Advanced Techniques for In-depth File Size Examination
While the basic tools and commands discussed earlier can provide valuable insights into executable file sizes, there are more advanced techniques that can be used for a deeper analysis. These techniques can be particularly useful for complex or mission-critical systems.
Using readelf
for ELF File Analysis
The readelf
command is a powerful tool for analyzing the internal structure of Executable and Linkable Format (ELF) files, which are the standard executable file format used in Linux systems. This tool can provide detailed information about the various sections and segments within an executable file.
$ readelf -a /bin/ls
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x4003c0
Start of program headers: 64 (bytes into file)
Start of section headers: 2100168 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 9
Size of section headers: 64 (bytes)
Number of section headers: 28
Section header string table index: 27
This output provides detailed information about the ELF file, including the header, sections, segments, and other metadata. This can be useful for understanding the internal structure and composition of the executable file.
Profiling Executable File Sizes
Another advanced technique for analyzing executable file sizes is to use profiling tools, such as gprof
or perf
. These tools can provide detailed information about the size and performance characteristics of individual functions or code sections within the executable.
$ gprof /bin/ls gmon.out
Flat profile:
Each sample counts as 0.01 seconds.
% cumulative self self total
time seconds seconds calls Ts/call Ts/call name
35.71 0.05 0.05 1 0.05 0.05 strlen
28.57 0.08 0.04 1 0.04 0.04 __ctype_get_mb_cur_max
14.29 0.10 0.02 1 0.02 0.02 malloc
7.14 0.11 0.01 1 0.01 0.01 free
7.14 0.12 0.01 1 0.01 0.01 __libc_start_main
7.14 0.13 0.01 1 0.01 0.01 __printf_chk
This output from the gprof
tool shows the time spent in different functions within the ls
executable, which can help identify the most resource-intensive components and guide optimization efforts.
Using objdump
for Disassembly and Analysis
The objdump
tool, mentioned earlier, can also be used for more advanced analysis of executable files. By disassembling the binary code, you can gain deeper insights into the internal structure and composition of the executable.
$ objdump -d /bin/ls
/bin/ls: file format elf64-x86-64
Disassembly of section .text:
0000000000400390 <.text>:
400390: 31 ed xor %ebp,%ebp
400392: 49 89 d1 mov %rdx,%r9
400395: 5e pop %rsi
400396: 48 89 e2 mov %rsp,%rdx
400399: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
40039d: 50 push %rax
40039e: 54 push %rsp
40039f: 49 c7 c0 60 04 40 00 mov $0x400460,%r8
4003a6: 48 c7 c1 f0 03 40 00 mov $0x4003f0,%rcx
4003ad: 48 c7 c7 00 04 40 00 mov $0x400400,%rdi
4003b4: e8 57 fe ff ff callq 400210 <__libc_start_main@plt>
4003b9: f4 hlt
4003ba: 66 0f 1f 44 00 00 nop WORD PTR [rax+rax*1+0x0]
This disassembly output can be used to analyze the low-level structure and organization of the executable, which can be helpful for advanced optimization, security analysis, or reverse engineering tasks.
By combining these advanced techniques with the basic tools and concepts covered earlier, you can gain a comprehensive understanding of executable file sizes and effectively manage and optimize your Linux systems.