def print_dynamic_entries(binary):
dynamic_entries = binary.dynamic_entries
# Dynamic entries
if len(dynamic_entries) == 0:
return
print("== Dynamic entries ==\n")
f_title = "|{:<16} | {:<10}| {:<20}|"
f_value = "|{:<16} | 0x{:<8x}| {:<20}|"
print(f_title.format("Tag", "Value", "Info"))
for entry in dynamic_entries:
if entry.tag == ELF.DYNAMIC_TAGS.NULL:
continue
if entry.tag in [ELF.DYNAMIC_TAGS.SONAME, ELF.DYNAMIC_TAGS.NEEDED, ELF.DYNAMIC_TAGS.RUNPATH, ELF.DYNAMIC_TAGS.RPATH]:
print(f_value.format(str(entry.tag).split(".")[-1], entry.value, entry.name))
elif type(entry) is ELF.DynamicEntryArray: # [ELF.DYNAMIC_TAGS.INIT_ARRAY,ELF.DYNAMIC_TAGS.FINI_ARRAY]:
print(f_value.format(str(entry.tag).split(".")[-1], entry.value, ", ".join(map(hex, entry.array))))
elif entry.tag == ELF.DYNAMIC_TAGS.FLAGS:
flags_str = " - ".join([str(ELF.DYNAMIC_FLAGS(s)).split(".")[-1] for s in entry.flags])
print(f_value.format(str(entry.tag).split(".")[-1], entry.value, flags_str))
elif entry.tag == ELF.DYNAMIC_TAGS.FLAGS_1:
flags_str = " - ".join([str(ELF.DYNAMIC_FLAGS_1(s)).split(".")[-1] for s in entry.flags])
print(f_value.format(str(entry.tag).split(".")[-1], entry.value, flags_str))
else:
print(f_value.format(str(entry.tag).split(".")[-1], entry.value, ""))
print("")
def print_relocations(binary, relocations):
f_title = "|{:<10} | {:<10}| {:<8}| {:<8}| {:<8}| {:<15}| {:<30} |"
f_value = "|0x{:<8x} | {:<10}| {:<8d}| {:<8d}| {:<8x}| {:<15}| {:<30} |"
print(
f_title.format("Address", "Type", "Info", "Size", "Addend", "Purpose",
"Symbol"))
for relocation in relocations:
type = str(relocation.type)
if binary.header.machine_type == ELF.ARCH.x86_64:
type = str(ELF.RELOCATION_X86_64(relocation.type))
elif binary.header.machine_type == ELF.ARCH.i386:
type = str(ELF.RELOCATION_i386(relocation.type))
elif binary.header.machine_type == ELF.ARCH.ARM:
type = str(ELF.RELOCATION_ARM(relocation.type))
elif binary.header.machine_type == ELF.ARCH.AARCH64:
type = str(ELF.RELOCATION_AARCH64(relocation.type))
symbol_name = str(
relocation.symbol.name) if relocation.has_symbol else ""
print(
f_value.format(relocation.address,
type.split(".")[-1], relocation.info,
relocation.size, relocation.addend,
str(relocation.purpose).split(".")[-1],
symbol_name))
def print_notes(binary):
print("== Notes ==\n")
format_str = "{:<19} {}"
format_hex = "{:<19} 0x{:<28x}"
format_dec = "{:<19} {:<30d}"
notes = binary.notes
for idx, note in enumerate(notes):
description = note.description
description_str = " ".join(map(lambda e : "{:02x}".format(e), description[:16]))
if len(description) > 16:
description_str += " ..."
print("Note #{:d}".format(idx))
print(format_str.format("Name:", note.name))
print(format_str.format("Type:", str(ELF.NOTE_TYPES(note.type)).split(".")[-1]))
print(format_str.format("Description:", description_str))
if ELF.NOTE_TYPES(note.type) == ELF.NOTE_TYPES.ABI_TAG:
try:
version = note.version
version_str = "{:d}.{:d}.{:d}".format(version[0], version[1], version[2])
print(format_str.format("ABI:", note.abi))
print(format_str.format("Version:", version_str))
except lief.corrupted:
pass
if ELF.NOTE_TYPES(note.type) == ELF.NOTE_TYPES.GOLD_VERSION:
print(format_str.format("Version:", "".join(map(chr, note.description))))
print("\n")
def __init__(self):
if Game.overwrite_folder == None:
if os.path.exists(args.folder):
alert_print(
'The folder path exists (you can use -f option to specify a manual training folder name)'
)
Game.overwrite_folder = click.confirm(
"Do you want to use existing folder?")
