readelf

Display all information about the ELF file

$ readelf -all [path/to/binary]

$ readelf --headers [path/to/binary]

$ readelf --symbols [path/to/binary]

$ readelf --file-header [path/to/binary]

$ readelf --section-headers [path/to/binary]

readelf [options] elf-file(s)

-a, --all
    Displays all available information from the ELF file, a comprehensive overview.

-h, --file-header
    Displays the ELF file header information, including magic number, architecture, and entry point.

-l, --program-headers, --segments
    Displays the program headers (segments) of the ELF file, which describe how the file is mapped into memory by the system loader.

-S, --section-headers, --sections
    Displays the section headers of the ELF file, detailing various logical sections like code, data, symbol tables, and debugging information.

-s, --symbols, --syms
    Displays the symbol table entries, listing functions and variables defined or referenced by the ELF file. Use -D for dynamic symbols only.

-d, --dynamic
    Displays the dynamic section, which contains information crucial for dynamic linking (e.g., needed shared libraries, symbol references for runtime resolution).

-r, --relocs
    Displays the relocation entries, which specify how symbol references in the code or data need to be adjusted at load time by the dynamic linker.

-n, --notes
    Displays the notes section, often used for specific system or application-related information, such as build IDs or core dump details.

-x , --hex-dump=
    Dumps the specified section's content in hexadecimal format. Useful for raw data inspection of any section by name or index.

-p , --string-dump=
    Dumps the specified section's content as printable strings. Primarily useful for inspecting string tables like .strtab or .dynstr.

--debug-dump=
    Dumps various kinds of debugging information (e.g., info, line, frames) present in the ELF file, typically in DWARF format.

-w, --wide
    Prevents truncation of output lines, providing a wider view of information, which is useful for long symbol names or complex paths.

readelf is a command-line utility used to display information about files in the ELF (Executable and Linkable Format) format. ELF is a standard binary file format used for executables, object code, shared libraries, and core dumps on various Unix-like operating systems, including Linux. Unlike tools like objdump, readelf focuses purely on the structure and content of the ELF file itself, without disassembling the code. It provides a detailed, human-readable representation of various sections and headers within an ELF file, such as the ELF header, program headers, section headers, symbol tables, relocation entries, and dynamic sections. This makes readelf an invaluable tool for developers, system administrators, and security researchers who need to inspect the low-level details of compiled binaries, debug linking issues, or analyze malicious code. It's particularly useful for understanding how a binary is laid out, what libraries it depends on, and what symbols it exports or imports.

readelf focuses purely on the structure of ELF files and does not perform code disassembly like objdump. Its output can be very verbose, especially when using the -a option or debugging flags, often requiring further processing with tools like grep or less. Interpreting the output requires a basic understanding of the ELF file format, including concepts like sections, segments, symbol tables, and relocation entries. While generally robust, it might struggle with severely malformed or non-standard ELF binaries.

readelf is frequently used to:
• Inspect the ELF header to determine the file type, architecture, and entry point.
• Examine program headers to understand memory segments and their permissions for loading.
• View section headers to locate specific code, data, or debug sections within the file.
• Analyze symbol tables (using -s) to find exported and imported functions or variables, crucial for linking and debugging.
• Debug linking issues by inspecting dynamic sections (using -d) and relocation entries (using -r).
• Perform security analysis by identifying unusual sections, packed binaries, or suspicious library dependencies.

readelf is an integral component of the GNU Binutils package, a foundational collection of binary utilities for Unix-like operating systems. Developed and maintained by the GNU Project, Binutils provides essential tools for compilers, linkers, and debuggers. readelf's evolution has paralleled the widespread adoption of the ELF standard across various architectures, becoming a stable and indispensable utility for inspecting ELF binaries. Unlike its sibling tool objdump, readelf was specifically designed to focus on displaying the raw structural information of ELF files without attempting to disassemble code, providing a clear and precise view of the file's layout and metadata.

objdump(1), ldd(1), nm(1), elf(5), file(1)