Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/xermicus/elftool

Small utility that can parse 64bit ELF binaries
https://github.com/xermicus/elftool

binary binutils elf

Last synced: 2 days ago
JSON representation

Small utility that can parse 64bit ELF binaries

Host: GitHub
URL: https://github.com/xermicus/elftool
Owner: xermicus
Created: 2018-11-12T11:50:24.000Z (about 6 years ago)
Default Branch: master
Last Pushed: 2020-02-04T10:58:59.000Z (almost 5 years ago)
Last Synced: 2024-11-10T07:44:56.496Z (about 2 months ago)
Topics: binary, binutils, elf
Language: Rust
Homepage:
Size: 15.6 KB
Stars: 2
Watchers: 3
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# ELF Tool

Small utility that can parse 64bit ELF binaries. Created while reading the fantastic book "Learning Linux Binary Analysis" written by elfmaster.

# Usage

```bash
Usage: elftool [opts]
Opts: -h display this help
-a display the Elf Header, Program Header Table and Section Header Table
-e display the ELF Header
-p display the Program Header Table
-s display the Section Header Table

```

So, for example we can learn about the section header table of /bin/ls:

```bash
cyrill@0x00 ~/elftool > cargo run -- -s /bin/ls
Finished dev [unoptimized + debuginfo] target(s) in 0.01s
Running `target/debug/main -s /bin/ls`
Section Header Table of /bin/ls with 25 entires
Offset Size Link Flags Type
Address Entsize Info Align Name

0x0000000000000000 0x0000000000000000 0x0000000000000000 --------------- Section header table entry unused
0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000

0x00000000000002a8 0x000000000000001c 0x0000000000000000 -a------------- Program data
0x00000000000002a8 0x0000000000000000 0x0000000000000000 0x0000000000000001 .interp

0x00000000000002c4 0x0000000000000020 0x0000000000000000 -a------------- Notes
0x00000000000002c4 0x0000000000000000 0x0000000000000000 0x0000000000000004 .note.ABI-tag

0x00000000000002e4 0x0000000000000024 0x0000000000000000 -a------------- Notes
0x00000000000002e4 0x0000000000000000 0x0000000000000000 0x0000000000000004 .note.gnu.build-id

0x0000000000000308 0x00000000000000c8 0x0000000000000005 -a------------- GNU-style hash table.
0x0000000000000308 0x0000000000000000 0x0000000000000000 0x0000000000000008 .gnu.hash

0x00000000000003d0 0x0000000000000c48 0x0000000000000006 -a------------- Dynamic linker symbol table
0x00000000000003d0 0x0000000000000018 0x0000000000000001 0x0000000000000008 .dynsym

0x0000000000001018 0x00000000000005ca 0x0000000000000000 -a------------- String table
0x0000000000001018 0x0000000000000000 0x0000000000000000 0x0000000000000001 .dynstr

0x00000000000015e2 0x0000000000000106 0x0000000000000005 -a------------- End OS-specific type
0x00000000000015e2 0x0000000000000002 0x0000000000000000 0x0000000000000002 .gnu.version

0x00000000000016e8 0x0000000000000070 0x0000000000000006 -a------------- Version needs section.
0x00000000000016e8 0x0000000000000000 0x0000000000000001 0x0000000000000008 .gnu.version_r

0x0000000000001758 0x0000000000001d28 0x0000000000000005 -a------------- Relocation entries with addends
0x0000000000001758 0x0000000000000018 0x0000000000000000 0x0000000000000008 .rela.dyn

0x0000000000004000 0x000000000000001b 0x0000000000000000 -ax------------ Program data
0x0000000000004000 0x0000000000000000 0x0000000000000000 0x0000000000000004 .init

0x0000000000004020 0x0000000000012763 0x0000000000000000 -ax------------ Program data
0x0000000000004020 0x0000000000000000 0x0000000000000000 0x0000000000000010 .text

0x0000000000016784 0x000000000000000d 0x0000000000000000 -ax------------ Program data
0x0000000000016784 0x0000000000000000 0x0000000000000000 0x0000000000000004 .fini

0x0000000000017000 0x0000000000005109 0x0000000000000000 -a------------- Program data
0x0000000000017000 0x0000000000000000 0x0000000000000000 0x0000000000000020 .rodata

0x000000000001c10c 0x00000000000008c4 0x0000000000000000 -a------------- Program data
0x000000000001c10c 0x0000000000000000 0x0000000000000000 0x0000000000000004 .eh_frame_hdr

0x000000000001c9d0 0x0000000000002df0 0x0000000000000000 -a------------- Program data
0x000000000001c9d0 0x0000000000000000 0x0000000000000000 0x0000000000000008 .eh_frame

0x0000000000020050 0x0000000000000008 0x0000000000000000 wa------------- Array of constructors
0x0000000000021050 0x0000000000000008 0x0000000000000000 0x0000000000000008 .init_array

0x0000000000020058 0x0000000000000008 0x0000000000000000 wa------------- Array of destructors
0x0000000000021058 0x0000000000000008 0x0000000000000000 0x0000000000000008 .fini_array

0x0000000000020060 0x0000000000000a38 0x0000000000000000 wa------------- Program data
0x0000000000021060 0x0000000000000000 0x0000000000000000 0x0000000000000020 .data.rel.ro

0x0000000000020a98 0x00000000000001c0 0x0000000000000006 wa------------- Dynamic linking information
0x0000000000021a98 0x0000000000000010 0x0000000000000000 0x0000000000000008 .dynamic

0x0000000000020c58 0x0000000000000398 0x0000000000000000 wa------------- Program data
0x0000000000021c58 0x0000000000000008 0x0000000000000000 0x0000000000000008 .got

0x0000000000021000 0x0000000000000268 0x0000000000000000 wa------------- Program data
0x0000000000022000 0x0000000000000000 0x0000000000000000 0x0000000000000020 .data

0x0000000000021268 0x00000000000012d8 0x0000000000000000 wa------------- Program space with no data (bss)
0x0000000000022280 0x0000000000000000 0x0000000000000000 0x0000000000000020 .bss

0x0000000000021268 0x0000000000000011 0x0000000000000000 ---ms---------- Program data
0x0000000000000000 0x0000000000000001 0x0000000000000000 0x0000000000000001 .comment

0x0000000000021279 0x00000000000000ed 0x0000000000000000 --------------- String table
0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000001 .shstrtab

Flags:
w SHF_WRITE Writable
a SHF_ALLOC Occupies memory during execution
x SHF_EXECINSTR Executable
m SHF_MERGE Might be merged
s SHF_STRINGS Contains nul-terminated strings
i SHF_INFO_LINK sh_info' contains SHT index
l SHF_LINK_ORDER Preserve order after combining
n SHF_OS_NONCONFORMING Non-standard OS specific handling
g SHF_GROUP Section is member of a group.
t SHF_TLS Section hold thread-local data.
c SHF_COMPRESSED Section with compressed data.
O SHF_MASKOS OS-specific.
P SHF_MASKPROC Processor-specific
o SHF_ORDERED Special ordering requirement
e SHF_EXCLUDE Section is excluded unless
```