ELF Hello World Tutorial Global file structure Updated 2025-07-16
An ELF file contains the following parts:
- ELF header. Points to the position of the section header table and the program header table.
- Section header table (optional on executable). Each has
e_shnumsection headers, each pointing to the position of a section. - N sections, with
N <= e_shnum(optional on executable) - Program header table (only on executable). Each has
e_phnumprogram headers, each pointing to the position of a segment. - N segments, with
N <= e_phnum(only on executable)
The order of those parts is not fixed: the only fixed thing is the ELF header that must be the first thing on the file: Generic docs say:
In pictures: sample object file with three sections:
+-------------------+
| ELF header |---+
+---------> +-------------------+ | e_shoff
| | |<--+
| Section | Section header 0 |
| | |---+ sh_offset
| Header +-------------------+ |
| | Section header 1 |---|--+ sh_offset
| Table +-------------------+ | |
| | Section header 2 |---|--|--+
+---------> +-------------------+ | | |
| Section 0 |<--+ | |
+-------------------+ | | sh_offset
| Section 1 |<-----+ |
+-------------------+ |
| Section 2 |<--------+
+-------------------+But nothing (except sanity) prevents the following topology:
+-------------------+
| ELF header |---+ e_shoff
+-------------------+ |
| Section 1 |<--|--+
+---------> +-------------------+ | |
| | |<--+ | sh_offset
| Section | Section header 0 | |
| | |------|---------+
| Header +-------------------+ | |
| | Section header 1 |------+ |
| Table +-------------------+ |
| | Section header 2 |---+ | sh_offset
+---------> +-------------------+ | sh_offset |
| Section 2 |<--+ |
+-------------------+ |
| Section 0 |<---------------+
+-------------------+But some newbies may prefer PNGs :-)
ELF Hello World Tutorial Implementations Updated 2025-07-16
- Compiler toolchains generate and read ELF files.
- Operating systems read and run ELF files.
- Specialized libraries. Examples:
ELF Hello World Tutorial Object hd Updated 2025-07-16
Running:gives:
hd hello_world.o00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 01 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 |..>.............|
00000020 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 |........@.......|
00000030 00 00 00 00 40 00 00 00 00 00 40 00 07 00 03 00 |....@.....@.....|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000080 01 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 |................|
00000090 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 |................|
000000a0 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000b0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000c0 07 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 |................|
000000d0 00 00 00 00 00 00 00 00 10 02 00 00 00 00 00 00 |................|
000000e0 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |'...............|
000000f0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000100 0d 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 |................|
00000110 00 00 00 00 00 00 00 00 40 02 00 00 00 00 00 00 |........@.......|
00000120 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |2...............|
00000130 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000140 17 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 |................|
00000150 00 00 00 00 00 00 00 00 80 02 00 00 00 00 00 00 |................|
00000160 a8 00 00 00 00 00 00 00 05 00 00 00 06 00 00 00 |................|
00000170 04 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 |................|
00000180 1f 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 |................|
00000190 00 00 00 00 00 00 00 00 30 03 00 00 00 00 00 00 |........0.......|
000001a0 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |4...............|
000001b0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001c0 27 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 |'...............|
000001d0 00 00 00 00 00 00 00 00 70 03 00 00 00 00 00 00 |........p.......|
000001e0 18 00 00 00 00 00 00 00 04 00 00 00 02 00 00 00 |................|
000001f0 04 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 |................|
00000200 48 65 6c 6c 6f 20 77 6f 72 6c 64 21 0a 00 00 00 |Hello world!....|
00000210 b8 01 00 00 00 bf 01 00 00 00 48 be 00 00 00 00 |..........H.....|
00000220 00 00 00 00 ba 0d 00 00 00 0f 05 b8 3c 00 00 00 |............<...|
00000230 bf 00 00 00 00 0f 05 00 00 00 00 00 00 00 00 00 |................|
00000240 00 2e 64 61 74 61 00 2e 74 65 78 74 00 2e 73 68 |..data..text..sh|
00000250 73 74 72 74 61 62 00 2e 73 79 6d 74 61 62 00 2e |strtab..symtab..|
00000260 73 74 72 74 61 62 00 2e 72 65 6c 61 2e 74 65 78 |strtab..rela.tex|
00000270 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |t...............|
00000280 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000290 00 00 00 00 00 00 00 00 01 00 00 00 04 00 f1 ff |................|
000002a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002b0 00 00 00 00 03 00 01 00 00 00 00 00 00 00 00 00 |................|
000002c0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 02 00 |................|
000002d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002e0 11 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 |................|
000002f0 00 00 00 00 00 00 00 00 1d 00 00 00 00 00 f1 ff |................|
00000300 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000310 2d 00 00 00 10 00 02 00 00 00 00 00 00 00 00 00 |-...............|
00000320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000330 00 68 65 6c 6c 6f 5f 77 6f 72 6c 64 2e 61 73 6d |.hello_world.asm|
00000340 00 68 65 6c 6c 6f 5f 77 6f 72 6c 64 00 68 65 6c |.hello_world.hel|
00000350 6c 6f 5f 77 6f 72 6c 64 5f 6c 65 6e 00 5f 73 74 |lo_world_len._st|
00000360 61 72 74 00 00 00 00 00 00 00 00 00 00 00 00 00 |art.............|
00000370 0c 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 |................|
00000380 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000390 ELF Hello World Tutorial Program header table Updated 2025-07-16
Only appears in the executable.
