Thank you for the feedback! I can relate to you since it took me a while to grasp such a technical concept but after a while it all makes sense and I’m glad it did for you as well.
As for your suggestion, I see your point. But, there’s a reason I did not analyze at that part the sentence you suggested. I wanted to dedicate a section of the paper to explain the relocation offset and its use so that the reader won’t get confused with all the ELF terms. Which I did if you noticed.
In case you forgot, that is one of the instructions in the func()'s PLT entry. What does it really do though? 0x18 is an offset inside the .rel.plt section. You can think of .rel.plt as an array of Elf_Rel structures and each one of them describes a different function. 0x18 is practically saying "add 0x18 to the address of the .rel.plt section - > read the relocation entry fields that describe func() - > and pass them to the dynamic linker’s function so he can patch the desired address.
As for the below part you suggested:
The GOT entry points back to func()'s PLT code. This is only for the first time because the address in GOT entry isn’t patched yet with the real address of func().
I believe the ascii arts and the GDB snippets illustrate exactly that. But I can add it in a text form as well I guess. Though an image is much more comprehensive imo.
Thank you for taking the time to read my write-up.
Cheers!
P.S I mentioned in this post that I explained GOT/PLT in the past (though not as such technical level). You might want to take a look at it as well. It’s more theoretical but who knows, it may help you understand it even more. The more resources, the better.