revise elf content

Theory/ELF.md

@@ -1,29 +1,29 @@
 Executable and Linkable Format
 ================================================================================
 
-ELF (Executable and Linkable Format) is a standard file format for executable files and shared libraries. Linux, as well as, many UNIX-like operating systems uses this format. Let's look on structure of the ELF-64 Object File Format  and some defintions in the linux kernel source code related with it.
+ELF (Executable and Linkable Format) is a standard file format for executable files, object code, shared libraries, and core dumps. Linux, as well as, many other UNIX-like operating systems uses this format. Let's look on the structure of ELF-64 File Format and some defintions in the linux kernel source code related with it.
 
-An ELF object file consists of the following parts:
+An ELF file consists of the following parts:
 
-* ELF header - describes the main characteristics of the object file: type, CPU architecture, the virtual address of the entry point, the size and offset the remaining parts, etc...;
+* ELF header - describes the main characteristics of the object file: type, CPU architecture, virtual address of the entry point, size and offset of the remaining parts, etc...;
-* Program header table - listing the available segments and their attributes. Program header table need loaders for placing sections of the file as virtual memory segments;
+* Program header table - lists the available segments and their attributes. Program header table needs loaders for placing sections of this file as virtual memory segments;
-* Section header table - contains description of the sections.
+* Section header table - contains the description of sections.
 
 Now let's look closer on these components.
 
 **ELF header**
 
-It's located in the beginning of the object file. It's main point is to locate all other parts of the object file. File header contains following fields:
+It's located in the beginning of the object file. Its main point is to locate all other parts of the object file. ELF header contains following fields:
 
-* ELF identification - array of bytes which helps to identify the file as an ELF object file and also provides information about general object file characteristic;
+* ELF identification - array of bytes which helps identify this file as an ELF file and also provides information about general object file characteristics;
-* Object file type - identifies the object file type. This field can describe that ELF file is a relocatable object file, executable file, etc...;
+* Object file type - identifies the object file type. This field can describe whether this file is a relocatable file or executable file, etc...;
 * Target architecture;
 * Version of the object file format;
 * Virtual address of the program entry point;
 * File offset of the program header table;
 * File offset of the section header table;
-* Size of an ELF header;
+* Size of the ELF header;
-* Size of a program header table entry;
+* Size of the program header table entry;
 * and other fields...
 
 You can find `elf64_hdr` structure which presents ELF64 header in the linux kernel source code:
@@ -47,11 +47,11 @@ typedef struct elf64_hdr {
 } Elf64_Ehdr;
 ```
 
-This structure defined in the [elf.h](https://github.com/torvalds/linux/blob/master/include/uapi/linux/elf.h)
+This structure defines in the [elf.h](https://github.com/torvalds/linux/blob/master/include/uapi/linux/elf.h)
 
 **Sections**
 
-All data is stored in sections in an Elf object file. Sections identified by index in the section header table. Section header contains following fields:
+All data is stored in sections in an Elf file. Sections are identified by index in the section header table. Section header contains following fields:
 
 * Section name;
 * Section type;
@@ -64,7 +64,7 @@ All data is stored in sections in an Elf object file. Sections identified by ind
 * Address alignment boundary;
 * Size of entries, if section has table;
 
-And presented with the following `elf64_shdr` structure in the linux kernel:
+And presented with the following `elf64_shdr` structure in the linux kernel source code:
 
 ```C
 typedef struct elf64_shdr {
@@ -83,7 +83,7 @@ typedef struct elf64_shdr {
 
 **Program header table**
 
-All sections are grouped into segments in an executable or shared object file. Program header is an array of structures which describe every segment. It looks like:
+All sections are grouped into segments in an executable file or shared library. Program header table is an array of structures which describe every segment. It looks like:
 
 ```C
 typedef struct elf64_phdr {
@@ -98,16 +98,14 @@ typedef struct elf64_phdr {
 } Elf64_Phdr;
 ```
 
-in the linux kernel source code.
+`elf64_phdr` structure defines in the same [elf.h](https://github.com/torvalds/linux/blob/master/include/uapi/linux/elf.h).
 
-`elf64_phdr` defined in the same [elf.h](https://github.com/torvalds/linux/blob/master/include/uapi/linux/elf.h).
+And ELF file also contains other fields/structures which you can find in the [Documentation](http://www.uclibc.org/docs/elf-64-gen.pdf). Now let's look on the `vmlinux`.
-
-And ELF object file also contains other fields/structures which you can find in the [Documentation](http://www.uclibc.org/docs/elf-64-gen.pdf). Now let's look on the `vmlinux`.
 
 vmlinux
 --------------------------------------------------------------------------------
 
-`vmlinux` is relocatable ELF object file too. So we can look at it with the `readelf` util. First of all let's look on a header:
+`vmlinux` is an ELF file too. So we can look at it with the `readelf` util. First of all, let's look on the elf header of vmlinux:
 
 ```
 $ readelf -h  vmlinux
@@ -144,15 +142,15 @@ ffffffff80000000 - ffffffffa0000000 (=512 MB)  kernel text mapping, from phys 0
 So we can find it in the `vmlinux` with:
 
 ```
-readelf -s vmlinux | grep ffffffff81000000
+$ readelf -s vmlinux | grep ffffffff81000000
      1: ffffffff81000000     0 SECTION LOCAL  DEFAULT    1 
  65099: ffffffff81000000     0 NOTYPE  GLOBAL DEFAULT    1 _text
  90766: ffffffff81000000     0 NOTYPE  GLOBAL DEFAULT    1 startup_64
 ```
 
-Note that here is address of the `startup_64` routine is not `ffffffff80000000`, but `ffffffff81000000` and now i'll explain why.
+Note that ,the address of `startup_64` routine is not `ffffffff80000000`, but `ffffffff81000000`. Now I'll explain why.
 
-We can see following definition in the [arch/x86/kernel/vmlinux.lds.S](https://github.com/torvalds/linux/blob/master/arch/x86/kernel/vmlinux.lds.S):
+We can see the following definition in the [arch/x86/kernel/vmlinux.lds.S](https://github.com/torvalds/linux/blob/master/arch/x86/kernel/vmlinux.lds.S):
 
 ```
     . = __START_KERNEL;
@@ -176,10 +174,11 @@ Where `__START_KERNEL` is:
 
 `__START_KERNEL_map` is the value from documentation - `ffffffff80000000` and `__PHYSICAL_START` is `0x1000000`. That's why address of the `startup_64` is `ffffffff81000000`.
 
-And the last we can get program headers from `vmlinux` with the following command:
+At last we can get program headers from `vmlinux` with the following command:
 
 ```
-readelf -l vmlinux
+
+$ readelf -l vmlinux
 
 Elf file type is EXEC (Executable file)
 Entry point 0x1000000