elf - distinguish shared objects from position independent executables

Question

I'm looking for a fast way to check if a ELF binary is a shared object or a position independent executable. I think a can do that by checking the contained symbols / functions. I'm looking for a more efficient way of not having to read the complete file. I have to perform the check on different platforms, at least Android, Linux (32 and 64 bit).

Answer 1

I'm looking for a fast way to check if a ELF binary is a shared object or a position independend executable.

There is no way to check: a PIE executable is a shared object.

I think a can do that by checking the contained symbols / functions.

Symbols can be stripped, and once they are, you can't tell.

shared objects and executables they normally differ by the linked startup code

That's true: the PIE is normally linked with Scrt1.o, but a shared library is normally not. But there is nothing to prevent a shared library to be linked with Scrt1.o as well, and in a stripped binary even finding that startup code may be somewhat problematic.

If what you really want is to distinguish between a shared library and a PIE executable which you built yourself (rather than solving a general case of any shared library and any PIE), then checking for presence of PT_INTERP (readelf -l a.out | grep INTERP) is likely the easiest way to go: a PIE executable is guaranteed to have PT_INTERP, and shared libraries normally don't have it (libc.so.6 is a notable exception).