if not Game.overwrite_folder:
exit(0)
else:
os.mkdir(args.folder)
verbose_print('Folder %s created' % args.folder)
if len(Game.binaries) == 0:
Game.binaries = find_executables("/bin")
Game.binaries.append(find_executables("/usr/bin"))
binpath = ''
while True:
r = random.randrange(0, len(Game.binaries))
binpath = Game.binaries[r]
if ELF.parse(binpath) is not None:
break
shutil.copy(binpath, args.folder)
filename = binpath.split('/')[-1]
newbinpath = '/'.join(args.folder.split('/') + [filename])
Game.binary = ELF.parse(newbinpath)
verbose_print("Found a binary: " + binpath)
info_print('Training binary files is: ' + newbinpath)
verbose_print('Found binary copied to training folder')
def print_relocations(binary):
dynamicrelocations = binary.dynamic_relocations
pltgot_relocations = binary.pltgot_relocations
## Dynamic relocations ##
if len(dynamicrelocations) > 0:
print("== Dynamic Relocations ==\n")
f_title = "|{:<10} | {:<10}| {:<8}| {:<30} |"
f_value = "|0x{:<8x} | {:<10}| {:<8d}| {:<30} |"
print(f_title.format("Address", "Type", "Size", "Symbol"))
for relocation in dynamicrelocations:
type = str(relocation.type)
if binary.header.machine_type == ELF.ARCH.x86_64:
type = str(ELF.RELOCATION_X86_64(relocation.type))
elif binary.header.machine_type == ELF.ARCH.i386:
type = str(ELF.RELOCATION_i386(relocation.type))
elif binary.header.machine_type == ELF.ARCH.ARM:
type = str(ELF.RELOCATION_ARM(relocation.type))
elif binary.header.machine_type == ELF.ARCH.AARCH64:
type = str(ELF.RELOCATION_AARCH64(relocation.type))
symbol_name = str(relocation.symbol.name) if relocation.has_symbol else ""
print(f_value.format(
relocation.address,
type.split(".")[-1],
relocation.size,
symbol_name))
if len(pltgot_relocations) > 0:
print("== PLT/GOT Relocations ==\n")
f_title = "|{:<10} | {:<10}| {:<8}| {:<30} |"
f_value = "|0x{:<8x} | {:<10}| {:<8d}| {:<30} |"
print(f_title.format("Address", "Type", "Size", "Symbol"))
for relocation in pltgot_relocations:
type = str(relocation.type)
if binary.header.machine_type == ELF.ARCH.x86_64:
type = str(ELF.RELOCATION_X86_64(relocation.type))
elif binary.header.machine_type == ELF.ARCH.i386:
type = str(ELF.RELOCATION_i386(relocation.type))
elif binary.header.machine_type == ELF.ARCH.ARM:
type = str(ELF.RELOCATION_ARM(relocation.type))
elif binary.header.machine_type == ELF.ARCH.AARCH64:
type = str(ELF.RELOCATION_AARCH64(relocation.type))
symbol_name = str(relocation.symbol.name) if relocation.has_symbol else ""
print(f_value.format(
relocation.address,
type.split(".")[-1],
relocation.size,
symbol_name))
def print_relocations(binary, relocations):
f_title = "|{:<10} | {:<10}| {:<8}| {:<8}| {:<8}| {:<15}| {:<30} |"
f_value = "|0x{:<8x} | {:<10}| {:<8d}| {:<8d}| {:<8x}| {:<15}| {:<30} |"
print(f_title.format("Address", "Type", "Info", "Size", "Addend", "Purpose", "Symbol"))
for relocation in relocations:
type = str(relocation.type)
if binary.header.machine_type == ELF.ARCH.x86_64:
type = str(ELF.RELOCATION_X86_64(relocation.type))
elif binary.header.machine_type == ELF.ARCH.i386:
type = str(ELF.RELOCATION_i386(relocation.type))
elif binary.header.machine_type == ELF.ARCH.ARM:
type = str(ELF.RELOCATION_ARM(relocation.type))
elif binary.header.machine_type == ELF.ARCH.AARCH64:
type = str(ELF.RELOCATION_AARCH64(relocation.type))
symbol_name = ""
if relocation.has_symbol:
symbol: lief.ELF.Symbol = relocation.symbol
if len(symbol.name) > 0:
symbol_name = symbol.name
elif symbol.type == lief.ELF.SYMBOL_TYPES.SECTION:
shndx = symbol.shndx
sections = binary.sections
if 0 < shndx and shndx < len(sections):
symbol_name = sections[shndx].name + " + " + hex(relocation.addend)
