ELF Binary Format
What is ELF Binary Format?
ELF Binary FormatExecutable and Linkable Format, the standard binary container for executables, object files, and shared libraries on Linux, BSD, and most System V Unix derivatives.
ELF (Executable and Linkable Format) is the binary file format defined by the System V Application Binary Interface and used by Linux, FreeBSD, OpenBSD, Solaris, and many embedded systems. An ELF file has an ELF header, a program header table that defines loadable segments at runtime, and a section header table used by linkers and debuggers for tables such as .text, .rodata, .data, and .dynsym. Security tooling parses ELF to enforce ASLR (PIE), NX, RELRO, and stack canaries, while reverse engineers and malware analysts study sections and dynamic tags to identify packers, LD_PRELOAD hijacks, GOT overwrites, and ROP gadgets.
● Examples
- 01
Running readelf -a and checksec on a Linux binary to verify PIE, NX, and Full RELRO are enabled.
- 02
An attacker patching the .got.plt of an ELF process to redirect a library call to a malicious payload.
● Frequently asked questions
What is ELF Binary Format?
Executable and Linkable Format, the standard binary container for executables, object files, and shared libraries on Linux, BSD, and most System V Unix derivatives. It belongs to the Application Security category of cybersecurity.
What does ELF Binary Format mean?
Executable and Linkable Format, the standard binary container for executables, object files, and shared libraries on Linux, BSD, and most System V Unix derivatives.
How does ELF Binary Format work?
ELF (Executable and Linkable Format) is the binary file format defined by the System V Application Binary Interface and used by Linux, FreeBSD, OpenBSD, Solaris, and many embedded systems. An ELF file has an ELF header, a program header table that defines loadable segments at runtime, and a section header table used by linkers and debuggers for tables such as .text, .rodata, .data, and .dynsym. Security tooling parses ELF to enforce ASLR (PIE), NX, RELRO, and stack canaries, while reverse engineers and malware analysts study sections and dynamic tags to identify packers, LD_PRELOAD hijacks, GOT overwrites, and ROP gadgets.
How do you defend against ELF Binary Format?
Defences for ELF Binary Format typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for ELF Binary Format?
Common alternative names include: Executable and Linkable Format, ELF.
● Related terms
- appsec№ 639
Mach-O
Mach-O is the native executable, object, and shared library format used by macOS, iOS, watchOS, and tvOS for binaries built with Apple's toolchain.
- appsec№ 809
PE Executable Format
Portable Executable, the Windows binary file format used by .exe, .dll, .sys, and .ocx files and derived from the older COFF object format.
- vulnerabilities№ 131
Buffer Overflow
A memory-safety flaw where a program writes past the end of an allocated buffer, corrupting adjacent memory and often enabling code execution.
- forensics-ir№ 650
Malware Analysis
The structured study of a malicious sample to understand its functionality, origin, indicators of compromise, and impact on affected systems.
- forensics-ir№ 926
Reverse Engineering
The process of disassembling and analyzing compiled software, firmware, or hardware to recover its design, behavior, and inner workings.