The R_X86_64_JUMP_SLOT relocations are applied to the GOT (global offset table) slots, not to the call instructions you're seeing.

The call instructions go to the PLT (Program linkage table) stubs in the .plt section, and those, in turn, use the GOT and the .rela.plt relocations to resolve and jump to the final symbol in the external shared object. This process happens with the help of the dynamic linker (ld.so) and is a little too complicated to explain in this answer box, but you can find more information by searching for these terms.

Answer from Igor Skochinsky on Stack Exchange
🌐
GitHub
github.com › eliben › pyelftools › blob › main › test › test_get_symbol_by_name.py
pyelftools/test/test_get_symbol_by_name.py at main · eliben/pyelftools
May 10, 2019 - # Find the symbol table. symtab = elf.get_section_by_name('.symtab') self.assertIsNotNone(symtab) · # Test we get None when we look up a symbol that doesn't exist. undef = symtab.get_symbol_by_name('non-existent symbol') self.assertIsNone(undef) ·
Author   eliben
🌐
GitHub
github.com › eliben › pyelftools › blob › main › elftools › elf › sections.py
pyelftools/elftools/elf/sections.py at main · eliben/pyelftools
February 1, 2022 - """ ELF symbol table section. Has an associated StringTableSection that's · passed in the constructor. """ def __init__(self, header, name, elffile, stringtable): super().__init__(header, name, elffile) self.stringtable = stringtable ·
Author   eliben
🌐
ProgramCreek
programcreek.com › python › example › 111467 › elftools.elf.sections.SymbolTableSection
Python Examples of elftools.elf.sections.SymbolTableSection
def load_symbols_elf(filename): """ Load the symbol tables contained in the file """ f = open(filename, 'rb') elffile = ELFFile(f) symbols = [] for section in elffile.iter_sections(): if not isinstance(section, SymbolTableSection): continue if section['sh_entsize'] == 0: logger.warn("Symbol table {} has a sh_entsize of zero.".format(section.name)) continue logger.info("Symbol table {} contains {} entries.".format(section.name, section.num_symbols())) for _, symbol in enumerate(section.iter_symbols()): if describe_symbol_shndx(symbol['st_shndx']) != "UND" and \ describe_symbol_type(symbol['st_info']['type']) == "FUNC": symbols.append((symbol['st_value'], symbol['st_size'], symbol.name)) f.close() symbols_by_addr = { addr: (name, size, True) for addr, size, name in symbols } return symbols_by_addr
🌐
GitHub
github.com › eliben › pyelftools › wiki › User's-guide
User's guide · eliben/pyelftools Wiki · GitHub
February 1, 2022 - Some sections in ELF are special and their semantics is at least partially defined by the standard and various platform ABIs. pyelftools knows about these sections, and has special classes for representing them. For example, when reading a symbol table section from the stream, ELFFile will return a SymbolTableSection class (also in elftools/elf/sections.py).
Author   eliben
🌐
Eklitzke
eklitzke.org › parse-elf
Parsing ELF symbol tables - eklitzke.org
Which matches in all of the relevant fields: you can see that it correctly finds PyObject_Malloc at symbol table entry 619, that st_shndx (which holds the symbol table program header entry) is 13, and that the size of the object code is correctly identified as 539 bytes.
🌐
ProgramCreek
programcreek.com › python › example › 105189 › elftools.elf.elffile.ELFFile
Python Examples of elftools.elf.elffile.ELFFile
def do_symbols(self, *args): """ := symbols """ # Locals elf = None try: if self.target_library: # Create a new ELFFile() instance elf = ELFFile(self.target_library[0]) for section in elf.iter_sections(): # Once we find the symbol table, print each symbol if isinstance(section, SymbolTableSection): self.logger.binja_log("info", "Found symbol table (!)") for i, symbol in enumerate(section.iter_symbols()): self.logger.binja_log("info", symbol.name) else: self.logger.binja_log("info", "Target library not selected (!)") except Exception as e: BinjaError("function : {}".format(e))
Top answer
1 of 2
2

To add a symbol to an ELF file you can use objcopy --add-symbol (how logical!).

