Table of Contents
The
include file declares three structures and several macros. The structures
describe the format of executable machine code files on the system. A
binary file consists of up to 7 sections. In order, these sections are:
Contains parameters used by the kernel to load a binary file into memory
and execute it, and by the link editor to combine a binary file with other
binary files. This section is the only mandatory one. Contains machine code
and related data that are loaded into memory when a program executes. May
be loaded read-only. Contains initialized data; always loaded into writable
memory. Contains records used by the link editor to update pointers in
the text segment when combining binary files. Like the text relocation
section, but for data segment pointers. Contains records used by the link
editor to cross reference the addresses of named variables and functions
between binary files. Contains the character strings corresponding to
the symbol names. Every binary file begins with an structure: struct
exec { unsigned long a_midmag;
unsigned long a_text;
unsigned long a_data;
unsigned long a_bss;
unsigned long a_syms;
unsigned long a_entry;
unsigned long a_trsize;
unsigned long a_drsize;
}; The fields have the following functions: This field is stored in
network byte-order so that binaries for for machines with alternate byte
orders can be distinguished. It has a number of sub-components accessed by
the macros and set by the macro The macro returns a few flags:
indicates that the executable requires the services of the run-time link
editor. indicates that the object contains position independent code. This
flag is set by when given the flag and is preserved by if necessary.
If both EX_DYNAMIC and EX_PIC are set, the object file is a position
indendent executable image (eg. a shared library), which is to be loaded
into the process address space by the run-time link editor. The macro returns
the machine-id. This indicates which machine(s) the binary is intended to
run on. specifies the magic number, which uniquely identifies binary files
and distinguishes different loading conventions. The field must contain
one of the following values: The text and data segments immediately follow
the header and are contiguous. The kernel loads both text and data segments
into writable memory. As with text and data segments immediately follow
the header and are contiguous. However, the kernel loads the text into read-only
memory and loads the data into writable memory at the next page boundary
after the text. The kernel loads individual pages on demand from the binary.
The header, text segment and data segment are all padded by the link editor
to a multiple of the page size. Pages that the kernel loads from the text
segment are read-only, while pages from the data segment are writable.
Contains the size of the text segment in bytes. Contains the size of the
data segment in bytes. Contains the number of bytes in the and is used
by the kernel to set the initial break after the data segment. The kernel
loads the program so that this amount of writable memory appears to follow
the data segment and initially reads as zeroes. Contains the size in bytes
of the symbol table section. Contains the address in memory of the entry
point of the program after the kernel has loaded it; the kernel starts
the execution of the program from the machine instruction at this address.
Contains the size in bytes of the text relocation table. Contains the
size in bytes of the data relocation table. The include file defines
several macros which use an structure to test consistency or to locate
section offsets in the binary file. Nonzero if the field does not contain
a recognized value. The byte offset in the binary file of the beginning
of the text segment. The byte offset of the beginning of the symbol table.
The byte offset of the beginning of the string table. Relocation records
have a standard format which is described by the structure: struct relocation_info
{ int r_address;
unsigned int r_symbolnum : 24,
r_pcrel : 1,
r_length : 2,
r_extern : 1,
r_baserel : 1,
r_jmptable : 1,
r_relative : 1,
r_copy : 1;
}; The fields are used as follows: Contains the byte offset of a
pointer that needs to be link-edited. Text relocation offsets are reckoned
from the start of the text segment, and data relocation offsets from the
start of the data segment. The link editor adds the value that is already
stored at this offset into the new value that it computes using this relocation
record. Contains the ordinal number of a symbol structure in the symbol
table (it is a byte offset). After the link editor resolves the absolute
address for this symbol, it adds that address to the pointer that is undergoing
relocation. (If the bit is clear, the situation is different; see below.)
If this is set, the link editor assumes that it is updating a pointer
that is part of a machine code instruction using pc-relative addressing.
