def extract_section_darwin(inputFile): """Extracts the section as a string, the darwin version. Uses otool to extract the section, then processes it to a usable state. """ otoolCmd = ['otool', '-X', '-s', darwinSegmentName, darwinSectionName, inputFile] otoolProc = Popen(otoolCmd, stdout=sp.PIPE) otoolOutput = otoolProc.communicate()[0] if otoolProc.returncode != 0: logging.error('otool failed on %s' % inputFile) sys.exit(-1) lines = otoolOutput.splitlines() octets = [] for line in lines: (_, octetline) = line.split('\t') octets.extend(octetline.split()) octets = ''.join(octets) contents = octets.decode('hex').splitlines() if not contents: logging.error('{0} contained no {1} segment'.format(inputFile, darwinSegmentName)) return contents
def getSectionSizeAndOffset(sectionName, filename): """Returns the size and offset of the section, both in bytes. Use objdump on the provided binary; parse out the fields to find the given section. Parses the output,and extracts thesize and offset of that section (in bytes). """ objdumpCmd = ['objdump', '-h', '-w', filename] objdumpProc = Popen(objdumpCmd, stdout=sp.PIPE) objdumpOutput = objdumpProc.communicate()[0] if objdumpProc.returncode != 0: logging.error('Could not dump %s' % filename) sys.exit(-1) for line in [l.decode('utf-8') for l in objdumpOutput.splitlines()] : fields = line.split() if len(fields) <= 7: continue if fields[1] != sectionName: continue try: idx = int(fields[0]) size = int(fields[2], 16) offset = int(fields[5], 16) return (size, offset) except ValueError: continue # The needed section could not be found logging.warning('Could not find "{0}" ELF section in "{1}", so skipping this entry.'.format(sectionName,filename)) return None
def getFileType(cls, fileName): # This is a hacky way of determining # the type of file we are looking at. # Maybe we should use python-magic instead? fileP = Popen(['file', fileName], stdout=PIPE) output = fileP.communicate()[0] output = output.decode() if 'ELF' in output and 'executable' in output: return cls.EXECUTABLE elif 'current ar archive' in output: return cls.ARCHIVE elif 'ELF' in output and 'relocatable' in output: return cls.OBJECT else: return cls.UNKNOWN
def getFileType(cls, fileName): # This is a hacky way of determining # the type of file we are looking at. # Maybe we should use python-magic instead? fileP = Popen(['file',os.path.realpath(fileName)], stdout=PIPE) output = fileP.communicate()[0] output = output.decode('utf8') if 'ELF' in output and 'executable' in output: return cls.EXECUTABLE elif 'ELF' in output and 'shared' in output: return cls.SHARED elif 'current ar archive' in output: return cls.ARCHIVE elif 'ELF' in output and 'relocatable' in output: return cls.OBJECT else: return cls.UNKNOWN
def getFileType(cls, fileName): # This is a hacky way of determining # the type of file we are looking at. # Maybe we should use python-magic instead? fileP = Popen(['file', os.path.realpath(fileName)], stdout=PIPE) output = fileP.communicate()[0] output = output.decode() if 'ELF' in output and 'executable' in output: return cls.ELF_EXECUTABLE if 'Mach-O' in output and 'executable' in output: return cls.MACH_EXECUTABLE elif 'ELF' in output and 'shared' in output: return cls.ELF_SHARED elif 'Mach-O' in output and 'dynamically linked shared' in output: return cls.MACH_SHARED elif 'current ar archive' in output: return cls.ARCHIVE elif 'ELF' in output and 'relocatable' in output: return cls.ELF_OBJECT elif 'Mach-O' in output and 'object' in output: return cls.MACH_OBJECT else: return cls.UNKNOWN