I'm writing ELF parser and simple disassembler x86. Having code like this
.text:000B5A2A call 0000B470 ;e.g. _glXSwapBuffers
...
...
got.plt:0000B470 jmp dword ptr [ebx+240h] ;jump to .got@_glXSwapBuffers
I wonder how can I recognize .got, .got.plt segments at ELF parsing time ? Simple way is to just check the segment \ section name but this can be fooled easily.
Anyone knows what's the proper way to identify .got, .got.plt segments \ sections during ELF file format parsing ?
.got and .got.plt are examples of labels that will always describe sections and never segments.
There is a critical conceptual difference between sections and segments. Sections provide information about how information is organized within a binary, and segments describe to the program loader (and if the binary is dynamically linked, the dynamic linker) how a process image should be composed in virtual memory from the binary. Take a look at the SysV ABI (generic) and the output of readelf -SW -l <binary> for more on the difference between sections and segments.
Information about sections is stored in the section header table, so to find information about sections in a binary, parse the section header table. Note that the section header table is not required to be present in the binary - the loader only uses segment information to accomplish process creation.
Familiarize yourself with ELF structure by exploring this excellent diagram: https://github.com/corkami/pics/blob/master/binary/elf101/elf101-64.pdf
See Disassemblers resolving (ELF) section names for more about the section header table.