The address of the relocated pointer is implicitly added to its value when
the running program uses it. Contains the log base 2 of the length of the
pointer in bytes; 0 for 1-byte displacements, 1 for 2-byte displacements,
2 for 4-byte displacements. Set if this relocation requires an external
reference; the link editor must use a symbol address to update the pointer.
When the bit is clear, the relocation is the link editor updates the
pointer to reflect changes in the load addresses of the various segments,
rather than changes in the value of a symbol (except when is also set
(see below). In this case, the content of the field is an value (see below);
this type field tells the link editor what segment the relocated pointer
points into. If set, the symbol, as identified by the field, is to be
relocated to an offset into the Global Offset Table. At run-time, the entry
in the Global Offset Table at this offset is set to be the address of the
symbol. If set, the symbol, as identified by the field, is to be relocated
to an offset into the Procedure Linkage Table. If set, this relocation
is relative to the (run-time) load address of the image this object file
is going to be a part of. This type of relocation only occurs in shared
objects. If set, this relocation record identifies a symbol whose contents
should be copied to the location given in The copying is done by the run-time
link-editor from a suitable data item in a shared object. Symbols map names
to addresses (or more generally, strings to values). Since the link-editor
adjusts addresses, a symbol’s name must be used to stand for its address
until an absolute value has been assigned. Symbols consist of a fixed-length
record in the symbol table and a variable-length name in the string table.
The symbol table is an array of structures: struct nlist { union {
char *n_name;
long n_strx;
} n_un;
unsigned char n_type;
char n_other;
short n_desc;
unsigned long n_value;
}; The fields are used as follows: Contains a byte offset into the
string table for the name of this symbol. When a program accesses a symbol
table with the function, this field is replaced with the field, which
is a pointer to the string in memory. Used by the link editor to determine
how to update the symbol’s value. The field is broken down into three sub-fields
using bitmasks. The link editor treats symbols with the type bit set as
symbols and permits references to them from other binary files. The mask
selects bits of interest to the link editor: An undefined symbol. The
link editor must locate an external symbol with the same name in another
binary file to determine the absolute value of this symbol. As a special
case, if the field is nonzero and no binary file in the link-edit defines
this symbol, the link-editor will resolve this symbol to an address in the
bss segment, reserving an amount of bytes equal to If this symbol is undefined
in more than one binary file and the binary files do not agree on the size,
the link editor chooses the greatest size found across all binaries. An
absolute symbol. The link editor does not update an absolute symbol. A text
symbol. This symbol’s value is a text address and the link editor will update
it when it merges binary files. A data symbol; similar to but for data
addresses. The values for text and data symbols are not file offsets but
addresses; to recover the file offsets, it is necessary to identify the
loaded address of the beginning of the corresponding section and subtract
it, then add the offset of the section. A bss symbol; like text or data
symbols but has no corresponding offset in the binary file. A filename
symbol. The link editor inserts this symbol before the other symbols from
a binary file when merging binary files. The name of the symbol is the filename
given to the link editor, and its value is the first text address from
that binary file. Filename symbols are not needed for link-editing or loading,
but are useful for debuggers. The mask selects bits of interest to symbolic
debuggers such as the values are described in This field provides information
on the nature of the symbol independent of the symbol’s location in terms
of segments as determined by the field. Currently, the lower 4 bits of
the field hold one of two values: and see for their definitions
associates the symbol with a callable function, while associates the symbol
with data, irrespective of their locations in either the text or the data
segment. This field is intended to be used by for the construction of dynamic
executables. Reserved for use by debuggers; passed untouched by the link
editor. Different debuggers use this field for different purposes. Contains
the value of the symbol. For text, data and bss symbols, this is an address;
for other symbols (such as debugger symbols), the value may be arbitrary.
The string table consists of an length followed by null-terminated symbol
strings. The length represents the size of the entire table in bytes, so
its minimum value (or the offset of the first string) is always 4 on 32-bit
machines.
The include file appeared in
Nobody
seems to agree on what stands for. New binary file formats may be supported
in the future, and they probably will not be compatible at any level with
this ancient format.
Table of Contents