--add-symbol name=[section:]value[,flags]

Add a new symbol named name while copying the file. This option may be specified multiple times. If the section is given, the symbol will be associated with and relative to that section, otherwise it will be an ABS symbol. Specifying an undefined section will result in a fatal error. There is no check for the value, it will be taken as specified. Symbol flags can be specified and not all flags will be meaningful for all object file formats. By default, the symbol will be global. The special flag ’before=othersym’ will insert the new symbol in front of the specified othersym, otherwise the symbol(s) will be added at the end of the symbol table in the order they appear.

For example:

Copy❯ file test
test: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=b41a48662a58bb74c584e5208bea0d3c8452695d, not stripped

❯ objcopy --add-symbol mysym=5 test test2

❯ nm test | grep mysym

❯ nm test2 | grep mysym
0000000000000005 A mysym

You can add absolute symbols and section-relative symbols as described. The flags can be used to set the symbol flags.

The LLVM version of objcopy has a better description:

--add-symbol <name>=[<section>:]<value>[,<flags>]

Add a new symbol called to the output symbol table, in the section named , with value . If is not specified, the symbol is added as an absolute symbol. The affect the symbol properties. Accepted values are:

Copyglobal = the symbol will have global binding.
local = the symbol will have local binding.
weak = the symbol will have weak binding.
default = the symbol will have default visibility.
hidden = the symbol will have hidden visibility.
protected = the symbol will have protected visibility.
file = the symbol will be an STT_FILE symbol.
section = the symbol will be an STT_SECTION symbol.
object = the symbol will be an STT_OBJECT symbol.
function = the symbol will be an STT_FUNC symbol.
indirect-function = the symbol will be an STT_GNU_IFUNC symbol.

Additionally, the following flags are accepted but ignored: debug, constructor, warning, indirect, synthetic, unique-object, before.

Can be specified multiple times to add multiple symbols.

Flags are comma separated.

2 of 2
0

ELF has nothing to do with the symbols stored in it by programs. It is just a format to encode everything. Symbols are generated normally by compilers, like the C compiler, fortran compiler or an assembler, while sections are fixed by the programming language (e.g. the C compiler only uses a limited number of sections, depending on the kind of data you are using in your programs). Some compilers have extensions to associate a variable to a section, so the linke will consider it special in some way. The compiler/assembler generates a symbol table in order for the linker to be able to use it to resolve dependencies.

If you want to add symbols to your program, the easiest way it to create an assembler module with the sections and symbols you want to add to the executable, then assemble it and link to the final executable.

Read about ld(1) program (the linker), and how it uses the link scripts (special hidden files that direct the linker on how to organize the sections in the different modules at link time) to handle the sections in an object file. ELF is just a format. If you use a link script and the help of the assembler, you'll be able to add any section you want or modify the normal memory map that programs use to have.

