Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness
"Gray Hat Hacking, Second Edition"
0
08049540 A _edata
08049544 A _end
And to view a section, say .dtors, you would simply type
$ objdump -s -j .dtors ./fmtstr
./fmtstr: file format elf32-i386
Contents of section .dtors:
8049518 ffffffff 00000000 ........
$
DTOR Section
In C/C�� there is a method, called a destructor (DTOR), which ensures that some process
is executed upon program exit. For example, if you wanted to print a message every
time the program exited, you would use the destructor section. The DTOR section is
stored in the binary itself, as shown in the preceding nm and objdump command output.
Notice how an empty DTOR section always starts and ends with 32-bit markers:
0xffffffff and 0x00000000 (NULL). In the preceding fmtstr case, the table is empty.
Compiler directives are used to denote the destructor as follows:
$ cat dtor.c
//dtor.c
#include
static void goodbye(void) __attribute__ ((destructor));
main(){
printf("During the program, hello\n");
exit(0);
}
void goodbye(void){
printf("After the program, bye\n");
}
$ gcc -o dtor dtor.c
$ ./dtor
During the program, hello
After the program, bye
Now let??™s take a closer look at the file structure using nm and grepping for the pointer
to the goodbye function:
$ nm .
Pages:
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357