def get_program_header(self):
header = []
if self._elf.num_segments() == 0:
return []
for segment in self._elf.iter_segments():
result = {}
result['p_type'] = describe_p_type(segment['p_type'])
if self._elf.elfclass == 32:
result['p_offset'] = segment['p_offset']
result['p_vaddr'] = segment['p_vaddr']
result['p_paddr'] = segment['p_paddr']
result['p_filesz'] = segment['p_filesz']
result['p_memsz'] = segment['p_memsz']
result['p_flags'] = describe_p_flags(segment['p_flags'])
result['p_align'] = segment['p_align']
else: # 64
result['p_offset'] = segment['p_offset']
result['p_vaddr'] = segment['p_vaddr']
result['p_paddr'] = segment['p_paddr']
result['p_filesz'] = segment['p_filesz']
result['p_memsz'] = segment['p_memsz']
result['p_flags'] = describe_p_flags(segment['p_flags'])
result['p_align'] = segment['p_align']
if isinstance(segment, InterpSegment):
result['interp_name'] = segment.get_interp_name()
result['include_section'] = []
for section in self._elf.iter_sections():
if (not section.is_null()
and segment.section_in_segment(section)):
result['include_section'].append(section.name)
#NoteSegment
if isinstance(segment, NoteSegment):
result['special_type'] = 'note'
result['note'] = []
for note in segment.iter_notes():
note_dic = {}
note_dic['n_offset'] = note['n_offset']
note_dic['n_size'] = note['n_size']
note_dic['n_name'] = note['n_name']
note_dic['n_descsz'] = note['n_descsz']
note_dic['note'] = describe_note(note)
result['note'].append(note_dic)
header.append(result)
return header
def elf_program_headers(self):
program_headers = []
def add_info(dic):
program_headers.append(dic)
if self.elffile.num_segments() == 0:
return None
for segment in self.elffile.iter_segments():
program_hdr = {}
program_hdr['Type'] = describe_p_type(segment['p_type'])
program_hdr['Offset'] = self._format_hex(segment['p_offset'],
fieldsize=6)
program_hdr['VirtAddr'] = self._format_hex(segment['p_vaddr'],
fullhex=True)
program_hdr['PhysAddr'] = self._format_hex(segment['p_paddr'],
fullhex=True)
program_hdr['FileSiz'] = self._format_hex(segment['p_filesz'],
fieldsize=5)
program_hdr['MemSiz'] = self._format_hex(segment['p_memsz'],
fieldsize=5)
program_hdr['Flg'] = describe_p_flags(segment['p_flags'])
program_hdr['Align'] = self._format_hex(segment['p_align'])
add_info(program_hdr)
return program_headers
def _get_program_headers(self) -> List[Dict[str, str]]:
return [
{
"type": describe_p_type(segment["p_type"]),
"addr": self._print_addr(segment["p_vaddr"]),
"flags": describe_p_flags(segment["p_flags"]).strip(),
"size": segment["p_memsz"],
}
for segment in self.elf.iter_segments()
]
def _get_program_headers(self):
program_headers = []
for segment in self.elf.iter_segments():
program_headers.append({
"type": describe_p_type(segment["p_type"]),
"addr": self._print_addr(segment["p_vaddr"]),
"flags": describe_p_flags(segment["p_flags"]).strip(),
"size": segment["p_memsz"],
})
return program_headers
def _get_program_headers(self):
program_headers = []
for segment in self.elf.iter_segments():
program_headers.append({
"type": describe_p_type(segment["p_type"]),
"addr": self._print_addr(segment["p_vaddr"]),
"flags": describe_p_flags(segment["p_flags"]).strip(),
"size": segment["p_memsz"],
})
return program_headers
def main(): if(len(sys.argv)!=3): print "Usage: %s <ELF filename> <output filename>" % sys.argv[0] return print "Opening ELF file: %s" % sys.argv[1] elffile = ELFFile(open(sys.argv[1],'r')) print "Entry point: 0x%x" % elffile.header['e_entry'] loadsegments = list() for segment in elffile.iter_segments(): segtype = describe_p_type(segment['p_type']) if(segtype=="LOAD"): loadsegments.append(segment) imgsize = 0 for segment in loadsegments: if(elffile.elfclass == 32): print "Load offset " + str(describe_p_flags(segment['p_flags'])) + \ " 0x%08x at 0x%08x, align 0x%0x" % \ (segment['p_offset'], segment['p_vaddr'], segment['p_align']) else: print "Load offset " + str(describe_p_flags(segment['p_flags'])) + \ " 0x%016x at 0x%016x, align 0x%0x" % \ (segment['p_offset'], segment['p_vaddr'], segment['p_align']) print "\tFile size: 0x%x\tMem size: 0x%x" % (segment['p_filesz'], segment['p_memsz']) imgsize = max(imgsize,segment['p_vaddr']+segment['p_memsz']) print "Image size: 0x%x" % imgsize buf = ctypes.create_string_buffer(imgsize) for segment in loadsegments: offset = segment['p_vaddr'] data = segment.data() for i in range(len(segment.data())): buf[offset+i] = data[i] outfile = file(sys.argv[2],'w') for char in buf: outfile.write(char)
