def section_info_highlevel(stream): print('High level API...') elffile = ELFFile(stream) # Just use the public methods of ELFFile to get what we need # Note that section names, like everything read from the file, are bytes # objects. print(' %s sections' % elffile.num_sections()) section = elffile.get_section_by_name(b'.symtab') if not section: print(' No symbol table found. Perhaps this ELF has been stripped?') return # A section type is in its header, but the name was decoded and placed in # a public attribute. # bytes2str is used to print the name of the section for consistency of # output between Python 2 and 3. The section name is a bytes object. print(' Section name: %s, type: %s' %( bytes2str(section.name), section['sh_type'])) # But there's more... If this section is a symbol table section (which is # the case in the sample ELF file that comes with the examples), we can # get some more information about it. if isinstance(section, SymbolTableSection): num_symbols = section.num_symbols() print(" It's a symbol section with %s symbols" % num_symbols) print(" The name of the last symbol in the section is: %s" % ( bytes2str(section.get_symbol(num_symbols - 1).name)))
def _print_version_section_header(self, version_section, name, lead0x=True, indent=1): """ Print a section header of one version related section (versym, verneed or verdef) with some options to accomodate readelf little differences between each header (e.g. indentation and 0x prefixing). """ if hasattr(version_section, 'num_versions'): num_entries = version_section.num_versions() else: num_entries = version_section.num_symbols() self._emitline("\n%s section '%s' contains %s entries:" % (name, bytes2str(version_section.name), num_entries)) self._emitline('%sAddr: %s Offset: %s Link: %i (%s)' % ( ' ' * indent, self._format_hex( version_section['sh_addr'], fieldsize=16, lead0x=lead0x), self._format_hex( version_section['sh_offset'], fieldsize=6, lead0x=True), version_section['sh_link'], bytes2str( self.elffile.get_section(version_section['sh_link']).name) ) )
def display_symbol_tables(self): """ Display the symbol tables contained in the file """ for section in self.elffile.iter_sections(): if not isinstance(section, SymbolTableSection): continue if section['sh_entsize'] == 0: self._emitline("\nSymbol table '%s' has a sh_entsize of zero!" % ( bytes2str(section.name))) continue self._emitline("\nSymbol table '%s' contains %s entries:" % ( bytes2str(section.name), section.num_symbols())) if self.elffile.elfclass == 32: self._emitline(' Num: Value Size Type Bind Vis Ndx Name') else: # 64 self._emitline(' Num: Value Size Type Bind Vis Ndx Name') for nsym, symbol in enumerate(section.iter_symbols()): # symbol names are truncated to 25 chars, similarly to readelf self._emitline('%6d: %s %5d %-7s %-6s %-7s %4s %.25s' % ( nsym, self._format_hex(symbol['st_value'], fullhex=True, lead0x=False), symbol['st_size'], describe_symbol_type(symbol['st_info']['type']), describe_symbol_bind(symbol['st_info']['bind']), describe_symbol_visibility(symbol['st_other']['visibility']), describe_symbol_shndx(symbol['st_shndx']), bytes2str(symbol.name)))
def fortify(self): """ NA : FORTIFY_SOURCE was not applicable Enabled : unsafe and _chk functions were found Disabled : only unsafe functions were found (_chk functions missing)""" ret = "NA" for section in self.elffile.iter_sections(): if not isinstance(section, SymbolTableSection): continue if section['sh_entsize'] == 0: print("\nSymbol table '%s' has a sh_entsize " \ "of zero!" % (bytes2str(section.name)), file=sys.stderr) continue for _, symbol in enumerate(section.iter_symbols()): for pattern in UNSAFE_FUNCTIONS: if re.match(pattern, bytes2str(symbol.name)): if ret == "NA": ret = "Disabled" break if ret == "Disabled": # afename = "__" + bytes2str(symbol.name) + "_chk" for _, symbol in enumerate(section.iter_symbols()): # first look for corresponding _chk symbol symbolstr = bytes2str(symbol.name) if (symbolstr.startswith("__") and symbolstr.endswith("_chk")) or \ symbolstr.endswith(" __chk_fail"): ret = "Enabled" break return ret
def die_info_rec(die, func_map, global_map, type_map, struct_map, variables, global_access_map): """ A recursive function for showing information about a DIE and its children. """ name = '' if die.tag == "DW_TAG_subprogram": variables = {} #print (die.attributes) for attr in itervalues(die.attributes): if attr.name == 'DW_AT_name': name = bytes2str(attr.value) elif die.tag == "DW_TAG_variable" or die.tag == "DW_TAG_formal_parameter": global_flag = 0 #var_name, offset, line, type_val = '',0,0,'' offset_var = '' for attr in itervalues(die.attributes): if attr.name == 'DW_AT_name': var_name = bytes2str(attr.value) elif attr.name == 'DW_AT_location': val = _location_list_extra(attr, die, ' ') #offset = int(val[val.index(':')+1:].strip()[:-1],16) offset_var = val[val.find(':')+1:val.find(')')].strip() elif attr.name == 'DW_AT_decl_line': line = attr.value elif attr.name == 'DW_AT_type': type_val = (attr.value + die.cu.cu_offset) elif attr.name == 'DW_AT_external': global_flag = 1 if type_val in struct_map.keys(): struct_var_name = var_name members = struct_map[type_val] for member in members.keys(): var_name = struct_var_name + "." + struct_map[type_val][member][0] struct_offset = struct_map[type_val][member][1] addVariableInMap(global_flag, global_map, variables, offset_var, var_name, type_val, line, global_access_map, struct_offset) else: addVariableInMap(global_flag, global_map, variables, offset_var, var_name, type_val, line, global_access_map, 0) elif die.tag == 'DW_TAG_base_type': #type_name, size = '',0 for attr in itervalues(die.attributes): if attr.name == "DW_AT_name": type_name = bytes2str(attr.value) elif attr.name == 'DW_AT_byte_size': size = attr.value type_map[die.offset] = (type_name, size) for child in die.iter_children(): die_info_rec(child, func_map, global_map, type_map, struct_map, variables, global_access_map) if die.tag == "DW_TAG_subprogram": #print (die.attributes) func_map[name] = variables
def display_relocations(self): """ Display the relocations contained in the file """ has_relocation_sections = False for section in self.elffile.iter_sections(): if not isinstance(section, RelocationSection): continue has_relocation_sections = True self._emitline("\nRelocation section '%s' at offset %s contains %s entries:" % ( bytes2str(section.name), self._format_hex(section['sh_offset']), section.num_relocations())) if section.is_RELA(): self._emitline(" Offset Info Type Sym. Value Sym. Name + Addend") else: self._emitline(" Offset Info Type Sym.Value Sym. Name") # The symbol table section pointed to in sh_link symtable = self.elffile.get_section(section['sh_link']) for rel in section.iter_relocations(): hexwidth = 8 if self.elffile.elfclass == 32 else 12 self._emit('%s %s %-17.17s' % ( self._format_hex(rel['r_offset'], fieldsize=hexwidth, lead0x=False), self._format_hex(rel['r_info'], fieldsize=hexwidth, lead0x=False), describe_reloc_type( rel['r_info_type'], self.elffile))) if rel['r_info_sym'] == 0: self._emitline() continue symbol = symtable.get_symbol(rel['r_info_sym']) # Some symbols have zero 'st_name', so instead what's used is # the name of the section they point at if symbol['st_name'] == 0: symsec = self.elffile.get_section(symbol['st_shndx']) symbol_name = symsec.name else: symbol_name = symbol.name self._emit(' %s %s%22.22s' % ( self._format_hex( symbol['st_value'], fullhex=True, lead0x=False), ' ' if self.elffile.elfclass == 32 else '', bytes2str(symbol_name))) if section.is_RELA(): self._emit(' %s %x' % ( '+' if rel['r_addend'] >= 0 else '-', abs(rel['r_addend']))) self._emitline() if not has_relocation_sections: self._emitline('\nThere are no relocations in this file.')
