Binary Jargon

Section containing executable machine code.

Section for initialized global and static variables.

Section for zero-initialized or uninitialized global/static variables. Takes no space on disk.

Section for read-only data: string literals, constants, jump tables.

Symbol table containing all symbols — functions, globals, locals, file names.

Null-terminated strings referenced by .symtab entries.

String table containing section names. Indexed by e_shstrndx in the ELF header.

Symbol table for dynamic linking — only symbols visible across shared library boundaries.

String table for dynamic symbol names and library names.

Array of Elf64_Dyn tag-value pairs — the dynamic linker's roadmap.

Relocation entries for PLT/GOT function slots. Tells the dynamic linker what to patch.

Relocation entries for data references resolved at load time (not lazily).

The true entry point of a C program, before main(). Provided by crt1.o.

Sections containing code that runs before main() and after main() returns.

Arrays of function pointers called at startup and shutdown. The modern replacement for .init/.fini.

Stack unwinding information used by C++ exceptions, debuggers, and profilers.

Sections carrying metadata in a name-descriptor format. Build IDs, ABI tags, etc.

Kernel feature that randomizes where code, data, stack, and heap are placed in virtual memory.

Translates assembly language (.s) into machine code, producing an object file (.o).

Kernel-provided metadata passed to the process on the stack alongside argc/argv/envp.

The low-level contract between compiled code and the operating system / other code.

Translates source code (C, C++, Rust) into assembly language or directly into object code.

Rules for how functions pass arguments, return values, and manage the stack.

The startup object file linked into every C executable. Contains _start.

A snapshot of a process's memory at the time of a crash, stored as an ELF file of type ET_CORE.

The program that loads shared libraries and resolves symbols at runtime. Specified by PT_INTERP.

Dynamic tag listing a required shared library (e.g., libc.so.6).

JavaScript API for reading typed values from an ArrayBuffer with explicit endianness control.

The standard binary format for executables, object files, shared libraries, and core dumps on Linux/Unix.

The first 64 bytes of every ELF file. Contains the magic number, type, architecture, and pointers to the two tables.

The virtual address where the CPU starts executing after the binary is loaded.

System call that replaces the current process with a new program from an ELF binary.

ELF type for a traditional (non-PIE) executable, loaded at a fixed virtual address.

ELF type for shared objects and position-independent executables.

ELF type for relocatable object files (.o) — not yet linked.

The order in which multi-byte values are stored. ELF specifies this in e_ident[EI_DATA].

Whether the ELF file uses 32-bit or 64-bit structures, determined by e_ident[EI_CLASS].

The C struct type for the 64-bit ELF file header. 64 bytes.

The C struct type for a 64-bit program header entry. 56 bytes.

The C struct type for a 64-bit section header entry. 64 bytes.

The C struct type for a symbol table entry. 24 bytes.

The C struct type for a relocation entry with explicit addend. 24 bytes.

The C struct type for a .dynamic section entry. 16 bytes.

Table of addresses filled in at runtime by the dynamic linker. PLT stubs read from here.

An exploitation technique that modifies a GOT entry to redirect function calls.

A hash table for fast symbol lookup in .dynsym. Faster than the classic ELF hash (.hash).

Deferring symbol resolution until a function is actually called, rather than resolving everything at startup.

Tool that combines object files (.o) and libraries into an executable or shared library.

Lists the shared libraries a dynamically linked binary depends on.

The bytes 0x7f 'E' 'L' 'F' at offset 0 that identify a file as ELF.

System call that maps files or anonymous memory into a process's virtual address space.

Command-line tool that lists symbols from an ELF binary's symbol tables.

The output of the assembler — an ELF file of type ET_REL, before linking.

Disassembler and binary inspection tool. Shows assembly, headers, and section contents.

An array of Elf64_Phdr structures that tells the kernel how to map the file into memory.

Segment type that gets mapped into memory. The workhorse of ELF loading.

Segment containing the path to the dynamic linker (e.g., /lib64/ld-linux-x86-64.so.2).

Segment pointing to the .dynamic section — the dynamic linker's instruction manual.

Trampoline stubs for calling functions in shared libraries. Enables lazy binding.

Code that works regardless of where it's loaded in memory. Required for shared libraries.

An executable compiled as a shared object (ET_DYN) so the kernel can load it at a random address.

The smallest unit of virtual memory, typically 4096 bytes (4 KB) on x86-64.

The first compilation stage: expands #include, #define, #ifdef before the compiler sees the code.

Segment that specifies stack permissions. Used to control whether the stack is executable.

Segment marking memory that should become read-only after relocations are processed.

An instruction to the linker/loader: 'patch this address once you know the final value.'

Security hardening that makes the GOT read-only after relocations are resolved.

Command-line tool to display detailed information about ELF files.

Relocation type for PLT entries. Tells the dynamic linker to write a function's address into a GOT slot.

Relocation type for GOT entries pointing to global data symbols.

An array of Elf64_Shdr structures that describes named sections — the linker's view of the binary.

A contiguous chunk of the file to be mapped into memory at load time. The loader's view.

A named region of the file with a specific purpose. The linker's view.

A named entity in the binary — a function, variable, section, or file reference.

A library loaded at runtime and shared across processes. File type ET_DYN.

The canonical name of a shared library, embedded in its .dynamic section as DT_SONAME.

Removes symbol tables and debug information from an ELF binary to reduce file size.

Section type flag meaning the section occupies no space in the file. Used by .bss.

Mechanism allowing multiple versions of the same symbol to coexist in a shared library.

Read/Write/Execute flags on program headers that become page table permissions.

An address in a process's virtual address space, as opposed to a physical RAM address.

Security policy: a memory page can be writable or executable, but never both simultaneously.

A symbol that can be overridden by a strong (GLOBAL) symbol of the same name without causing a linker error.