Info Catalog annobin: Plugins annobin: Top annobin: Annocheck

annobin: Examining

1 
1 3 How to examine the information stored in the binary.
1 ******************************************************
1 
1 The information is stored in the ELF Note format in a special section
1 called '.gnu.build.attributes'.  The 'readelf' program from the
1 'binutils' package can extract and display these notes when the
1 '--notes' option is provided.  (Adding the '--wide' option is also
1 helpful).  Here is an example of the output:
1 
1      Displaying notes found in: .gnu.build.attributes
1        Owner                        Data size	Description
1        GA$<version>3p3              0x00000010	OPEN	    Applies to region from 0x8a0 to 0x8c6 (hello.c)
1        GA$<tool>gcc 7.2.1 20170915  0x00000000	OPEN	    Applies to region from 0x8a0 to 0x8c6
1        GA*GOW:0x452b                0x00000000	OPEN	    Applies to region from 0x8a0 to 0x8c6
1        GA*<stack prot>strong        0x00000000	OPEN	    Applies to region from 0x8a0 to 0x8c6
1        GA*GOW:0x412b                0x00000010	func	    Applies to region from 0x8c0 to 0x8c6 (baz)
1 
1    This shows various different pieces of information, including the
1 fact that the notes were produced using version 3 of the specification,
1 and version 3 of the plugin.  The binary was built by gcc version 7.2.1
1 and the -fstack-protector-strong option was enabled on the command line.
1 The program was compiled with -O2 enabled except the baz() function
1 which was compiled with -O0 instead.
1 
1    The most complicated part of the notes is the owner field.  This is
1 used to encode the type of note as well as its value and possibly extra
1 data as well.  The format of the field is explained in detail in the
1 Watermark specification, but it basically consists of the letters 'G'
1 and 'A' followed by an encoding character (one of '*$!+') and then a
1 type character and finally the value.
1 
1    The notes are always four byte aligned, even on 64-bit systems.  This
1 does mean that consumers of the notes may have to read 8-byte wide
1 values from 4-byte aligned addresses, and that producers of the notes
1 may have to generate unaligned relocs when creating them.
1 
1    Most of the notes have a reasonably self explanatory name and value.
1 The exception are the 'version' and 'GOW' notes, which are included in
1 the table below.
1

Menu

1 
· The Version Encoding  Encoding Versions
· The STACK Encoding    Encoding Stack Protection
· The PIC Encoding      Encoding Position Independence
· The GOW Encoding      Encoding Optimization and Debugging Levels
· The CF Encoding       Encoding Control Flow Protection
· The ENUM Encoding     Encoding the Size of Enumerations
· The INSTRUMENT Encoding Encoding Instrumentation Options
1
Info Catalog annobin: Plugins annobin: Top annobin: Annocheck