else:
symbol_name = "<section #{}>".format(shndx)
print(f_value.format(
relocation.address,
type.split(".")[-1],
relocation.info,
relocation.size,
relocation.addend,
str(relocation.purpose).split(".")[-1],
symbol_name))
def print_notes(binary):
print("== Notes ==\n")
format_str = "{:<19} {}"
format_hex = "{:<19} 0x{:<28x}"
format_dec = "{:<19} {:<30d}"
notes = binary.notes
for idx, note in enumerate(notes):
description = note.description
description_str = " ".join(
map(lambda e: "{:02x}".format(e), description[:16]))
if len(description) > 16:
description_str += " ..."
print("Note #{:d}".format(idx))
type_str = note.type_core if note.is_core else note.type
type_str = str(type_str).split(".")[-1]
print(format_str.format("Name:", note.name))
print(format_str.format("Type:", type_str))
print(format_str.format("Description:", description_str))
note_details = note.details
if type(note_details) == lief.ELF.AndroidNote:
print(format_dec.format("SDK Version:", note_details.sdk_version))
print(format_str.format("NDK Version:", note_details.ndk_version))
print(
format_str.format("NDK build number:",
note_details.ndk_build_number))
if type(note_details) == lief.ELF.NoteAbi:
version = note_details.version
version_str = "{:d}.{:d}.{:d}".format(version[0], version[1],
version[2])
print(format_str.format("ABI:", note_details.abi))
print(format_str.format("Version:", version_str))
if ELF.NOTE_TYPES(note.type) == ELF.NOTE_TYPES.GOLD_VERSION:
print(
format_str.format("Version:",
"".join(map(chr, note.description))))
if note.is_core:
print(note_details)
print("\n")
def create_section(binary):
section = None
if is_pefile(binary): # PE file
section = PE.Section()
section.characteristics = PE.SECTION_CHARACTERISTICS.CNT_CODE | PE.SECTION_CHARACTERISTICS.MEM_READ | PE.SECTION_CHARACTERISTICS.MEM_EXECUTE | PE.SECTION_CHARACTERISTICS.MEM_WRITE
# section.virtual_size = 0x1000
section.content = [0x90] * 0x1000
else:
section = ELF.Section()
section += ELF.SECTION_FLAGS.ALLOC
section += ELF.SECTION_FLAGS.WRITE
section += ELF.SECTION_FLAGS.EXECINSTR
section.alignment = 16
section.content = [0x90] * 0x1000
return section
def main():
optparser = OptionParser(
usage='Usage: %prog [options] <elf-file>',
add_help_option=False, # -h is a real option of readelf
prog=sys.argv[0])
optparser.add_option('-a',
'--all',
action='store_true',
dest='show_all',
help='Equivalent to: -h -l -S -s -r -d -V')
optparser.add_option('-d',
'--dynamic',
action='store_true',
dest='show_dynamic_tags',
help='Display the dynamic section')
optparser.add_option('-H',
'--help',
action='store_true',
dest='help',
help='Display this information')
optparser.add_option('-h',
'--file-header',
action='store_true',
dest='show_file_header',
help='Display the ELF file header')
optparser.add_option('-i',
'--imported',
action='store_true',
dest='show_imported_symbols',
help='Display imported symbols')
optparser.add_option('-l',
'--program-headers',
'--segments',
action='store_true',
dest='show_program_header',
help='Display the program headers')
optparser.add_option('-S',
'--section-headers',
'--sections',
action='store_true',
dest='show_section_header',
help="Display the sections' headers")
optparser.add_option('-e',
'--headers',
action='store_true',
dest='show_all_headers',
help='Equivalent to: -h -l -S')
optparser.add_option('-s',
'--symbols',
'--syms',
action='store_true',
dest='show_symbols',
help='Display the symbol table')
optparser.add_option('--dynamic-symbols',
'--dsyms',
action='store_true',
dest='show_dynamic_symbols',
help='Display the dynamic symbols')
optparser.add_option('--static-symbols',
'--ssyms',
action='store_true',