def process_file(do_write, syms, filename): addrs = dict() with open(filename, 'rb') as f: elffile = ELFFile(f) print('%s: elfclass is %s' % (filename, elffile.elfclass)) text_name = b'.text' sect_text = elffile.get_section_by_name(text_name) if not sect_text: print(' The file has no %s section' % bytes2str(text_name)) return print(' %s section, sh_offset=%s sh_addr=%s' % ( bytes2str(text_name), sect_text['sh_offset'], sect_text['sh_addr'])) sect_st = elffile.get_section_by_name(b'.symtab') if not sect_st: print(' No symbol table found. Perhaps this ELF has been stripped?') return if not isinstance(sect_st, SymbolTableSection): print(' Not a valid symbol table') return for _sym in sect_st.iter_symbols(): if _sym.name in syms.keys(): sym_offset_in_file = sect_text['sh_offset'] - sect_text['sh_addr'] + _sym['st_value'] print('found %s at virtual address %s, offset in file = %s' % (_sym.name, hex(_sym['st_value']), hex(sym_offset_in_file)) ) addrs[_sym.name] = sym_offset_in_file if len(syms) > len(addrs): for sym_name in syms.keys(): if not sym_name in addrs.keys(): print(' Failed to find symbol %s' % (sym_name)) print(' Not all symbols found, aborting') return else: print(' All required symbols found'); f.close() if not do_write: print(' Scan-only mode, not writing any changes') return with open(filename, 'r+b') as f: print(' Writing patches to file...') for _sym in addrs.keys(): f.seek(addrs[_sym]) f.write(syms[_sym]) f.close()
def display_symbol_tables(self): """ Display the symbol tables contained in the file """ self._init_versioninfo() for section in self.elffile.iter_sections(): if not isinstance(section, SymbolTableSection): continue if section['sh_entsize'] == 0: self._emitline("\nSymbol table '%s' has a sh_entsize of zero!" % ( bytes2str(section.name))) continue self._emitline("\nSymbol table '%s' contains %s entries:" % ( bytes2str(section.name), section.num_symbols())) if self.elffile.elfclass == 32: self._emitline(' Num: Value Size Type Bind Vis Ndx Name') else: # 64 self._emitline(' Num: Value Size Type Bind Vis Ndx Name') for nsym, symbol in enumerate(section.iter_symbols()): version_info = '' # readelf doesn't display version info for Solaris versioning if (section['sh_type'] == 'SHT_DYNSYM' and self._versioninfo['type'] == 'GNU'): version = self._symbol_version(nsym) if (version['name'] != bytes2str(symbol.name) and version['index'] not in ('VER_NDX_LOCAL', 'VER_NDX_GLOBAL')): if version['filename']: # external symbol version_info = '@%(name)s (%(index)i)' % version else: # internal symbol if version['hidden']: version_info = '@%(name)s' % version else: version_info = '@@%(name)s' % version # symbol names are truncated to 25 chars, similarly to readelf self._emitline('%6d: %s %5d %-7s %-6s %-7s %4s %.25s%s' % ( nsym, self._format_hex( symbol['st_value'], fullhex=True, lead0x=False), symbol['st_size'], describe_symbol_type(symbol['st_info']['type']), describe_symbol_bind(symbol['st_info']['bind']), describe_symbol_visibility(symbol['st_other']['visibility']), describe_symbol_shndx(symbol['st_shndx']), bytes2str(symbol.name), version_info))
def canary(self): for section in self.elffile.iter_sections(): if not isinstance(section, SymbolTableSection): continue if section['sh_entsize'] == 0: print ("\nSymbol table '%s' has a sh_entsize " \ "of zero!" % (bytes2str(section.name)), file=sys.stderr) continue for _, symbol in enumerate(section.iter_symbols()): if re.match(STACK_CHK, bytes2str(symbol.name)): return "Enabled" return "Disabled"
def build_symtab(elffile): syms = [] for section in elffile.iter_sections(): if isinstance(section, SymbolTableSection): for nsym, sym in enumerate(section.iter_symbols()): name = bytes2str(sym.name) if not name: continue end = sym['st_value'] + sym['st_size'] syms.append((sym['st_value'], end, bytes2str(sym.name))) syms.sort() return syms
def process_file(filename): print('Processing file:', filename) with open(filename, 'rb') as f: elffile = ELFFile(f) if not elffile.has_dwarf_info(): print(' file has no DWARF info') return # get_dwarf_info returns a DWARFInfo context object, which is the # starting point for all DWARF-based processing in pyelftools. dwarfinfo = elffile.get_dwarf_info() for CU in dwarfinfo.iter_CUs(): # DWARFInfo allows to iterate over the compile units contained in # the .debug_info section. CU is a CompileUnit object, with some # computed attributes (such as its offset in the section) and # a header which conforms to the DWARF standard. The access to # header elements is, as usual, via item-lookup. print(' Found a compile unit at offset %s, length %s' % ( CU.cu_offset, CU['unit_length'])) # Start with the top DIE, the root for this CU's DIE tree top_DIE = CU.get_top_DIE() print(' Top DIE with tag=%s' % top_DIE.tag) # Each DIE holds an OrderedDict of attributes, mapping names to # values. Values are represented by AttributeValue objects in # elftools/dwarf/die.py # We're interested in the filename, which is the join of # 'DW_AT_comp_dir' and 'DW_AT_name', either of which may be # missing in practice. Note that its value # is usually a string taken from the .debug_string section. This # is done transparently by the library, and such a value will be # simply given as a string. try: comp_dir_attr = top_DIE.attributes['DW_AT_comp_dir'] comp_dir = bytes2str(comp_dir_attr.value) try: name_attr = top_DIE.attributes['DW_AT_name'] name = bytes2str(name_attr.value) name = os.path.join(comp_dir, name) except KeyError as e: name = comp_dir except KeyError as e: name_attr = top_DIE.attributes['DW_AT_name'] name = bytes2str(name_attr.value) print(' name=%s' % name) # Display DIEs recursively starting with top_DIE die_info_rec(top_DIE)
def get_cu_filename(cu, idx=0): """A DW_AT_decl_file I think can be looked up, by index, from the CU file entry and directory index. """ lineprogram = cu.dwarfinfo.line_program_for_CU(cu) cu_filename = bytes2str(lineprogram["file_entry"][idx - 1].name) if len(lineprogram["include_directory"]) > 0: dir_index = lineprogram["file_entry"][idx - 1].dir_index if dir_index > 0: dir_name = bytes2str(lineprogram["include_directory"][dir_index - 1]) else: dir_name = "." cu_filename = "%s/%s" % (dir_name, cu_filename) return cu_filename