Contains information of how the executable should be put into the process virtual memory.
The executable is generated from object files by the linker. The main jobs that the linker does are:
- determine which sections of the object files will go into which segments of the executable.
- do relocation according to the
.rela.textsection. This depends on how the multiple sections are put into memory.
readelf -l hello_world.out gives:Elf file type is EXEC (Executable file)
Entry point 0x4000b0
There are 2 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
0x00000000000000d7 0x00000000000000d7 R E 200000
LOAD 0x00000000000000d8 0x00000000006000d8 0x00000000006000d8
0x000000000000000d 0x000000000000000d RW 200000
Section to Segment mapping:
Segment Sections...
00 .text
01 .dataOn the ELF header, and:
e_phoff, e_phnum and e_phentsize told us that there are 2 program headers, which start at 0x40 and are 0x38 bytes long each, so they are:00000040 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 |................|
00000050 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 |..@.......@.....|
00000060 d7 00 00 00 00 00 00 00 d7 00 00 00 00 00 00 00 |................|
00000070 00 00 20 00 00 00 00 00 |.. ..... |00000070 01 00 00 00 06 00 00 00 | ........|
00000080 d8 00 00 00 00 00 00 00 d8 00 60 00 00 00 00 00 |..........`.....|
00000090 d8 00 60 00 00 00 00 00 0d 00 00 00 00 00 00 00 |..`.............|
000000a0 0d 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 |.......... .....|Structure represented www.sco.com/developers/gabi/2003-12-17/ch5.pheader.html:
typedef struct {
Elf64_Word p_type;
Elf64_Word p_flags;
Elf64_Off p_offset;
Elf64_Addr p_vaddr;
Elf64_Addr p_paddr;
Elf64_Xword p_filesz;
Elf64_Xword p_memsz;
Elf64_Xword p_align;
} Elf64_Phdr;Breakdown of the first one:
- 40 0:
p_type=01 00 00 00=PT_LOAD: this is a regular segment that will get loaded in memory. - 40 4:
p_flags=05 00 00 00= execute and read permissions. No write: we cannot modify the text segment. A classic way to do this in C is with string literals: stackoverflow.com/a/30662565/895245 This allows kernels to do certain optimizations, like sharing the segment amongst processes. This member gives the offset from the beginning of the file at which the first byte of the segment resides.
But it looks like offsets from the beginning of segments, not file?- 50 0:
p_vaddr=00 00 40 00 00 00 00 00: initial virtual memory address to load this segment to - 50 8:
p_paddr=00 00 40 00 00 00 00 00: unspecified effect. Intended for systems in which physical addressing matters. TODO example? - 60 0:
p_filesz=d7 00 00 00 00 00 00 00: size that the segment occupies in memory. If smaller thanp_memsz, the OS fills it with zeroes to fit when loading the program. This is how BSS data is implemented to save space on executable files. i368 ABI says onPT_LOAD:The bytes from the file are mapped to the beginning of the memory segment. If the segment’s memory size (p_memsz) is larger than the file size (p_filesz), the ‘‘extra’’ bytes are defined to hold the value 0 and to follow the segment’s initialized area. The file size may not be larger than the memory size.