def segments(self):
if not self.__check_session():
return
rows = []
for segment in self.elf.iter_segments():
rows.append([
segment['p_type'],
segment['p_vaddr'],
hex(segment['p_filesz']),
hex(segment['p_memsz']),
describe_p_flags(segment['p_flags']),
self.get_entropy(segment.data())
])
self.log('info', "ELF Segments:")
self.log('table', dict(header=['Type', 'VirtAddr', 'FileSize', 'MemSize', 'Flags', 'Entropy'], rows=rows))
def segments(self):
if not self.__check_session():
return
rows = []
for segment in self.elf.iter_segments():
rows.append([
segment['p_type'],
segment['p_vaddr'],
hex(segment['p_filesz']),
hex(segment['p_memsz']),
describe_p_flags(segment['p_flags'])
])
self.log('info', "ELF Segments:")
self.log('table', dict(header=['Type', 'VirtAddr', 'FileSize', 'MemSize', 'Flags'], rows=rows))
def segments(self):
if not self.__check_session():
return
rows = []
for segment in self.elf.iter_segments():
rows.append([
segment['p_type'],
segment['p_vaddr'],
hex(segment['p_filesz']),
hex(segment['p_memsz']),
describe_p_flags(segment['p_flags'])
])
print_info("ELF Segments:")
print(table(header=['Type', 'VirtAddr', 'FileSize', 'MemSize', 'Flags'], rows=rows))
def segments(self):
if not self.__check_session():
return
rows = []
for segment in self.elf.iter_segments():
rows.append(
[
segment["p_type"],
segment["p_vaddr"],
hex(segment["p_filesz"]),
hex(segment["p_memsz"]),
describe_p_flags(segment["p_flags"]),
]
)
print_info("ELF Segments:")
print(table(header=["Type", "VirtAddr", "FileSize", "MemSize", "Flags"], rows=rows))
def display_program_headers(self, show_heading=True):
""" Display the ELF program headers.
If show_heading is True, displays the heading for this information
(Elf file type is...)
"""
self._emitline()
if self.elffile.num_segments() == 0:
self._emitline('There are no program headers in this file.')
return
elfheader = self.elffile.header
if show_heading:
self._emitline('Elf file type is %s' %
describe_e_type(elfheader['e_type']))
self._emitline('Entry point is %s' %
self._format_hex(elfheader['e_entry']))
# readelf weirness - why isn't e_phoff printed as hex? (for section
# headers, it is...)
self._emitline(
'There are %s program headers, starting at offset %s' %
(elfheader['e_phnum'], elfheader['e_phoff']))
self._emitline()
self._emitline('Program Headers:')
# Now comes the table of program headers with their attributes. Note
# that due to different formatting constraints of 32-bit and 64-bit
# addresses, there are some conditions on elfclass here.
#
# First comes the table heading
#
if self.elffile.elfclass == 32:
self._emitline(
' Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align'
)
else:
self._emitline(
' Type Offset VirtAddr PhysAddr'
)
self._emitline(
' FileSiz MemSiz Flags Align'
)
# Now the entries
#
for segment in self.elffile.iter_segments():
self._emit(' %-14s ' % describe_p_type(segment['p_type']))
if self.elffile.elfclass == 32:
self._emitline(
'%s %s %s %s %s %-3s %s' %
(self._format_hex(segment['p_offset'], fieldsize=6),
self._format_hex(segment['p_vaddr'], fullhex=True),
self._format_hex(segment['p_paddr'], fullhex=True),
self._format_hex(segment['p_filesz'], fieldsize=5),
self._format_hex(segment['p_memsz'], fieldsize=5),
describe_p_flags(segment['p_flags']),
self._format_hex(segment['p_align'])))
else: # 64
self._emitline(
'%s %s %s' %
(self._format_hex(segment['p_offset'], fullhex=True),
self._format_hex(segment['p_vaddr'], fullhex=True),
self._format_hex(segment['p_paddr'], fullhex=True)))