Find elsewhere
🌐
HotExamples
python.hotexamples.com › examples › elftools.elf.elffile › ELFFile › - › python-elffile-class-examples.html
Python ELFFile Examples, elftools.elf.elffile.ELFFile Python Examples - HotExamples
def _dump_elf(cls, buf): """ Dump the symbol table of an ELF file. Needs pyelftools (https://github.com/eliben/pyelftools) """ from elftools.elf.elffile import ELFFile from elftools.elf import descriptions from io import BytesIO f = ELFFile(BytesIO(buf)) print("ELF file:") for sec in f.iter_sections(): if sec['sh_type'] == 'SHT_SYMTAB': symbols = sorted(sec.iter_symbols(), key=lambda sym: sym.name) print(" symbols:") for sym in symbols: if not sym.name: continue print(" - %r: size=%d, value=0x%x, type=%s, bind=%s" % (sym.name.decode(), sym['st_size'], sym['st_value'], descriptions.describe_symbol_type(sym['st_info']['type']), descriptions.describe_symbol_bind(sym['st_info']['bind']), )) print() Example #13 ·
🌐
Embedded Artistry
embeddedartistry.com › home › blog › metal.serial: elfs & dwarfs
Metal.Serial: ELFs & DWARFs - Embedded Artistry
December 14, 2021 - Note: You can install pyelftools with pip. The ideas behind our tool is that it generates a file that contains the line & address information. It gets the symbol table similar to what nm does.
🌐
SUSE Package Hub
packagehub.suse.com › packages › python-pyelftools › 0_26-bp153_1_15
SUSE Package Hub -
- Update to 0.26 * Call relocation for ARM v3 (#194) * More complete architecture coverage for ENUM_E_MACHINE (#206) * Support for .debug_pubtypes and .debug_pubnames sections (#208) * Support for DWARF v4 location lists (#214) * Decode strings in dynamic string tables (#217) * Improve symbol table handling in dynamic segments (#219) * Improved handling of location information (#225) * Avoid deprecation warnings in Python 3.7+ * Add DWARF v5 OPs (#240) * Handle many new translation forms and constants * Lazy DIE parsing to speed up partial parsing of DWARF info (#249)
🌐
RubyDoc
rubydoc.info › gems › elftools
RubyDoc.info: File: README – Documentation for elftools (1.3.1) – RubyDoc.info
elf = ELFTools::ELFFile.new(File.open('spec/files/amd64.elf')) # Use relocation to get plt names. rela_section = elf.sections_by_type(:rela).last rela_section.name #=> ".rela.plt" relocations = rela_section.relocations relocations.map { |r| '%x' % r.header.r_info } #=> ["100000007", "200000007", "300000007", "400000007", "500000007", "700000007"] symtab = elf.section_at(rela_section.header.sh_link) # get the symbol table section relocations.map { |r| symtab.symbol_at(r.symbol_index).name } #=> ["puts", "__stack_chk_fail", "printf", "__libc_start_main", "fgets", "scanf"]
🌐
Angr
api.angr.io › projects › cle › en › latest › api › backends › elf.html
ELF Backend - cle documentation
LSDA exception table parser. TODO: Much of this class should be eventually moved to pyelftools. __init__(stream, bits, little_endian=True)[source]¶ ... Functions to do lookup from a HASH section of an ELF file. Information: http://docs.oracle.com/cd/E23824_01/html/819-0690/chapter6-48031.html ... Perform a lookup. Returns a pyelftools Symbol object, or None if there is no match.
🌐
GitHub
github.com › eliben › pyelftools › blob › main › CHANGES
pyelftools/CHANGES at main · eliben/pyelftools
- Support for parsing symbol table in dynamic segment · (contributed by Nam T. Nguyen). · + Version 0.22 (2014.03.30) · - pyelftools repository moved to https://github.com/eliben/pyelftools · - Support for version sections - contributed by Yann Rouillard.
Author   eliben
🌐
Stack Overflow
stackoverflow.com › questions › 71235161 › pyelftool-get-symbol-absolute-address
arm - pyelftool get symbol absolute address - Stack Overflow
My Goal: use pyelftool to retrieve variables absolute placement and functions absolute address from an elf file to automatize breakpoint placement for whitebox testing. my code: import elftools from
🌐
Sumit-ghosh
sumit-ghosh.com › posts › list-external-functions-used-exported-executables-shared-libraries
Listing External Functions Used// Exported by Executables and Shared Libraries | Sumit’s Space
April 30, 2020 - sumit@HAL9000:~$ python3 dynfuncs.py random Symbol table '.dynsym' contains 5 global functions: Num: Name 0: printf 1: __libc_start_main 2: srand 3: time 4: rand · This script uses pyelftools to parse the elf file and then pick out the symbols, it doesn’t rely on any of the previously mentioned commands.
🌐
Reddit
reddit.com › r/embedded › how to parse an elf file, and identify objects/functions and associate with their file and library
r/embedded on Reddit: How to parse an elf file, and identify objects/functions and associate with their file and library
December 18, 2022 - If the target is Linux then tools like ldd will display linkage - if the target is an embedded platform and debug info was enabled you can just dump the entire symbol map.