def build_symtab(elffile): syms = [] for section in elffile.iter_sections(): if isinstance(section, SymbolTableSection): for nsym, sym in enumerate(section.iter_symbols()): name = bytes2str(sym.name) if not name: continue if sym.entry.st_info.type != 'STT_FUNC': continue end = sym['st_value'] + sym['st_size'] syms.append((sym['st_value'], end, bytes2str(sym.name))) syms.sort() return syms
def display_dynamic_tags(self): """ Display the dynamic tags contained in the file """ has_dynamic_sections = False for section in self.elffile.iter_sections(): if not isinstance(section, DynamicSection): continue has_dynamic_sections = True self._emitline("\nDynamic section at offset %s contains %s entries:" % ( self._format_hex(section['sh_offset']), section.num_tags())) self._emitline(" Tag Type Name/Value") padding = 20 + (8 if self.elffile.elfclass == 32 else 0) for tag in section.iter_tags(): if tag.entry.d_tag == 'DT_NEEDED': parsed = 'Shared library: [%s]' % bytes2str(tag.needed) elif tag.entry.d_tag == 'DT_RPATH': parsed = 'Library rpath: [%s]' % bytes2str(tag.rpath) elif tag.entry.d_tag == 'DT_RUNPATH': parsed = 'Library runpath: [%s]' % bytes2str(tag.runpath) elif tag.entry.d_tag == 'DT_SONAME': parsed = 'Library soname: [%s]' % bytes2str(tag.soname) elif (tag.entry.d_tag.endswith('SZ') or tag.entry.d_tag.endswith('ENT')): parsed = '%i (bytes)' % tag['d_val'] elif (tag.entry.d_tag.endswith('NUM') or tag.entry.d_tag.endswith('COUNT')): parsed = '%i' % tag['d_val'] elif tag.entry.d_tag == 'DT_PLTREL': s = describe_dyn_tag(tag.entry.d_val) if s.startswith('DT_'): s = s[3:] parsed = '%s' % s else: parsed = '%#x' % tag['d_val'] self._emitline(" %s %-*s %s" % ( self._format_hex(ENUM_D_TAG.get(tag.entry.d_tag, tag.entry.d_tag), fullhex=True, lead0x=True), padding, '(%s)' % (tag.entry.d_tag[3:],), parsed)) if not has_dynamic_sections: # readelf only prints this if there is at least one segment if self.elffile.num_segments(): self._emitline("\nThere is no dynamic section in this file.")
def _dump_debug_frames(self): """ Dump the raw frame information from .debug_frame """ if not self._dwarfinfo.has_CFI(): return self._emitline('Contents of the .debug_frame section:') for entry in self._dwarfinfo.CFI_entries(): if isinstance(entry, CIE): self._emitline('\n%08x %08x %08x CIE' % ( entry.offset, entry['length'], entry['CIE_id'])) self._emitline(' Version: %d' % entry['version']) self._emitline(' Augmentation: "%s"' % bytes2str(entry['augmentation'])) self._emitline(' Code alignment factor: %u' % entry['code_alignment_factor']) self._emitline(' Data alignment factor: %d' % entry['data_alignment_factor']) self._emitline(' Return address column: %d' % entry['return_address_register']) self._emitline() else: # FDE self._emitline('\n%08x %08x %08x FDE cie=%08x pc=%08x..%08x' % ( entry.offset, entry['length'], entry['CIE_pointer'], entry.cie.offset, entry['initial_location'], entry['initial_location'] + entry['address_range'])) self._emit(describe_CFI_instructions(entry)) self._emitline()
def parse_member(die): """DW_TAG_member seems to be nested as follows: <data-member access='private' layout-offset-in-bits='0'> <var-decl name='_M_ptr' type-id='type-id-202' visibility='default' filepath='/usr/include/c++/9/bits/shared_ptr_base.h' line='1404' column='1'/> </data-member> TODO: where is visibility? """ child = {"_type": "var-decl"} filepath = get_die_filepath(die) if filepath: child["filepath"] = filepath # These values are not present in all namespace DIEs if "DW_AT_decl_line" in die.attributes: child["line"] = die.attributes["DW_AT_decl_line"].value if "DW_AT_decl_column" in die.attributes: child["column"] = die.attributes["DW_AT_decl_column"].value if "DW_AT_name" in die.attributes: child["name"] = bytes2str(die.attributes["DW_AT_name"].value) return {"_type": "member", "children": [child]}
def _lookup_function_name(self, address): so = self.get_so_by_address(address) # Addresses in DWARF are relative to base address for PIC, so # make the address argument relative too if needed if so.is_pic: address -= so.low_addr for compile_unit in so.dwarf_info.iter_CUs(): for die in compile_unit.iter_DIEs(): try: if die.tag == 'DW_TAG_subprogram': func_name = bytes2str( die.attributes['DW_AT_name'].value) low_pc = die.attributes['DW_AT_low_pc'].value high_pc_attr = die.attributes['DW_AT_high_pc'] if high_pc_attr.form == 'DW_FORM_addr': high_pc = high_pc_attr.value else: # high_pc relative to low_pc high_pc = low_pc + high_pc_attr.value if low_pc <= address <= high_pc: self._function_names[address] = func_name return self._function_names[address] except KeyError: continue return None
def parse_structure_type(die): """DW_TAG_structure, example xml: <class-decl name='filter_base' size-in-bits='192' is-struct='yes' visibility='default' filepath='/libabigail-1.8/build/../include/abg-comp-filter.h' line='120' column='1' id='type-id-1'> I've changed the "yes" and "no" to be True and False booleans. TODO: also not sure how to derive visibility here. """ filepath = get_die_filepath(die) dmeta = { "_type": "class-decl", "is-struct": True, } # These values are not present in all structure types if "DW_AT_name" in die.attributes: dmeta["name"] = bytes2str(die.attributes["DW_AT_name"].value) if "DW_AT_decl_line" in die.attributes: dmeta["line"] = die.attributes["DW_AT_decl_line"].value if "DW_AT_decl_column" in die.attributes: dmeta["column"] = die.attributes["DW_AT_decl_column"].value if "DW_AT_byte_size" in die.attributes: dmeta["size-in-bits"] = (die.attributes["DW_AT_byte_size"].value * 8,) if filepath: dmeta["filepath"] = filepath if die.has_children: dmeta["children"] = [] return dmeta
