11.7 Program sections

Rabin give us complete information about the program sections. We can know their index, offset, size, align, type and permissions, as we can see in the next example.

$ rabin -Svv /bin/ls
[Sections]
Section index  Memory address  File offset Size      Align       Privileges  Name
00             0x08048000      0x00000000  00000000  0x00000000  ---
01             0x08048134      0x00000134  00000019  0x00000001  r--         .interp
02             0x08048148      0x00000148  00000032  0x00000004  r--         .note.ABI-tag
03             0x08048168      0x00000168  00000808  0x00000004  r--         .hash
04             0x08048490      0x00000490  00000092  0x00000004  r--         .gnu.hash
05             0x080484ec      0x000004ec  00001648  0x00000004  r--         .dynsym
06             0x08048b5c      0x00000b5c  00001127  0x00000001  r--         .dynstr
07             0x08048fc4      0x00000fc4  00000206  0x00000002  r--         .gnu.version
08             0x08049094      0x00001094  00000176  0x00000004  r--         .gnu.version_r
09             0x08049144      0x00001144  00000040  0x00000004  r--         .rel.dyn
10             0x0804916c      0x0000116c  00000728  0x00000004  r--         .rel.plt
11             0x08049444      0x00001444  00000048  0x00000004  r-x         .init
12             0x08049474      0x00001474  00001472  0x00000004  r-x         .plt
13             0x08049a40      0x00001a40  00065692  0x00000010  r-x         .text
14             0x08059adc      0x00011adc  00000028  0x00000004  r-x         .fini
15             0x08059b00      0x00011b00  00015948  0x00000020  r--         .rodata
16             0x0805d94c      0x0001594c  00000044  0x00000004  r--         .eh_frame_hdr
17             0x0805d978      0x00015978  00000156  0x00000004  r--         .eh_frame
18             0x0805e000      0x00016000  00000008  0x00000004  rw-         .ctors
19             0x0805e008      0x00016008  00000008  0x00000004  rw-         .dtors
20             0x0805e010      0x00016010  00000004  0x00000004  rw-         .jcr
21             0x0805e014      0x00016014  00000232  0x00000004  rw-         .dynamic
22             0x0805e0fc      0x000160fc  00000008  0x00000004  rw-         .got
23             0x0805e104      0x00016104  00000376  0x00000004  rw-         .got.plt
24             0x0805e280      0x00016280  00000272  0x00000020  rw-         .data
25             0x0805e390      0x00016390  00001132  0x00000020  rw-         .bss
26             0x0805e390      0x00016390  00000208  0x00000001  ---         .shstrtab

27 sections

Also, using -r, radare will flag the beginning and end of each section, as well as comment each one with the previous information.

$ rabin -Sr /bin/ls
fs sections
f section. @ 0x08048000
f section._end @ 0x08048000
CC [00] 0x08048000 size=00000000 align=0x00000000 ---  @ 0x08048000
f section._interp @ 0x08048134
f section._interp_end @ 0x08048147
CC [01] 0x08048134 size=00000019 align=0x00000001 r-- .interp @ 0x08048134
f section._note_ABI_tag @ 0x08048148
f section._note_ABI_tag_end @ 0x08048168
CC [02] 0x08048148 size=00000032 align=0x00000004 r-- .note.ABI-tag @ 0x08048148
f section._hash @ 0x08048168
f section._hash_end @ 0x08048490
CC [03] 0x08048168 size=00000808 align=0x00000004 r-- .hash @ 0x08048168
f section._gnu_hash @ 0x08048490
f section._gnu_hash_end @ 0x080484ec
CC [04] 0x08048490 size=00000092 align=0x00000004 r-- .gnu.hash @ 0x08048490
f section._dynsym @ 0x080484ec
f section._dynsym.end @ 0x08048b5c
(...)

Take care of adding "eval file.flag = true" to .radarerc radare executes rabin -risSz at startup, automatically flaging the file.