Have you ever wondered why programs have different configuration files for Windows, Mac, and Linux? To give you an idea, I'll walk you through the different types of formats an executable can come in. I won't go into detail, but the next time you use the file command, you'll know exactly what you're looking at.
Here is the output of the file command on a random executable on my machine.
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, not stripped
Let's go over each word one by one.
ELF
ELF (Executable and Linkable Format) is a file format for executables, object code, shared libraries, and core dumps. It is the standard file format for Unix and Unix-like systems (e.g., Linux). For the most part, you will encounter this type of file on your Linux machines.
Other:
Mach-O (Mach object) – for NeXTSTEP, OS X, and iOS
PE (Portable Executable): for the Windows operating system
32-bit
The 32-bit computer architecture system is the one that uses the x86, MIPS32 assembly instruction set.
Other:
64-bit systems use the x86-64 assembly instruction set.
Keep in mind that this does not tell you about the system you are working on, but rather about the way in which the instructions have been structured and written into the binary (therefore, for the same program, 32-bit and 64-bit will have different assembly instructions, but the executable would behave the same way).
There are other instruction sets, such as MIPS32, MIPS64, ARM, PowerPC that you may encounter, but in my experience, x86 and x86-64 are the most widely used.
LSB
Linux Standard Base (LSB) is a joint project by several Linux distributions under the organizational structure of the Linux Foundation to standardize the structure of the software system. Basically, this means that across different Linux-based operating systems (Ubuntu, Fedora, etc.), common rules would be used to compile information into the binary (e.g., using some standard libraries for specific tasks, standardizing the filesystem hierarchy layout, etc.).
Intel 80386
Intel 80386 is a 32-bit microprocessor from Intel. This means the executable can run on Intel's 80386 microprocessor or on any device compatible with it. The newer 64-bit microprocessors are backward-compatible with 32-bit ones.
SYSV
SYSV is short for System Five. It is one of the first commercial versions of the Unix operating system developed by AT&T. The other major version of Unix is BSD (Berkeley Software Distribution).
Other:
GNU/Linux: it is quite obvious that this refers to the Linux operating system.
Dynamically linked (uses shared libs)
In dynamically linked linking, the names of external libraries (shared libraries) are placed in the final executable file, while the actual linking takes place at runtime when both the executable file and the libraries are loaded into memory. Therefore, we don't have to keep the standard libraries inside the binary (you import them in your program). This helps keep the file size small and also allows multiple programs to use a single copy of an executable module.
Other:
In static linking, all library modules used in the program are copied into the final executable image. This is performed by the linker and is done as the last step in the compilation process. This naturally increases the file size significantly.
Note that programs using statically linked libraries are generally faster than those using shared libraries. Also, in statically linked programs, all the code is contained in a single executable module. Therefore, they never encounter compatibility issues.
interpreter /lib/ld-linux.so.2
This is the ELF interpreter. It is responsible for dynamic linking.
for GNU/Linux 2.6.32
2.6.32 represents the Linux kernel version, and the C library that the program's targets are linked against.
not stripped
Non-stripped binaries contain debugging information. This information is a representation of the relationship between the executable program and the original source code. It includes things like global and static variable names and function names.
On the other hand, stripped binaries lack this debugging information.
Source: akashtrehan.com
Leave a Comment
Comments are reviewed before publishing.