def get_relocations(fd): """ Return a dict with the relocations contained in a file """ elffile = ELFFile(fd) relocations = {} has_relocation_sections = False for section in elffile.iter_sections(): if not isinstance(section, RelocationSection): continue has_relocation_sections = True # The symbol table section pointed to in sh_link symtable = elffile.get_section(section['sh_link']) for rel in section.iter_relocations(): offset = rel['r_offset'] symbol = symtable.get_symbol(rel['r_info_sym']) # Some symbols have zero 'st_name', so instead what's used is # the name of the section they point at if symbol['st_name'] == 0: symsec = elffile.get_section(symbol['st_shndx']) symbol_name = symsec.name else: symbol_name = symbol.name relocations[offset] = bytes2str(symbol_name) return relocations
def _find_deps(self, filename, recursive): libs = [] filename = self._get_abs_path(filename) with open(filename, 'rb') as f: try: elf = ELFFile(f) for section in elf.iter_sections(): if not isinstance(section, DynamicSection): continue for tag in section.iter_tags(): if tag.entry.d_tag == 'DT_NEEDED': lib = bytes2str(tag.needed) libs.append(lib) except ELFError: raise if self._with_full_path: libs = [self._get_abs_path(l) for l in libs] deps = [(filename, libs)] else: deps = [(os.path.basename(filename), libs)] if recursive: for lib in libs: deps += self._find_deps(lib, recursive) return deps
def parse_enumeration_type(die): """parse an enumeration type. The xml looks like this: <enum-decl name='_Rb_tree_color' filepath='/usr/include/c++/9/bits/stl_tree.h' line='99' column='1' id='type-id-21300'> <underlying-type type-id='type-id-297'/> <enumerator name='_S_red' value='0'/> <enumerator name='_S_black' value='1'/> </enum-decl> """ index = die.attributes["DW_AT_decl_file"].value filepath = get_cu_filename(die.cu, index) dmeta = { "_type": "enum-decl", "filepath": filepath, "line": die.attributes["DW_AT_decl_line"].value, } if "DW_AT_name" in die.attributes: dmeta["name"] = bytes2str(die.attributes["DW_AT_name"].value) if "DW_AT_decl_column" in die.attributes: dmeta["column"] = die.attributes["DW_AT_decl_column"].value if die.has_children: dmeta["children"] = [] return dmeta
def parse_namespace(die): """parse a DW_TAG_namespace, optionally with children. DW_AT_export_symbols indicates that the symbols defined within the current scope are to be exported into the enclosing scope. TODO: Is DW_AT_export_symbols used anywhere? Where do we get visibility? """ filepath = get_die_filepath(die) dmeta = { "_type": "namespace", "filepath": filepath, } # These values are not present in all namespace DIEs if "DW_AT_name" in die.attributes: dmeta["name"] = bytes2str(die.attributes["DW_AT_name"].value) if "DW_AT_decl_line" in die.attributes: dmeta["line"] = die.attributes["DW_AT_decl_line"].value if "DW_AT_decl_column" in die.attributes: dmeta["column"] = die.attributes["DW_AT_decl_column"].value if die.has_children: dmeta["children"] = [] return dmeta
def patchFile(self, dumpfile, targetfile): func_name = '' func_addr = {} func_size = {} file_offset = {} text_section_file_offset = 0 text_section_code_offset = 0 err = '' # Browse Elf header try: # print "Target file: " + targetfile elffile = ELFFile(targetfile) for section in elffile.iter_sections(): if section.name == '.text': text_section_file_offset = section['sh_offset'] text_section_code_offset = section['sh_addr'] text_section_code_size = section['sh_size'] continue if not isinstance(section, SymbolTableSection): # Continue if not section does not contain symbols continue if section['sh_entsize'] == 0: err = 'Symbol table "%s" has a sh_entsize of zero!' % ( bytes2str(section.name)) continue # Patch file dumpfile.seek(0) patch_code = dumpfile.read(text_section_code_size) targetfile.seek(text_section_file_offset) targetfile.write(patch_code) except Exception as e: return 'Error: ' + str(e) return err
def _dump_debug_frames_interp(self): """ Dump the interpreted (decoded) frame information from .debug_frame """ if not self._dwarfinfo.has_CFI(): return self._emitline('Contents of the .debug_frame section:') for entry in self._dwarfinfo.CFI_entries(): if isinstance(entry, CIE): self._emitline('\n%08x %08x %08x CIE "%s" cf=%d df=%d ra=%d' % (entry.offset, entry['length'], entry['CIE_id'], bytes2str(entry['augmentation']), entry['code_alignment_factor'], entry['data_alignment_factor'], entry['return_address_register'])) ra_regnum = entry['return_address_register'] else: # FDE self._emitline( '\n%08x %08x %08x FDE cie=%08x pc=%08x..%08x' % (entry.offset, entry['length'], entry['CIE_pointer'], entry.cie.offset, entry['initial_location'], entry['initial_location'] + entry['address_range'])) ra_regnum = entry.cie['return_address_register'] # Print the heading row for the decoded table self._emit(' LOC') self._emit(' ' if entry.structs.address_size == 4 else ' ') self._emit(' CFA ') # Decode the table nad look at the registers it describes. # We build reg_order here to match readelf's order. In particular, # registers are sorted by their number, and the register matching # ra_regnum is always listed last with a special heading. decoded_table = entry.get_decoded() reg_order = sorted( ifilter(lambda r: r != ra_regnum, decoded_table.reg_order)) # Headings for the registers for regnum in reg_order: self._emit('%-6s' % describe_reg_name(regnum)) self._emitline('ra ') # Now include ra_regnum in reg_order to print its values similarly # to the other registers. reg_order.append(ra_regnum) for line in decoded_table.table: self._emit( self._format_hex(line['pc'], fullhex=True, lead0x=False)) self._emit(' %-9s' % describe_CFI_CFA_rule(line['cfa'])) for regnum in reg_order: if regnum in line: s = describe_CFI_register_rule(line[regnum]) else: s = 'u' self._emit('%-6s' % s) self._emitline() self._emitline()
def parse_union_type(die): """parse a union type <union-decl name='__anonymous_union__' size-in-bits='64' is-anonymous='yes' visibility='default' filepath='/libabigail-1.8/build/../include/abg-ir.h' line='2316' column='1' id='type-id-2748'> """ index = die.attributes["DW_AT_decl_file"].value filepath = get_cu_filename(die.cu, index) dmeta = { "_type": "union-decl", "line": die.attributes["DW_AT_decl_line"].value, "filepath": filepath, "size-in-bits": die.attributes["DW_AT_byte_size"].value * 8, "is-anonymous": "", # TODO: how do I know if it's anonymous? "visibility": "", # TODO: visibility?, "children": [], } if "DW_AT_name" in die.attributes: dmeta["name"] = bytes2str(die.attributes["DW_AT_name"].value) if "DW_AT_decl_column" in die.attributes: dmeta["column"] = die.attributes["DW_AT_decl_column"].value if die.has_children: dmeta["children"] = [] return dmeta
