Hi Hengqi, On Tue, 2025-03-11 at 13:27 +0800, Hengqi Chen wrote: > I want to ask you a question regarding elf internals. > How to calculate a symbol's file offset (which is kernel uprobe expects) > in an elf (executable or shared object)?
Could you point me to a description of what uprobe expects? > Some real world use case use either section header like libbpf: > > https://github.com/libbpf/libbpf/blob/374036c9f1cdfe2a8df98d9d6a53c34fd02de14b/src/elf.c#L259-L270 > Or use program header like BCC: > > https://github.com/iovisor/bcc/blob/82f9d1cb633aa3b4ebcbbc5d8b809f48d3dfa222/src/cc/bcc_syms.cc#L767-L775 > > Which is correct ? Is there a unified way to get the file offset of a symbol ? I am not sure I understand enough of what uprobe expects to know right now. In general it depends on the ELF file type, for ET_REL files the st_value is relative to to associated section (unless SHN_ABS), otherwise the associated section load address doesn't really matter except for where the program header says it is loaded, which might be absolute (for ET_EXEC) or dynamic (for ET_DYN). It might also depend on whether the dynamic loader has relocated the symbol and/or section addresses (so whether you are reading the values from memory or on disk). Cheers, Mark