The second segment (
.data) is analogous. TODO: why use offset 0x0000d8 and address 0x00000000006000d8? Why not just use 0 and 0x00000000006000d8?Then the:section of the
Section to Segment mapping:readelf tells us that:TODO where does this information come from? stackoverflow.com/questions/23018496/section-to-segment-mapping-in-elf-files
Noisy-channel coding theorem Updated 2025-07-16
Setting: you are sending bits through a communication channel, each bit has a random probability of getting flipped, and so you use some error correction code to achieve some minimal error, at the expense of longer messages.
This theorem sets an upper bound on how efficient you can be in your encoding, for any encoding.
The next big question, which the theorem does not cover is how to construct codes that reach or approach the limit. Important such codes include:
But besides this, there is also the practical consideration of if you can encode/decode fast enough to keep up with the coded bandwidth given your hardware capabilities.
news.mit.edu/2010/gallager-codes-0121 explains how turbo codes were first reached without a very good mathematical proof behind them, but were still revolutionary in experimental performance, e.g. turbo codes were used in 3G/4G.
But this motivated researchers to find other such algorithms that they would be able to prove things about, and so they rediscovered the much earlier low-density parity-check code, which had been published in the 60's but was forgotten, partially because it was computationally expensive.
No-Nonsense Quantum Field Theory by Jakob Schwichtenberg (2020) Updated 2025-07-16
This book really tries to recall basic things to ensure that the reader will be able to understand the more advanced ones.
But Ciro Santilli really prefers it when authors error on the side of obvious.
Normal subgroup Updated 2025-07-16
Ultimate explanation: math.stackexchange.com/questions/776039/intuition-behind-normal-subgroups/3732426#3732426
Only normal subgroups can be used to form quotient groups: their key definition is that they plus their cosets form a group.
One key intuition is that "a normal subgroup is the kernel" of a group homomorphism, and the normal subgroup plus cosets are isomorphic to the image of the isomorphism, which is what the fundamental theorem on homomorphisms says.
Therefore "there aren't that many group homomorphism", and a normal subgroup it is a concrete and natural way to uniquely represent that homomorphism.
The best way to think about the, is to always think first: what is the homomorphism? And then work out everything else from there.
ELF Hello World Tutorial
.shstrtab Updated 2025-07-16Section type:
sh_type == SHT_STRTAB.Common name: "section header string table".
This section gets pointed to by the
e_shstrnd field of the ELF header itself.String indexes of this section are are pointed to by the
sh_name field of section headers, which denote strings.This section does not have outputs:
SHF_ALLOC marked, so it will not appear on the executing program.readelf -x .shstrtab hello_world.oHex dump of section '.shstrtab':
0x00000000 002e6461 7461002e 74657874 002e7368 ..data..text..sh
0x00000010 73747274 6162002e 73796d74 6162002e strtab..symtab..
0x00000020 73747274 6162002e 72656c61 2e746578 strtab..rela.tex
0x00000030 7400 t. ELF Hello World Tutorial
SHT_STRTAB Updated 2025-07-16Sections with
sh_type == SHT_STRTAB are called string tables.They hold a null separated array of strings.
Such sections are used by other sections when string names are to be used. The using section says:
- which string table they are using
- what is the index on the target string table where the string starts
So for example, we could have a string table containing:
Data: \0 a b c \0 d e f \0
Index: 0 1 2 3 4 5 6 7 8And if another section wants to use the string
d e f, they have to point to index 5 of this section (letter d).Notable string table sections:
.shstrtab.strtab
ELF Hello World Tutorial
SHT_SYMTAB on the executable Updated 2025-07-16 Nuclear magnetic resonance spectroscopy Updated 2025-07-16
Used to identify organic compounds.
Seems to be based on the effects that electrons around the nuclei (shielding electrons) have on the outcome of NMR.
So it is a bit unlike MRI where you are interested in the position of certain nuclei in space (of course, these being atoms, you can't see their positions in space).
What's Nuclear Magnetic Resonance by Bruker Corporation (2020)
Source. Good 3D animations showing the structure of the NMR machine. We understand that it is very bulky largely due to the cryogenic system. It then talks a bit about organic compound identification by talking about ethanol, i.e. this is NMR spectroscopy, but it is a bit too much to follow closely. Basically the electron configuration alters the nuclear response somehow, and allows identifying functional groups. Nuclear weapon Updated 2025-07-16
A weapons-grade ring of electrorefined plutonium, typical of the rings refined at Los Alamos and sent to Rocky Flats for fabrication
. Source. The ring has a purity of 99.96%, weighs 5.3 kg, and is approx 11 cm in diameter. It is enough plutonium for one bomb core. Which city shall we blow up today?
