`.text` section

Now that we've done one section manually, let's graduate and use the readelf -S of the other sections:

  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 2] .text             PROGBITS         0000000000000000  00000210
       0000000000000027  0000000000000000  AX       0     0     16

.text is executable but not writable: if we try to write to it Linux segfaults. Let's see if we really have some code there:

objdump -d hello_world.o

gives:

hello_world.o:     file format elf64-x86-64


Disassembly of section .text:

0000000000000000 <_start>:
   0:       b8 01 00 00 00          mov    $0x1,%eax
   5:       bf 01 00 00 00          mov    $0x1,%edi
   a:       48 be 00 00 00 00 00    movabs $0x0,%rsi
  11:       00 00 00
  14:       ba 0d 00 00 00          mov    $0xd,%edx
  19:       0f 05                   syscall
  1b:       b8 3c 00 00 00          mov    $0x3c,%eax
  20:       bf 00 00 00 00          mov    $0x0,%edi
  25:       0f 05                   syscall

If we grep b8 01 00 00 on the hd, we see that this only occurs at 00000210, which is what the section says. And the Size is 27, which matches as well. So we must be talking about the right section.

This looks like the right code: a write followed by an exit.

The most interesting part is line a which does:

movabs $0x0,%rsi

to pass the address of the string to the system call. Currently, the 0x0 is just a placeholder. After linking happens, it will be modified to contain:

4000ba: 48 be d8 00 60 00 00    movabs $0x6000d8,%rsi

This modification is possible because of the data of the .rela.text section.

.text section

 Ancestors

`.text` section