dest='show_static_symbols',
help='Display the static symbols')
optparser.add_option('-r',
'--relocs',
action='store_true',
dest='show_relocs',
help='Display the relocations (if present)')
optparser.add_option('-V',
'--version-info',
action='store_true',
dest='show_version_info',
help='Display the version sections (if present)')
optparser.add_option('-x',
'--exported',
action='store_true',
dest='show_exported_symbols',
help='Display exported symbols')
optparser.add_option('--gnu-hash',
action='store_true',
dest='show_gnu_hash',
help='Display GNU Hash')
optparser.add_option('--sysv-hash',
action='store_true',
dest='show_sysv_hash',
help='Display SYSV Hash')
optparser.add_option('-n',
'--notes',
action='store_true',
dest='show_notes',
help='Display Notes')
optparser.add_option('--no-trunc',
action='store_true',
dest='no_trunc',
default=False,
help='Do not trunc symbol names ...')
optparser.add_option('--ctor',
action='store_true',
dest='show_ctor',
help='Constructor functions')
optparser.add_option('--strings',
action='store_true',
dest='show_strings',
help='Strings present in the current ELF')
options, args = optparser.parse_args()
if options.help or len(args) == 0:
optparser.print_help()
sys.exit(0)
binary = ELF.parse(args[0])
print_information(binary)
if options.show_all:
do_file_header = do_section_header = do_program_header = True
if options.show_all_headers:
do_file_header = do_section_header = do_program_header = True
else:
do_file_header = options.show_file_header
do_section_header = options.show_section_header
do_program_header = options.show_program_header
if do_file_header or options.show_all:
print_header(binary)
if do_section_header or options.show_all:
print_sections(binary)
if do_program_header or options.show_all:
print_segments(binary)
if options.show_dynamic_tags or options.show_all:
print_dynamic_entries(binary)
if (options.show_symbols or options.show_all or
options.show_dynamic_symbols) and len(binary.dynamic_symbols) > 0:
print_dynamic_symbols(binary, options)
if (options.show_symbols or options.show_all
or options.show_static_symbols) and len(binary.static_symbols) > 0:
print_static_symbols(binary, options)
if options.show_relocs or options.show_all:
print_all_relocations(binary)
if options.show_imported_symbols or options.show_all:
print_imported_symbols(binary, options)
if options.show_exported_symbols or options.show_all:
print_exported_symbols(binary, options)
if (options.show_gnu_hash or options.show_all) and binary.use_gnu_hash:
print_gnu_hash(binary)
if (options.show_sysv_hash or options.show_all) and binary.use_sysv_hash:
print_sysv_hash(binary)
if options.show_notes or options.show_all:
print_notes(binary)
if options.show_ctor or options.show_all:
print_ctor(binary)
if options.show_strings or options.show_all:
print_strings(binary)
def scan(self, data, file, options, expire_at):
elf = ELF.parse(raw=data)
self.event['total'] = {
'libraries': len(elf.libraries),
'relocations': len(elf.relocations),
'sections': elf.header.numberof_sections,
'segments': elf.header.numberof_segments,
'symbols': len(elf.symbols),
}
self.event['nx'] = elf.has_nx
self.event['pie'] = elf.is_pie
self.event['header'] = {
'endianness': str(elf.header.identity_data).split('.')[1],
'entry_point': elf.header.entrypoint,
'file': {
'type': str(elf.header.file_type).split('.')[1],
'version': str(elf.header.object_file_version).split('.')[1],
},
'flags': {
'arm':
[str(f).split('.')[1] for f in elf.header.arm_flags_list],
'hexagon':
[str(f).split('.')[1] for f in elf.header.hexagon_flags_list],
'mips':
[str(f).split('.')[1] for f in elf.header.mips_flags_list],
'ppc64':
