ELF头(ELF header) - 描述文件的主要特性：类型，CPU架构，入口地址，现有部分的大小和偏移等等；

ELF Section Header Table

你可以在内核源码种找到表示ELF64 header的结构体 elf64_hdr：

typedef struct elf64_hdr {
	unsigned char	e_ident[EI_NIDENT];
	Elf64_Half e_type;
	Elf64_Half e_machine;
	Elf64_Word e_version;
	Elf64_Addr e_entry;
	Elf64_Off e_phoff;
	Elf64_Off e_shoff;
	Elf64_Word e_flags;
	Elf64_Half e_ehsize;
	Elf64_Half e_phentsize;
	Elf64_Half e_phnum;
	Elf64_Half e_shentsize;
	Elf64_Half e_shnum;
	Elf64_Half e_shstrndx;
} Elf64_Ehdr;

这个结构体定义在 elf.h

# readelf -h prog
ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x400400
  Start of program headers:          64 (bytes into file)
  Start of section headers:          6480 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         9
  Size of section headers:           64 (bytes)
  Number of section headers:         30
  Section header string table index: 29

成员	含义
e_ident	Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
	Class: ELF64
	可执行与可链接格式 (Executable and Linkable Format)
	Data: 2’s complement, little end
	Version: 1(current)
	OS/ABI: UNIX - System V
	ABI Version: 0
e_type	Type: EXEC (Executable file)
	ELF文件类型
e_machine	Machine: Advanced Micro Devices X86-64
	ELF文件的CPI平台属性
e_version	Version: 0x1
	ELF版本号。一般为常数1
e_entry	Entry point address: 0x400400
	入口地址，规定ELF程序的入口虚拟地址，操作系统在加载完该程序后从这个地址开始执行进程的指令。可重定位指令一般没有入口地址，则该值为0
e_phoff	Start of program headers: 64(bytes into file)
e_shoff	Start of section headers: 6480 (bytes into file)
	Section Header Table 在文件中的偏移
e_flags	Flags: 0x0
	ELF标志位，用来标识一些ELF文件平台相关的属性。
e_ehsize	Size of this header: 64 (bytes)
	ELF Header本身的大小
e_phentsize	Size of program headers: 56 (bytes)
e_phnum	Number of program headers: 9
e_shentsize	Size of section headers: 64 (bytes)
	单个Section Header大小
e_shnum	Number of section headers: 30
	Section Header的数量
e_shstrndx	Section header string table index: 29
	Section Header字符串表在Section Header Table中的索引

Magic Number

魔数广泛的存在文件中，用开头的几个字节表示文件的类型。如：ELF的可执行文件格式的头4个字节为0x7F、e、l、f；Java的可执行文件格式的头4个字节为c、a、f、e；
Magic number (programming) on Wiki

大小关系

-------------------------------------------------【ELF文件开始】
----------------------------------------ELF Header
Size of this header: 64 (bytes) 
----------------------------------------Start of program headers: 64
Size of program headers: 56 (bytes)
x
Number of program headers: 9
----------------------------------------Section
Size of section headers: 64
x
Number of section headers: 30
----------------------------------------Start of section headers: 6480
Section Header Table
-------------------------------------------------【ELF文件结束】

这里有个地方没有明白：
Start of section headers = Size of this header + Size of program headers x Number of program headers + Size of section header X Number of section headers.
但是实际不相等

References

1.ELF文件格式
 2.

HR's Blog

ELF格式解析2-ELF Section Header Table

ELF Section Header Table

Magic Number

大小关系

References