What is <.got> section in ELF?

Asked 28/8, 2018 at 15:45 Answered 9/5, 2022 at 11:7

As far as I know, PLT and GOT are the section for handling dynamic linked function.

If code calls printf which is libc's function,
1. Firstly it calls PLT to get printf's address.
2. And write this address into GOT section.
3. From second call, code uses the function written in GOT.

As I look into ELF binary closely,
- I found section PLT's name in ELF is <.plt>.
- And section GOT's name in ELF is <.got.plt>.

But ... There was also <.got> section in ELF.
And I could not understand how this section is used.

Q. What is usage of <.got> section?
And what's difference between <.got> and <.got.plt> section?

PS 1. This <.got> section was very tiny, (It only holds 4byte in my sample binary.)
And here I attach IDA view of <.got> section:

.got:08049FFC ; ===========================================================================
.got:08049FFC
.got:08049FFC ; Segment type: Pure data
.got:08049FFC ; Segment permissions: Read/Write
.got:08049FFC _got            segment dword public 'DATA' use32
.got:08049FFC                 assume cs:_got
.got:08049FFC                 ;org 8049FFCh
.got:08049FFC __gmon_start___ptr dd offset __imp___gmon_start__
.got:08049FFC                                         ; DATA XREF: _init_proc+F↑r
.got:08049FFC                                         ; __gmon_start__↑r
.got:08049FFC _got            ends
.got:08049FFC

PS2. I also checked here, but the answer was not enough for me to understand the usage of <.got> section.

Mutiny answered 28/8, 2018 at 15:45 Comment(2)

It's the Global Offset Table, where the dynamic linker stores the actual runtime absolute addresses of symbols from this and other objects. What is PLT/GOT? on re.SE has some links to apparently-good docs. See also macieira.org/blog/2012/01/…. – Raddled 28/8, 2018 at 19:16

Possible duplicate of What is the difference between .got and .got.plt section? – Annabal 26/6, 2019 at 18:19

Got.plt is actually smaller subset of the .got section. Think of pointing to the tail end of an array of slots. Conceptually it sort of looks like this

Int[10] got; Int* gotplt=&got[5]

Got section basically can contain addresses of Global variables and functions. All the global variables are in the first couple of slots and suffix is all pointers to functions. gotplt is the first slot .got that contains only the addresses of function..

Eventually after function addresses are resolved via means of plt. The resolved address goes into .gotplt which btw is inside .got as I mentioned earlier.

Oscillograph answered 28/9, 2021 at 18:48 Comment(0)

.got --> global variables

.got.plt --> global function

Prothorax answered 9/5, 2022 at 11:7 Comment(0)

Recommended topics

Hot tags