[str(f).split('.')[1] for f in elf.header.ppc64_flags_list],
'processor':
elf.header.processor_flag,
},
'identity': {
'class': str(elf.header.identity_class).split('.')[1],
'data': str(elf.header.identity_data).split('.')[1],
'os_abi': str(elf.header.identity_os_abi).split('.')[1],
'version': str(elf.header.identity_version).split('.')[1],
},
'machine': str(elf.header.machine_type).split('.')[1],
'size': elf.header.header_size,
}
if elf.has_interpreter:
self.event['interpreter'] = elf.interpreter
self.event.setdefault('relocations', [])
self.event['relocations'] = []
for relo in elf.relocations:
row = {
'address': relo.address,
'info': relo.info,
'purpose': str(relo.purpose).split('.')[1],
'size': relo.size,
}
if relo.has_section:
row['section'] = relo.section.name
if relo.has_symbol:
row['symbol'] = relo.symbol.name
if elf.header.machine_type == ELF.ARCH.x86_64:
row['type'] = str(ELF.RELOCATION_X86_64(
relo.type)).split('.')[1]
elif elf.header.machine_type == ELF.ARCH.i386:
row['type'] = str(ELF.RELOCATION_i386(relo.type)).split('.')[1]
elif elf.header.machine_type == ELF.ARCH.ARM:
row['type'] = str(ELF.RELOCATION_ARM(relo.type)).split('.')[1]
elif elf.header.machine_type == ELF.ARCH.AARCH64:
row['type'] = str(ELF.RELOCATION_AARCH64(
relo.type)).split('.')[1]
else:
row['type'] = str(relo.type)
self.event['relocations'].append(row)
self.event['sections'] = []
for sec in elf.sections:
self.event['sections'].append({
'alignment':
sec.alignment,
'entropy':
sec.entropy,
'flags': [str(f).split('.')[1] for f in sec.flags_list],
'name':
sec.name,
'offset':
sec.offset,
'size':
sec.size,
'type':
str(sec.type).split('.')[1],
'segments':
[str(seg.type).split('.')[1] for seg in sec.segments],
})
self.event['segments'] = []
for seg in elf.segments:
self.event['segments'].append({
'alignment':
seg.alignment,
'file_offset':
seg.file_offset,
'physical': {
'address': seg.physical_address,
'size': seg.physical_size,
},
'sections':
[str(sec.name).split('.')[1] for sec in seg.sections],
'type':
str(seg.type).split('.')[1],
'virtual': {
'address': seg.virtual_address,
'size': seg.virtual_size,
},
})
self.event['symbols'] = {
'exported': [sym.name for sym in elf.exported_symbols],
'imported': [sym.name for sym in elf.imported_symbols],
'libraries': elf.libraries,
'table': [],
}
for sym in elf.symbols:
self.event['symbols']['table'].append({
'binding':
str(sym.binding).rsplit('.')[1],
'information':
sym.information,
'function':
sym.is_function,
'symbol':
sym.name,
'section_index':
str(ELF.SYMBOL_SECTION_INDEX(sym.shndx)).rsplit('.')[1],
'size':
sym.size,
'static':
sym.is_static,
'version':
str(sym.symbol_version),
'type':
str(sym.type).rsplit('.')[1],
'variable':
sym.is_variable,
'visibility':
str(sym.visibility).rsplit('.')[1],
})
def main():
parser = argparse.ArgumentParser(add_help=False, prog=sys.argv[0])
parser.add_argument("elf_file")
parser.add_argument('-a', '--all',
action='store_true', dest='show_all',
help='Equivalent to: -h -l -S -s -r -d -V')
parser.add_argument('-d', '--dynamic',
action='store_true', dest='show_dynamic_tags',
help='Display the dynamic section')
parser.add_argument('-H', '--help',
action='help', dest='help',
help='Display this information')
parser.add_argument('-h', '--file-header',
action='store_true', dest='show_file_header',
help='Display the ELF file header')
parser.add_argument('-i', '--imported',
action='store_true', dest='show_imported_symbols',
help='Display imported symbols')
parser.add_argument('-l', '--program-headers', '--segments',
action='store_true', dest='show_program_header',
help='Display the program headers')
parser.add_argument('-S', '--section-headers', '--sections',
