How to Find the Memory Address of a Symbol in an ELF File

A quick and useful tip for locating symbol memory addresses in ELF files using arm-none-eabi-nm combined with grep—perfect for embedded debugging scenarios like setting up SEGGER RTT or inspecting linker placements and runtime symbols.

Andre Leppik 21. August, 2025

Here’s a handy tip that came up during some work with SEGGER RTT (Real Time Transfer).

When initializing an RTT session, you need to provide the memory address of the RTT static control block variable. While it’s possible to dig through your generated .map file, there's a faster way:

arm-none-eabi-nm blink.elf | grep _SEGGER_RTT
20000000 B _SEGGER_RTT

By piping the output of arm-none-eabi-nm (which lists all symbols in your .elf file) to grep, you can quickly isolate and retrieve the memory address of your desired symbol.

Note: For Windows users, grep is typically a Linux command. However, you can easily use this trick with tools like WSL (Windows Subsystem for Linux), Cmder, or Git Bash. 

arm-none-eabi-nm firmware.elf | grep foo
1000033c T foo

This technique isn't limited to variable addresses, it's equally useful for finding function or constant data addresses. Variable symbols are typically stored in volatile RAM, while function code and constant data usually reside in non-volatile ROM or Flash memory, reflecting their runtime mutability or immutability.

Explore more
Cross-Compiling OpenOCD: A Step-by-Step Walkthrough

Cross-Compiling OpenOCD: A Step-by-Step Walkthrough

Learn how to build OpenOCD binaries on Ubuntu 22.04 for both the ARM64 and AMD64 target architectures. A great way to share a consistent OpenOCD build across your Debian systems

How to Move RTT to a Custom RAM Section in Embedded Rust

How to Move RTT to a Custom RAM Section in Embedded Rust

Learn how to place RTT buffers and the control block into a fixed RAM section in embedded Rust. This guide covers linker script changes, custom RTT initialization, and setting up a reliable RTT print channel.

Self-Hosted Recursive DNS Resolver: How to Take Full Control of Your DNS with Unbound

Are you tired of relying on public DNS providers? Learn how to set up Unbound, a self-hosted recursive DNS resolver, to boost privacy, security, and performance with hands-on examples and testing.

Need help with embedded systems development?

Whether you're building something new, fixing stability issues, or automating what slows your team down — we can help.

Get in touch
See our services
/