Program Sections

Rabin2 called with the -S option gives complete information about the sections of an executable. For each section the index, offset, size, alignment, type and permissions, are shown. The next example demonstrates this:

  1. $ rabin2 -S /bin/ls
  2. [Sections]
  4. nth paddr          size vaddr         vsize perm name
  5. -----------------------------------------------------
  6. 00 0x00000000     0 0x00000000     0 ----
  7. 01 0x00000238    28 0x00000238    28 -r-- .interp
  8. 02 0x00000254    32 0x00000254    32 -r-- .note.ABI_tag
  9. 03 0x00000278   176 0x00000278   176 -r-- .gnu.hash
  10. 04 0x00000328  3000 0x00000328  3000 -r-- .dynsym
  11. 05 0x00000ee0  1412 0x00000ee0  1412 -r-- .dynstr
  12. 06 0x00001464   250 0x00001464   250 -r-- .gnu.version
  13. 07 0x00001560   112 0x00001560   112 -r-- .gnu.version_r
  14. 08 0x000015d0  4944 0x000015d0  4944 -r-- .rela.dyn
  15. 09 0x00002920  2448 0x00002920  2448 -r-- .rela.plt
  16. 10 0x000032b0    23 0x000032b0    23 -r-x .init
  17. 11 0x000032d0  1648 0x000032d0  1648 -r-x .plt
  18. 12 0x00003940    24 0x00003940    24 -r-x .plt.got
  19. 13 0x00003960 73931 0x00003960 73931 -r-x .text
  20. 14 0x00015a2c     9 0x00015a2c     9 -r-x .fini
  21. 15 0x00015a40 20201 0x00015a40 20201 -r-- .rodata
  22. 16 0x0001a92c  2164 0x0001a92c  2164 -r-- .eh_frame_hdr
  23. 17 0x0001b1a0 11384 0x0001b1a0 11384 -r-- .eh_frame
  24. 18 0x0001e390     8 0x0021e390     8 -rw- .init_array
  25. 19 0x0001e398     8 0x0021e398     8 -rw- .fini_array
  26. 20 0x0001e3a0  2616 0x0021e3a0  2616 -rw- .data.rel.ro
  27. 21 0x0001edd8   480 0x0021edd8   480 -rw- .dynamic
  28. 22 0x0001efb8    56 0x0021efb8    56 -rw- .got
  29. 23 0x0001f000   840 0x0021f000   840 -rw- .got.plt
  30. 24 0x0001f360   616 0x0021f360   616 -rw- .data
  31. 25 0x0001f5c8     0 0x0021f5e0  4824 -rw- .bss
  32. 26 0x0001f5c8   232 0x00000000   232 ---- .shstrtab

With the -Sr option, rabin2 will flag the start/end of every section, and will pass the rest of information as a comment.

  1. $ rabin2 -Sr /bin/ls | head
  2. fs sections
  3. "f section. 1 0x00000000"
  4. "f section..interp 1 0x000002a8"
  5. "f section..note.gnu.build_id 1 0x000002c4"
  6. "f section..note.ABI_tag 1 0x000002e8"
  7. "f section..gnu.hash 1 0x00000308"
  8. "f section..dynsym 1 0x000003b8"
  9. "f section..dynstr 1 0x00000fb8"
  10. "f section..gnu.version 1 0x00001574"
  11. "f section..gnu.version_r 1 0x00001678"