= `.text` section
Now that we've done one section manually, let's graduate and use the `readelf -S` of the other sections:
``
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 2] .text PROGBITS 0000000000000000 00000210
0000000000000027 0000000000000000 AX 0 0 16
``
`.text` is executable but not writable: if we try to write to it Linux segfaults. Let's see if we really have some code there:
``
objdump -d hello_world.o
``
gives:
``
hello_world.o: file format elf64-x86-64
Disassembly of section .text:
0000000000000000 <_start>:
0: b8 01 00 00 00 mov $0x1,%eax
5: bf 01 00 00 00 mov $0x1,%edi
a: 48 be 00 00 00 00 00 movabs $0x0,%rsi
11: 00 00 00
14: ba 0d 00 00 00 mov $0xd,%edx
19: 0f 05 syscall
1b: b8 3c 00 00 00 mov $0x3c,%eax
20: bf 00 00 00 00 mov $0x0,%edi
25: 0f 05 syscall
``
If we grep `b8 01 00 00` on the `hd`, we see that this only occurs at `00000210`, which is what the section says. And the Size is 27, which matches as well. So we must be talking about the right section.
This looks like the right code: a `write` followed by an `exit`.
The most interesting part is line `a` which does:
``
movabs $0x0,%rsi
``
to pass the address of the string to the system call. Currently, the `0x0` is just a placeholder. After linking happens, it will be modified to contain:
``
4000ba: 48 be d8 00 60 00 00 movabs $0x6000d8,%rsi
``
This modification is possible because of the data of the `.rela.text` section.
Back to article page