self._emitline(' %s %s %-3s %s' % (
self._format_hex(segment['p_filesz'], fullhex=True),
self._format_hex(segment['p_memsz'], fullhex=True),
describe_p_flags(segment['p_flags']),
# lead0x set to False for p_align, to mimic readelf.
# No idea why the difference from 32-bit mode :-|
self._format_hex(segment['p_align'], lead0x=False)))
if isinstance(segment, InterpSegment):
self._emitline(' [Requesting program interpreter: %s]' %
bytes2str(segment.get_interp_name()))
# Sections to segments mapping
#
if self.elffile.num_sections() == 0:
# No sections? We're done
return
self._emitline('\n Section to Segment mapping:')
self._emitline(' Segment Sections...')
for nseg, segment in enumerate(self.elffile.iter_segments()):
self._emit(' %2.2d ' % nseg)
for section in self.elffile.iter_sections():
if (not section.is_null()
and segment.section_in_segment(section)):
self._emit('%s ' % bytes2str(section.name))
self._emitline('')
def display_program_headers(self, show_heading=True):
""" Display the ELF program headers.
If show_heading is True, displays the heading for this information
(Elf file type is...)
"""
self._emitline()
if self.elffile.num_segments() == 0:
self._emitline('There are no program headers in this file.')
return
elfheader = self.elffile.header
if show_heading:
self._emitline('Elf file type is %s' %
describe_e_type(elfheader['e_type']))
self._emitline('Entry point is %s' %
self._format_hex(elfheader['e_entry']))
# readelf weirness - why isn't e_phoff printed as hex? (for section
# headers, it is...)
self._emitline('There are %s program headers, starting at offset %s' % (
elfheader['e_phnum'], elfheader['e_phoff']))
self._emitline()
self._emitline('Program Headers:')
# Now comes the table of program headers with their attributes. Note
# that due to different formatting constraints of 32-bit and 64-bit
# addresses, there are some conditions on elfclass here.
#
# First comes the table heading
#
if self.elffile.elfclass == 32:
self._emitline(' Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align')
else:
self._emitline(' Type Offset VirtAddr PhysAddr')
self._emitline(' FileSiz MemSiz Flags Align')
# Now the entries
#
for segment in self.elffile.iter_segments():
self._emit(' %-14s ' % describe_p_type(segment['p_type']))
if self.elffile.elfclass == 32:
self._emitline('%s %s %s %s %s %-3s %s' % (
self._format_hex(segment['p_offset'], fieldsize=6),
self._format_hex(segment['p_vaddr'], fullhex=True),
self._format_hex(segment['p_paddr'], fullhex=True),
self._format_hex(segment['p_filesz'], fieldsize=5),
self._format_hex(segment['p_memsz'], fieldsize=5),
describe_p_flags(segment['p_flags']),
self._format_hex(segment['p_align'])))
else: # 64
self._emitline('%s %s %s' % (
self._format_hex(segment['p_offset'], fullhex=True),
self._format_hex(segment['p_vaddr'], fullhex=True),
self._format_hex(segment['p_paddr'], fullhex=True)))
self._emitline(' %s %s %-3s %s' % (
self._format_hex(segment['p_filesz'], fullhex=True),
self._format_hex(segment['p_memsz'], fullhex=True),
describe_p_flags(segment['p_flags']),
# lead0x set to False for p_align, to mimic readelf.
# No idea why the difference from 32-bit mode :-|
self._format_hex(segment['p_align'], lead0x=False)))
if isinstance(segment, InterpSegment):
self._emitline(' [Requesting program interpreter: %s]' %
bytes2str(segment.get_interp_name()))
# Sections to segments mapping
#
if self.elffile.num_sections() == 0:
# No sections? We're done
return
self._emitline('\n Section to Segment mapping:')
self._emitline(' Segment Sections...')
for nseg, segment in enumerate(self.elffile.iter_segments()):
self._emit(' %2.2d ' % nseg)
for section in self.elffile.iter_sections():
if ( not section.is_null() and
segment.section_in_segment(section)):
self._emit('%s ' % bytes2str(section.name))
self._emitline('')
