I am working on Linux X86_64.
I have a need to determine the address of a specific PLT entry in an ELF file given the name of the dynamic function that the entry represents. I can figure out the file offset from the address, but I need to be able to determine the address.
If I disassemble the ELF file using objdump -D -z elffile I see that objdump uses symbolic names for each entry in the PLT. (Where does objdump obtain the relationship between these addresses and the symbol names?)
example:
0000000000000041a2b0 fileno@plt:
If I use objdump -T elffile | grep fileno I get something like this:
0000000000000 DF *UND* 00000000000000000 GLIBC_2.2.5 fileno
What I need to be able to do from "C" is find the PLT entry in the ELF file for a specific dynamic function and obtain the address.
The background is that I am patching an existing ELF file and need to redirect a function call to a different dynamic function. I have manually patched an ELF file using addresses gathered from objdump disassembly and proven that this will work for my specific application, I just need to be able to do it from a program. I am hoping not to have to crawl through objdump disassembler code to figure out how it gets the PLT entry symbols and addresses.
I figured this out: You have to parse the relocation table in the rela.plt section. Those entries contain a string table index that can be used to lookup the function name by indexing into the dynamic symbol section. Each entry in the dynamic symbol section contains a dynamic string table offset that can be used to pull out the function name. When you find the corresponding function, the index into the relocation table (+1) corresponds to the index into the .plt section for the functions PLT entry. So to calculate the address for a specific entry it is just: .plt.sec address + ((relocation_index + 1) * .plt entry size)
This method works for x86. It does not work for PPC which has a completely different format for the .plt section. If anyone has any info on doing this for PPC please post.