Ciro Santilli is mildly obsessed by nuclear reactions, because they are so quirky. How can a little ball destroy a city? How can putting too much of it together produce criticality and kill people like in the Slotin accident or the Tokaimura criticality accident. It is mind blowing really.
More fun nuclear stuff to watch:
- Dr. Strangelove (1964)
- en.wikipedia.org/wiki/Chernobyl_(miniseries)
- The World Of Enrico Fermi by Harvard Project Physics (1970)
- Fat Man and Little Boy (1987) shows a possibly reasonably realistic of the history of the development of the Trinity
The Ultimate Guide to Nuclear Weapons by hypohystericalhistory (2022)
Source. Good overall summary. Some interesting points:- youtu.be/8uIPQBOCJ64?t=2946 talks about the difference between tactical and strategic nuclear weapons
- youtu.be/8uIPQBOCJ64?t=3291 mentions variable yield devices, this is the main new thing Ciro Santilli learned from this video
- youtu.be/8uIPQBOCJ64?t=3416 discusses if a strategic nuclear weapon usage would inevitably lead to tactical nuclear weapon escalation. It then mentions one case in which a possibly comparable escalation didn't happen: the abstinence of using chemical weapon during World War II.
ELF Hello World Tutorial
.strtab Updated 2025-07-16Holds strings for the symbol table.
This section has
sh_type == SHT_STRTAB.It is pointed to by outputs:
sh_link == 5 of the .symtab section.readelf -x .strtab hello_world.oHex dump of section '.strtab':
0x00000000 0068656c 6c6f5f77 6f726c64 2e61736d .hello_world.asm
0x00000010 0068656c 6c6f5f77 6f726c64 0068656c .hello_world.hel
0x00000020 6c6f5f77 6f726c64 5f6c656e 005f7374 lo_world_len._st
0x00000030 61727400 art.This implies that it is an ELF level limitation that global variables cannot contain NUL characters.
ELF Hello World Tutorial
STT_NOTYPE Updated 2025-07-16Then come the most important symbols:
Num: Value Size Type Bind Vis Ndx Name
4: 0000000000000000 0 NOTYPE LOCAL DEFAULT 1 hello_world
5: 000000000000000d 0 NOTYPE LOCAL DEFAULT ABS hello_world_len
6: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 2 _start ELF Hello World Tutorial
.text section Updated 2025-07-16Now that we've done one section manually, let's graduate and use the
readelf -S of the other sections: [Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 2] .text PROGBITS 0000000000000000 00000210
0000000000000027 0000000000000000 AX 0 0 16.text is executable but not writable: if we try to write to it Linux segfaults. Let's see if we really have some code there:objdump -d hello_world.ohello_world.o: file format elf64-x86-64
Disassembly of section .text:
0000000000000000 <_start>:
0: b8 01 00 00 00 mov $0x1,%eax
5: bf 01 00 00 00 mov $0x1,%edi
a: 48 be 00 00 00 00 00 movabs $0x0,%rsi
11: 00 00 00
14: ba 0d 00 00 00 mov $0xd,%edx
19: 0f 05 syscall
1b: b8 3c 00 00 00 mov $0x3c,%eax
20: bf 00 00 00 00 mov $0x0,%edi
25: 0f 05 syscallIf we grep
b8 01 00 00 on the hd, we see that this only occurs at 00000210, which is what the section says. And the Size is 27, which matches as well. So we must be talking about the right section.The most interesting part is line to pass the address of the string to the system call. Currently, the This modification is possible because of the data of the
a which does:movabs $0x0,%rsi0x0 is just a placeholder. After linking happens, it will be modified to contain:4000ba: 48 be d8 00 60 00 00 movabs $0x6000d8,%rsi.rela.text section. Elliptic geometry Updated 2025-07-16
Elliptic partial differential equation Updated 2025-07-16
Emission theory (vision) Updated 2025-07-16
It is so mind blowing that people believed in this theory. How can you think that, when you turn on a lamp and then you see? Obviously, the lamp must be emitting something!!!
Then comes along this epic 2002 paper: pubmed.ncbi.nlm.nih.gov/12094435/ "Fundamentally misunderstanding visual perception. Adults' belief in visual emissions". TODO review methods...
Empty circle control qubit notation Updated 2025-07-16
Endosymbiont Updated 2025-07-16
Unlisted articles are being shown, click here to show only listed articles.