In step 1, we begin by viewing the help menu for readelf. Step 2 is similar in that we review the man page for readelf, which is much more detailed, with explanations about each argument. In step 3, we pass the -h and -W arguments to readelf, which provides us with the ELF header and displays the output using the wide format. Because we'll need to look at readelf output regularly, it's a great idea to always use the -W argument as it displays the output a bit more clearly using nicely formatted columns.
The -l argument in step 4 tells readelf we want to look at the program headers, also known as segments in executable programs, and we once again use the wide format for displaying the output. In step 5, we look at the section headers with the -S argument , which is used for displaying the output with -W formatting once again. A nice little shortcut that the readelf tool offers is the -e argument, as seen in step 6. This is the same as if we typed -h, -l, and -S as arguments on the command line. This shortcut will save us some typing and I advise using it when you just need to review the various header information. Notice we still issue the wide format argument in step 6 as well.
Step 7 utilizes the section details argument, -t, the symbols table argument, -s, and we display the output using the wide format once again. We also run the same arguments against the stripped version of the binary, noticing that the majority of the symbols in the symbols table are not present when we compare the output between the two binaries.
In step 8, we view the dynamic symbol table with --dyn-syms, the notes that are present within the binary with -n, any relocations present within the binary with -r, the dynamic section with -d, and we display the output using the wide format. This gives us a plethora of information about any necessary relocations that occur at runtime for any functions when they are first called. We also notice the Build ID in the notes section and the ABI version, which gives useful information about the binary. It's important to note, though, that this Build ID isn't the hash of the binary necessarily; instead, it's a unique identifier of the build only and is usually assigned by the operating system as a checksum of parts of the binary. In step 9, we issue the -V and -A arguments, which give us the version sections of the binary, along with any architecture-specific information, if present. We also use the wide format for the output display.
As we look at step 10, I want to reiterate some of the power of the readelf tool for providing useful information about an ELF formatted binary. The -x argument provides us with a hexadecimal dump of a section that we provide as an option to the argument. We can reference the section by name or number, and in our case, we've referenced the .text section by name. The -p argument provides us with a string dump of a section referenced by name or number. Again, we've used the name of the string table section as our option to the -p argument. We also display the output using the wide format. Finally, in step 11, we use the -a argument, which gives us everything we could ever want, and represents the -h, -l, -S, -s, -r, -d, -V, -A, and -I arguments. We can also view the hexadecimal dump of the text section and a string dump of the string table section while formatting the output using the wide format.