def decode_funcname(dwarfinfo, address): """Go over all DIEs in the DWARF information, looking for a subprogram entry with an address range that includes the given address. Note that this simplifies things by disregarding subprograms that may have split address ranges.""" for compile_unit in dwarfinfo.iter_CUs(): for DIE in compile_unit.iter_DIEs(): try: if DIE.tag == 'DW_TAG_subprogram': lowpc = DIE.attributes['DW_AT_low_pc'].value # DWARF v4 in section 2.17 describes how to interpret the # DW_AT_high_pc attribute based on the class of its form. # For class 'address' it's taken as an absolute address # (similarly to DW_AT_low_pc); for class 'constant', it's # an offset from DW_AT_low_pc. highpc_attr = DIE.attributes['DW_AT_high_pc'] highpc_attr_class = describe_form_class(highpc_attr.form) if highpc_attr_class == 'address': highpc = highpc_attr.value elif highpc_attr_class == 'constant': highpc = lowpc + highpc_attr.value else: print('Error: invalid DW_AT_high_pc class:', highpc_attr_class) continue if lowpc <= address <= highpc: return bytes2str(DIE.attributes['DW_AT_name'].value) except KeyError: continue return None
def search_for_autoload_path(self): scanelf = self scanfile = None library = None section = self._section_from_spec(".dynamic") try: eallib = self.find_librte_eal(section) if eallib is not None: ldlibpath = os.environ.get('LD_LIBRARY_PATH') if ldlibpath is None: ldlibpath = "" dtr = self.get_dt_runpath(section) library = search_file( eallib, dtr + ":" + ldlibpath + ":/usr/lib64:/lib64:/usr/lib:/lib") if library is None: return (None, None) if raw_output is False: print("Scanning for autoload path in %s" % library) scanfile = open(library, 'rb') scanelf = ReadElf(scanfile, sys.stdout) except AttributeError: # Not a dynamic binary pass except ELFError: scanfile.close() return (None, None) section = scanelf._section_from_spec(".rodata") if section is None: if scanfile is not None: scanfile.close() return (None, None) data = section.data() dataptr = 0 while dataptr < len(data): while (dataptr < len(data) and not (32 <= byte2int(data[dataptr]) <= 127)): dataptr += 1 if dataptr >= len(data): break endptr = dataptr while endptr < len(data) and byte2int(data[endptr]) != 0: endptr += 1 mystring = bytes2str(data[dataptr:endptr]) rc = mystring.find("DPDK_PLUGIN_PATH") if (rc != -1): rc = mystring.find("=") return (mystring[rc + 1:], library) dataptr = endptr if scanfile is not None: scanfile.close() return (None, None)
def search_for_autoload_path(self): scanelf = self scanfile = None library = None section = self._section_from_spec(".dynamic") try: eallib = self.find_librte_eal(section) if eallib is not None: ldlibpath = os.environ.get('LD_LIBRARY_PATH') if ldlibpath is None: ldlibpath = "" dtr = self.get_dt_runpath(section) library = search_file(eallib, dtr + ":" + ldlibpath + ":/usr/lib64:/lib64:/usr/lib:/lib") if library is None: return (None, None) if raw_output is False: print("Scanning for autoload path in %s" % library) scanfile = open(library, 'rb') scanelf = ReadElf(scanfile, sys.stdout) except AttributeError: # Not a dynamic binary pass except ELFError: scanfile.close() return (None, None) section = scanelf._section_from_spec(".rodata") if section is None: if scanfile is not None: scanfile.close() return (None, None) data = section.data() dataptr = 0 while dataptr < len(data): while (dataptr < len(data) and not (32 <= byte2int(data[dataptr]) <= 127)): dataptr += 1 if dataptr >= len(data): break endptr = dataptr while endptr < len(data) and byte2int(data[endptr]) != 0: endptr += 1 mystring = bytes2str(data[dataptr:endptr]) rc = mystring.find("DPDK_PLUGIN_PATH") if (rc != -1): rc = mystring.find("=") return (mystring[rc + 1:], library) dataptr = endptr if scanfile is not None: scanfile.close() return (None, None)
def parse_dwarf(dwarfinfo): if should_log: print("") print("Building DWARF lookup table...") templist = [] for CU in dwarfinfo.iter_CUs(): for DIE in CU.iter_DIEs(): try: # Using each DIE (Debugging Information Entry), the lower and # upper bounds of a function (subprogram) are recorded. This # takes into account entries that may only have a length instead # of an upper-bound attribute if DIE.tag == 'DW_TAG_subprogram': lowpc = DIE.attributes['DW_AT_low_pc'].value highpc_attr = DIE.attributes['DW_AT_high_pc'] highpc_attr_class = describe_form_class(highpc_attr.form) if highpc_attr_class == 'address': highpc = highpc_attr.value elif highpc_attr_class == 'constant': highpc = lowpc + highpc_attr.value else: highpc = 0 namestring = bytes2str(DIE.attributes['DW_AT_name'].value) if lowpc > 0: templist.append( FuncNode(lowpc=lowpc, highpc=highpc, namestring=namestring)) except KeyError: continue if should_log: for temp in templist: print(temp.namestring + ": " + str(temp.lowpc) + "/" + str(temp.highpc)) return sorted(templist, key=lambda x: x.lowpc)
def process_file(filename): print('Processing file:', filename) with open(filename, 'rb') as f: elffile = ELFFile(f) if not elffile.has_dwarf_info(): print(' file has no DWARF info') return # get_dwarf_info returns a DWARFInfo context object, which is the # starting point for all DWARF-based processing in pyelftools. dwarfinfo = elffile.get_dwarf_info() for CU in dwarfinfo.iter_CUs(): # DWARFInfo allows to iterate over the compile units contained in # the .debug_info section. CU is a CompileUnit object, with some # computed attributes (such as its offset in the section) and # a header which conforms to the DWARF standard. The access to # header elements is, as usual, via item-lookup. print(' Found a compile unit at offset %s, length %s' % ( CU.cu_offset, CU['unit_length'])) # The first DIE in each compile unit describes it. top_DIE = CU.get_top_DIE() print(' Top DIE with tag=%s' % top_DIE.tag) # Each DIE holds an OrderedDict of attributes, mapping names to # values. Values are represented by AttributeValue objects in # elftools/dwarf/die.py # We're interested in the DW_AT_name attribute. Note that its value # is usually a string taken from the .debug_str section. This # is done transparently by the library, and such a value will be # simply given as a string. name_attr = top_DIE.attributes['DW_AT_name'] print(' name=%s' % bytes2str(name_attr.value))
