$ java ByteEntropy -c -r 512 -w 200 -o find.ent -f /usr/bin/find
$ objdump -h /usr/bin/find | awk '/[ ]+[0-9]+/ {printf "0x%s %s\n", $6, $2}'
0x00000200 .interp
0x0000021c .note.ABI-tag
0x0000023c .note.gnu.build-id
0x00000260 .hash
0x000006c0 .gnu.hash
0x00000720 .dynsym
0x000014e8 .dynstr
0x000019b8 .gnu.version
0x00001ae0 .gnu.version_r
0x00001b60 .rela.dyn
0x00001bd8 .rela.plt
0x00002850 .init
0x00002868 .plt
0x000030d0 .text
0x00028888 .fini
0x000288a0 .rodata
0x00030934 .eh_frame_hdr
0x000318c0 .eh_frame
0x00036000 .ctors
0x00036010 .dtors
0x00036020 .jcr
0x00036028 .dynamic
0x000361e8 .got
0x000361f8 .got.plt
0x00036640 .data
0x00036be8 .bss
.text section
$ echo $((0x000030d0/512))
24
We can see the .text section beginning at 24 on the picture.
.fini section
$ echo $((0x00028888/512))
324
At 324 the .fini section starts, and the .text section ends.
.data section
$ echo $((0x00036640/512))
435
The .data section corresponds to the sharp drop at 435.
.bss section
$ echo $((0x00036be8/512))
437
The .bss section begins right after the .data section at 437.
No comments:
Post a Comment