How to Find the Memory Address of a Symbol in an ELF File

A quick and useful tip for locating symbol memory addresses in ELF files using arm-none-eabi-nm combined with grep—perfect for embedded debugging scenarios like setting up SEGGER RTT or inspecting linker placements and runtime symbols.

Andre Leppik 21. August, 2025

Here’s a handy tip that came up during some work with SEGGER RTT (Real Time Transfer).

When initializing an RTT session, you need to provide the memory address of the RTT static control block variable. While it’s possible to dig through your generated .map file, there's a faster way:

arm-none-eabi-nm blink.elf | grep _SEGGER_RTT
20000000 B _SEGGER_RTT

By piping the output of arm-none-eabi-nm (which lists all symbols in your .elf file) to grep, you can quickly isolate and retrieve the memory address of your desired symbol.

Note: For Windows users, grep is typically a Linux command. However, you can easily use this trick with tools like WSL (Windows Subsystem for Linux), Cmder, or Git Bash. 

arm-none-eabi-nm firmware.elf | grep foo
1000033c T foo

This technique isn't limited to variable addresses, it's equally useful for finding function or constant data addresses. Variable symbols are typically stored in volatile RAM, while function code and constant data usually reside in non-volatile ROM or Flash memory, reflecting their runtime mutability or immutability.

Explore more
Debugging Microsecond Delays on STM32: When 1 µs Isn’t What It Seems

Debugging Microsecond Delays on STM32: When 1 µs Isn’t What It Seems

Why your STM32 timer-based microsecond delays may not work as you expect. Discover how Cortex-M0+ pipelines and timer register updates can affect your timing. Learn ways to correct these issues.

How to Move RTT to a Custom RAM Section in Embedded Rust

How to Move RTT to a Custom RAM Section in Embedded Rust

Learn how to place RTT buffers and the control block into a fixed RAM section in embedded Rust. This guide covers linker script changes, custom RTT initialization, and setting up a reliable RTT print channel.

Abstract high-tech network visualization with data connection lines.

DNS Sinkhole: How to Block Malicious Sites and Trackers at the Network Level

Deploy Pi-hole on a Raspberry Pi to block malicious domains and trackers network-wide. Learn how to configure blocklists and prevent DNS bypasses in this hands-on guide.

Need help with embedded systems development?

Whether you're building something new, fixing stability issues, or automating what slows your team down — we can help.

Get in touch
See our services
/