def _dump_debug_frames(self): """ Dump the raw frame information from .debug_frame """ if not self._dwarfinfo.has_CFI(): return self._emitline('Contents of the .debug_frame section:') for entry in self._dwarfinfo.CFI_entries(): if isinstance(entry, CIE): self._emitline( '\n%08x %08x %08x CIE' % (entry.offset, entry['length'], entry['CIE_id'])) self._emitline(' Version: %d' % entry['version']) self._emitline(' Augmentation: "%s"' % bytes2str(entry['augmentation'])) self._emitline(' Code alignment factor: %u' % entry['code_alignment_factor']) self._emitline(' Data alignment factor: %d' % entry['data_alignment_factor']) self._emitline(' Return address column: %d' % entry['return_address_register']) self._emitline() else: # FDE self._emitline( '\n%08x %08x %08x FDE cie=%08x pc=%08x..%08x' % (entry.offset, entry['length'], entry['CIE_pointer'], entry.cie.offset, entry['initial_location'], entry['initial_location'] + entry['address_range'])) self._emit(describe_CFI_instructions(entry)) self._emitline()
def parse_class_type(die): """parse a DW_TAG_class_type. An example XML is the following: # <class-decl name='filter_base' size-in-bits='192' is-struct='yes' visibility='default' filepath='/libabigail-1.8/build/../include/abg-comp-filter.h' line='120' column='1' id='type-id-1'> TODO: It's not clear how to get visibility "default" here as shown above """ filepath = get_die_filepath(die) dmeta = { "_type": "class-decl", "name": bytes2str(die.attributes["DW_AT_name"].value), "is-struct": False, } # These values are not present in all class declaration DIEs if "DW_AT_decl_line" in die.attributes: dmeta["line"] = die.attributes["DW_AT_decl_line"].value if "DW_AT_decl_column" in die.attributes: dmeta["column"] = die.attributes["DW_AT_decl_column"].value if "DW_AT_byte_size" in die.attributes: dmeta["size-in-bits"] = (die.attributes["DW_AT_byte_size"].value * 8,) if filepath: dmeta["filepath"] = filepath if die.has_children: dmeta["children"] = [] return dmeta
def display_pmd_info_strings(self, section_spec): """ Display a strings dump of a section. section_spec is either a section number or a name. """ section = self._section_from_spec(section_spec) if section is None: return data = section.data() dataptr = 0 while dataptr < len(data): while (dataptr < len(data) and not (32 <= byte2int(data[dataptr]) <= 127)): dataptr += 1 if dataptr >= len(data): break endptr = dataptr while endptr < len(data) and byte2int(data[endptr]) != 0: endptr += 1 mystring = bytes2str(data[dataptr:endptr]) rc = mystring.find("PMD_INFO_STRING") if (rc != -1): self.parse_pmd_info_string(mystring) dataptr = endptr
def get_dwz(dwz, offset): elffile = ELFFile(dwz) for section in elffile.iter_sections(): name = bytes2str(section.name) if name == ".debug_str": data = section.data() end = data[offset:].find(b"\x00") return data[offset:offset + end]
def process_file(filename): print('In file:', filename) with open(filename, 'rb') as f: elffile = ELFFile(f) for section in elffile.iter_sections(): # Section names are bytes objects if section.name.startswith(b'.debug'): print(' ' + bytes2str(section.name))
def process_file(filename): print("In file:", filename) with open(filename, "rb") as f: elffile = ELFFile(f) for section in elffile.iter_sections(): # Section names are bytes objects if section.name.startswith(b".debug"): print(" " + bytes2str(section.name))
def process_file(filename, address): print('Processing file:', filename) with open(filename, 'rb') as f: elffile = ELFFile(f) if not elffile.has_dwarf_info(): print(' file has no DWARF info') return # get_dwarf_info returns a DWARFInfo context object, which is the # starting point for all DWARF-based processing in pyelftools. dwarfinfo = elffile.get_dwarf_info() funcname = decode_funcname(dwarfinfo, address) file, line = decode_file_line(dwarfinfo, address) print('Function:', bytes2str(funcname)) print('File:', bytes2str(file)) print('Line:', line)
def fetch_PC(filename, secname='.symtab'): toreturn = 0 with open(filename, 'rb') as f: elffile = ELFFile(f) section = elffile.get_section_by_name(str2bytes(secname)) #print section['sh_entsize'] if section['sh_entsize'] == 0: print("\nSymbol table '%s' has a sh_entsize of zero!" % (bytes2str(section.name))) print("Symbol table '%s' contains %s entries" % (bytes2str(section.name), section.num_symbols())) for nsym, symbol in enumerate(section.iter_symbols()): if (bytes2str(symbol.name) == '_start'): toreturn = symbol['st_value'] setPC(toreturn)
def stack_cookies_check(elffile): for section in elffile.iter_sections(): if not isinstance(section, SymbolTableSection): continue if section['sh_entsize'] == 0: continue for _, symbol in enumerate(section.iter_symbols()): if bytes2str(symbol.name) in STACK_CHK: return True return False
def load_lineinfo(dwarfinfo): # Load all line infos and all function names into lists # Lines contains tuples of startaddr, endaddress, filename, line lines = [] # Functions contains tuples of lowpc, highpc, function functions = [] for CU in dwarfinfo.iter_CUs(): # First, look at line programs to find the file/line map lineprog = dwarfinfo.line_program_for_CU(CU) prevstate = None for entry in lineprog.get_entries(): # We're interested in those entries where a new state is assigned state = entry.state if state is None: continue if prevstate and prevstate.address <= state.address and not prevstate.end_sequence: file_entry = lineprog['file_entry'][prevstate.file - 1] if file_entry.dir_index == 0: # current directory # TODO get directory of source file and prepend it filename = './%s' % (bytes2str(file_entry.name)) else: filename = '%s/%s' % (bytes2str( lineprog['include_directory'][file_entry.dir_index - 1]), bytes2str(file_entry.name)) line = prevstate.line info = prevstate.address, state.address, filename, line lines.append(info) prevstate = state # Go over all DIEs in the DWARF information. Note that # this simplifies things by disregarding subprograms that may have # split address ranges. for DIE in CU.iter_DIEs(): try: if DIE.tag == 'DW_TAG_subprogram': lowpc = DIE.attributes['DW_AT_low_pc'].value highpc = DIE.attributes['DW_AT_high_pc'].value function = DIE.attributes['DW_AT_name'].value info = lowpc, highpc, bytes2str(function) functions.append(info) except KeyError: continue return lines, functions
