 results. I like that it keeps my feeds in sync between my computers,
 and that I can browse articles at lunch, but the interface is still not on par
 with NetNewsWire itself.&lt;/p&gt;
 &lt;p&gt;While NewsGator&amp;rsquo;s implementation was lacking, I really did like the idea of
 dropping the desktop app altogether and going with a fully online solution, so
 I started exploring other options. The obvious free alternative is &lt;a href=&#34;http://www.google.com/reader/&#34;&gt;Google
 Reader&lt;/a&gt;, and I have to say, I&amp;rsquo;m impressed. While the
 presentation isn&amp;rsquo;t as customizable as NetNewsWire, the functionality that I use
 is all there, and in fact, it has some extra search features that I miss on the
 desktop. It was only when I launched NetNewsWire today and saw 290 unread
 items, that it hit me I hadn&amp;rsquo;t used it in almost a month. So while I look
 forward to &lt;a href=&#34;http://www.flickr.com/photos/hicksdesign/210309912/&#34;&gt;NetNewsWire 3&lt;/a&gt;, I&amp;rsquo;m sticking to Google Reader for the time
 being.&lt;/p&gt;
 &lt;figure&gt;&lt;img src=&#34;https://chris.bracken.jp/post/2007-05-30-google-reader.png&#34;
     alt=&#34;Google reader graph of usage by hour of day&#34;&gt;
 &lt;/figure&gt;
 
 &lt;p&gt;I also discovered that my prime news reading hours are apparently 6:30am to
 7:30am and 9pm to 11pm, with a strange local maximum straggling out around
 12:30am. I&amp;rsquo;d be curious to compare this to &lt;em&gt;before&lt;/em&gt; I had a baby that woke me
 up around that time.&lt;/p&gt;
 &lt;p&gt;&lt;em&gt;Update (2007-06-06):&lt;/em&gt; NetNewsWire 3.0 is now out.&lt;/p&gt;
 </description>
     </item>
     
   </channel>
 </rss>