def _get_dependencies(elf_handle): shared_libraries = [] for section in elf_handle.iter_sections(): if isinstance(section, DynamicSection): for tag in section.iter_tags(): if tag.entry.d_tag == 'DT_NEEDED': shared_libraries.append(bytes2str(tag.needed)) return shared_libraries
def get_dwz(path, offset): with open(path, "rb") as f: elffile = ELFFile(f) for section in elffile.iter_sections(): name = bytes2str(section.name) if name == ".debug_str": data = section.data() end = data[offset:].find(b"\x00") return data[offset:offset + end]
def fetch_PC(filename, secname='.symtab'): toreturn=0 with open(filename, 'rb') as f: elffile = ELFFile(f) section=elffile.get_section_by_name(str2bytes(secname)) #print section['sh_entsize'] if section['sh_entsize'] == 0: print("\nSymbol table '%s' has a sh_entsize of zero!" % ( bytes2str(section.name))) print("Symbol table '%s' contains %s entries" % ( bytes2str(section.name), section.num_symbols())) for nsym, symbol in enumerate(section.iter_symbols()): if(bytes2str(symbol.name)=='_start'): toreturn = symbol['st_value'] setPC(toreturn)
def _load_db(self): """Load symbol and section data into the database.""" # Load ELF section metadata. for nsec, section in enumerate(self.elffile.iter_sections()): self.db.execute('INSERT INTO sections VALUES (?,?,?,?,?,?,?,?,?,?,?)', (nsec, bytes2str(section.name).strip(), describe_sh_type(section['sh_type']).strip(), describe_sh_flags(section['sh_flags']).strip(), section['sh_addr'], section['sh_offset'], section['sh_size'], section['sh_link'], section['sh_info'], section['sh_addralign'], section['sh_entsize'])) self.db.commit() # Load ELF symbol data into DB. Adapted from readelf.py. for section in self.elffile.iter_sections(): if not isinstance(section, SymbolTableSection): continue if section['sh_entsize'] == 0: continue for nsym, symbol in enumerate(section.iter_symbols()): # Get the related section header index and name for this symbol. shndx = describe_symbol_shndx(symbol['st_shndx']).strip() related_section = None if str.isdigit(shndx): sec = self._get_section(shndx) if sec is not None: related_section = sec[1] # Write the symbol value to the table. self.db.execute('INSERT INTO symbols VALUES (NULL,?,?,?,?,?,?,?,?)', (symbol['st_value'], symbol['st_size'], describe_symbol_type(symbol['st_info']['type']).strip(), describe_symbol_bind(symbol['st_info']['bind']).strip(), describe_symbol_visibility(symbol['st_other']['visibility']).strip(), shndx, bytes2str(symbol.name).strip(), related_section)) self.db.commit()
def display_section_headers(self, show_heading=True): """ Display the ELF section headers """ elfheader = self.elffile.header if show_heading: self._emitline('There are %s section headers, starting at offset %s' % ( elfheader['e_shnum'], self._format_hex(elfheader['e_shoff']))) self._emitline('\nSection Header%s:' % ( 's' if elfheader['e_shnum'] > 1 else '')) # Different formatting constraints of 32-bit and 64-bit addresses # if self.elffile.elfclass == 32: self._emitline(' [Nr] Name Type Addr Off Size ES Flg Lk Inf Al') else: self._emitline(' [Nr] Name Type Address Offset') self._emitline(' Size EntSize Flags Link Info Align') # Now the entries # for nsec, section in enumerate(self.elffile.iter_sections()): self._emit(' [%2u] %-17.17s %-15.15s ' % ( nsec, bytes2str(section.name), describe_sh_type(section['sh_type']))) if self.elffile.elfclass == 32: self._emitline('%s %s %s %s %3s %2s %3s %2s' % ( self._format_hex(section['sh_addr'], fieldsize=8, lead0x=False), self._format_hex(section['sh_offset'], fieldsize=6, lead0x=False), self._format_hex(section['sh_size'], fieldsize=6, lead0x=False), self._format_hex(section['sh_entsize'], fieldsize=2, lead0x=False), describe_sh_flags(section['sh_flags']), section['sh_link'], section['sh_info'], section['sh_addralign'])) else: # 64 self._emitline(' %s %s' % ( self._format_hex(section['sh_addr'], fullhex=True, lead0x=False), self._format_hex(section['sh_offset'], fieldsize=16 if section['sh_offset'] > 0xffffffff else 8, lead0x=False))) self._emitline(' %s %s %3s %2s %3s %s' % ( self._format_hex(section['sh_size'], fullhex=True, lead0x=False), self._format_hex(section['sh_entsize'], fullhex=True, lead0x=False), describe_sh_flags(section['sh_flags']), section['sh_link'], section['sh_info'], section['sh_addralign'])) self._emitline('Key to Flags:') self._emit(' W (write), A (alloc), X (execute), M (merge), S (strings)') if self.elffile['e_machine'] in ('EM_X86_64', 'EM_L10M'): self._emitline(', l (large)') else: self._emitline() self._emitline(' I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)') self._emitline(' O (extra OS processing required) o (OS specific), p (processor specific)')
def display_hex_dump(self, section_spec): """ Display a hex dump of a section. section_spec is either a section number or a name. """ section = self._section_from_spec(section_spec) if section is None: self._emitline("Section '%s' does not exist in the file!" % (section_spec)) return self._emitline("\nHex dump of section '%s':" % bytes2str(section.name)) self._note_relocs_for_section(section) addr = section['sh_addr'] data = section.data() dataptr = 0 while dataptr < len(data): bytesleft = len(data) - dataptr # chunks of 16 bytes per line linebytes = 16 if bytesleft > 16 else bytesleft self._emit(' %s ' % self._format_hex(addr, fieldsize=8)) for i in range(16): if i < linebytes: self._emit('%2.2x' % byte2int(data[dataptr + i])) else: self._emit(' ') if i % 4 == 3: self._emit(' ') for i in range(linebytes): c = data[dataptr + i:dataptr + i + 1] if byte2int(c[0]) >= 32 and byte2int(c[0]) < 0x7f: self._emit(bytes2str(c)) else: self._emit(bytes2str(b'.')) self._emitline() addr += linebytes dataptr += linebytes self._emitline()
def _dump_debug_line_programs(self): """ Dump the (decoded) line programs from .debug_line The programs are dumped in the order of the CUs they belong to. """ self._emitline('Decoded dump of debug contents of section .debug_line:\n') for cu in self._dwarfinfo.iter_CUs(): lineprogram = self._dwarfinfo.line_program_for_CU(cu) cu_filename = '' if len(lineprogram['include_directory']) > 0: cu_filename = '%s/%s' % ( bytes2str(lineprogram['include_directory'][0]), bytes2str(lineprogram['file_entry'][0].name)) else: cu_filename = bytes2str(lineprogram['file_entry'][0].name) self._emitline('CU: %s:' % cu_filename) self._emitline('File name Line number Starting address') # Print each state's file, line and address information. For some # instructions other output is needed to be compatible with # readelf. for entry in lineprogram.get_entries(): state = entry.state if state is None: # Special handling for commands that don't set a new state if entry.command == DW_LNS_set_file: file_entry = lineprogram['file_entry'][entry.args[0] - 1] if file_entry.dir_index == 0: # current directory self._emitline('\n./%s:[++]' % ( bytes2str(file_entry.name))) else: self._emitline('\n%s/%s:' % ( bytes2str(lineprogram['include_directory'][file_entry.dir_index - 1]), bytes2str(file_entry.name))) elif entry.command == DW_LNE_define_file: self._emitline('%s:' % ( bytes2str(lineprogram['include_directory'][entry.args[0].dir_index]))) elif not state.end_sequence: # readelf doesn't print the state after end_sequence # instructions. I think it's a bug but to be compatible # I don't print them too. self._emitline('%-35s %11d %18s' % ( bytes2str(lineprogram['file_entry'][state.file - 1].name), state.line, '0' if state.address == 0 else self._format_hex(state.address))) if entry.command == DW_LNS_copy: # Another readelf oddity... self._emitline()
def display_hex_dump(self, section_spec): """ Display a hex dump of a section. section_spec is either a section number or a name. """ section = self._section_from_spec(section_spec) if section is None: self._emitline("Section '%s' does not exist in the file!" % ( section_spec)) return self._emitline("\nHex dump of section '%s':" % bytes2str(section.name)) self._note_relocs_for_section(section) addr = section['sh_addr'] data = section.data() dataptr = 0 while dataptr < len(data): bytesleft = len(data) - dataptr # chunks of 16 bytes per line linebytes = 16 if bytesleft > 16 else bytesleft self._emit(' %s ' % self._format_hex(addr, fieldsize=8)) for i in range(16): if i < linebytes: self._emit('%2.2x' % byte2int(data[dataptr + i])) else: self._emit(' ') if i % 4 == 3: self._emit(' ') for i in range(linebytes): c = data[dataptr + i : dataptr + i + 1] if byte2int(c[0]) >= 32 and byte2int(c[0]) < 0x7f: self._emit(bytes2str(c)) else: self._emit(bytes2str(b'.')) self._emitline() addr += linebytes dataptr += linebytes self._emitline()
def network(self): ret = "None" for section in self.elffile.iter_sections(): if not isinstance(section, SymbolTableSection): continue if section['sh_entsize'] == 0: print("\nSymbol table '%s' has a sh_entsize " \ "of zero!" % (bytes2str(section.name)), file=sys.stderr) continue for _, symbol in enumerate(section.iter_symbols()): # first match IP_PATTERNS for pattern in IP_PATTERNS: if re.match(pattern, bytes2str(symbol.name)): return "network-ip" # then match LOCAL_PATTERNS for pattern in LOCAL_PATTERNS: if re.match(pattern, bytes2str(symbol.name)): ret = "network-local" break return ret
def parse_base_type(die): """parse a DW_TAG_base_type. Here is the xml equivalent" # <type-decl name='__float128' size-in-bits='128' id='type-id-32691'/> """ return { "_type": "type-decl", "name": bytes2str(die.attributes["DW_AT_name"].value), # Size in in bytes, multiply by 8 to get bits "size-in-bits": die.attributes["DW_AT_byte_size"].value * 8, }
def run_exe(exe_path, args): """ Runs the given executable as a subprocess, given the list of arguments. Captures its return code (rc) and stdout and returns a pair: rc, stdout_str """ popen_cmd = [exe_path] + args if os.path.splitext(exe_path)[1] == '.py': popen_cmd.insert(0, 'python') proc = subprocess.Popen(popen_cmd, stdout=subprocess.PIPE) proc_stdout = proc.communicate()[0] return proc.returncode, bytes2str(proc_stdout)
def get_producer(path): with open(path, "rb") as f: elffile = ELFFile(f) dwarfinfo = elffile.get_dwarf_info() for CU in dwarfinfo.iter_CUs(): # DWARFInfo allows to iterate over the compile units # contained in the .debug_info section. CU is a CompileUnit # object, with some computed attributes (such as its offset # in the section) and a header which conforms to the DWARF # standard. The access to header elements is, as usual, via # item-lookup. # print(' Found a compile unit at offset %s, length %s' % ( # CU.cu_offset, CU['unit_length'])) # Start with the top DIE, the root for this CU's DIE tree top_DIE = CU.get_top_DIE() try: attrs = top_DIE.attributes['DW_AT_producer'] if attrs.form == 'DW_FORM_GNU_strp_alt': # DWARF extensions elfutils recognizes/supports are # described at, # # https://fedorahosted.org/elfutils/wiki/DwarfExtensions # # You can find the alt dwz file by reading the # .gnu_debugaltlink section. Which contains a file name # followed by the build-id of the dwz file. The build-id # symlink will point at the /usr/lib/debug/.dwz/ file. # # export nm=".gnu_debugaltlink" # objdump -s -j $nm /usr/lib/debug/.build-id/XY/34...debug # print("DWZ has the string!") # # DW_FORM_GNU_ref_alt is like DW_FORM_ref, but it refers to # an offset in the .dwz file, not in the main file. # DW_FORM_GNU_strp_alt is like DW_FORM_strp, but it refers # to a string in the .dwz file, not in the main file. for section in elffile.iter_sections(): name = bytes2str(section.name) if name == ".gnu_debugaltlink": data = section.data() fdata = data[0:data.find(b"\x00")] i = fdata.find(".dwz/") rpath = os.path.join("/usr/lib/debug/", fdata[i:].decode("utf-8")) # offset in alternate (.dwz/...)'s .debug_str" return get_dwz(rpath, offset=attrs.value) elif attrs.form == 'DW_FORM_strp': # lucky ;) return attrs.value else: assert 0 except: pass