action='store_true', dest='show_section_header',
help="Display the sections' headers")
parser.add_argument('-e', '--headers',
action='store_true', dest='show_all_headers',
help='Equivalent to: -h -l -S')
parser.add_argument('-s', '--symbols', '--syms',
action='store_true', dest='show_symbols',
help='Display the symbol table')
parser.add_argument('--dynamic-symbols', '--dsyms',
action='store_true', dest='show_dynamic_symbols',
help='Display the dynamic symbols')
parser.add_argument('--static-symbols', '--ssyms',
action='store_true', dest='show_static_symbols',
help='Display the static symbols')
parser.add_argument('-r', '--relocs',
action='store_true', dest='show_relocs',
help='Display the relocations (if present)')
parser.add_argument('-V', '--version-info',
action='store_true', dest='show_version_info',
help='Display the version sections (if present)')
parser.add_argument('-x', '--exported',
action='store_true', dest='show_exported_symbols',
help='Display exported symbols')
parser.add_argument('--gnu-hash',
action='store_true', dest='show_gnu_hash',
help='Display GNU Hash')
parser.add_argument('--sysv-hash',
action='store_true', dest='show_sysv_hash',
help='Display SYSV Hash')
parser.add_argument('-n', '--notes',
action='store_true', dest='show_notes',
help='Display Notes')
parser.add_argument('--no-trunc',
action='store_true', dest='no_trunc',
default=False,
help='Do not trunc symbol names ...')
parser.add_argument('--ctor',
action='store_true', dest='show_ctor',
help='Constructor functions')
parser.add_argument('--strings',
action='store_true', dest='show_strings',
help='Strings present in the current ELF')
parser.add_argument('--functions',
action='store_true', dest='show_functions',
help='List all function addresses found')
# Logging setup
logger_group = parser.add_argument_group('Logger')
verbosity = logger_group.add_mutually_exclusive_group()
verbosity.add_argument('--debug',
dest='main_verbosity',
action='store_const',
const=lief.logging.LOGGING_LEVEL.DEBUG)
verbosity.add_argument('--trace',
dest='main_verbosity',
action='store_const',
const=lief.logging.LOGGING_LEVEL.TRACE)
verbosity.add_argument('--info',
dest='main_verbosity',
action='store_const',
const=lief.logging.LOGGING_LEVEL.INFO)
verbosity.add_argument('--warn',
dest='main_verbosity',
action='store_const',
const=lief.logging.LOGGING_LEVEL.WARNING)
verbosity.add_argument('--err',
dest='main_verbosity',
action='store_const',
const=lief.logging.LOGGING_LEVEL.ERROR)
verbosity.add_argument('--critical',
dest='main_verbosity',
action='store_const',
const=lief.logging.LOGGING_LEVEL.CRITICAL)
parser.set_defaults(main_verbosity=lief.logging.LOGGING_LEVEL.WARNING)
args = parser.parse_args()
lief.logging.set_level(args.main_verbosity)
binary = ELF.parse(args.elf_file)
print_information(binary)
if args.show_all:
do_file_header = do_section_header = do_program_header = True
if args.show_all_headers:
do_file_header = do_section_header = do_program_header = True
else:
do_file_header = args.show_file_header
do_section_header = args.show_section_header
do_program_header = args.show_program_header
if do_file_header or args.show_all:
print_header(binary)
if do_section_header or args.show_all:
print_sections(binary)
if do_program_header or args.show_all:
print_segments(binary)
if args.show_dynamic_tags or args.show_all:
print_dynamic_entries(binary)
if (args.show_symbols or args.show_all or args.show_dynamic_symbols) and len(binary.dynamic_symbols) > 0:
print_dynamic_symbols(binary, args)
if (args.show_symbols or args.show_all or args.show_static_symbols) and len(binary.static_symbols) > 0:
print_static_symbols(binary, args)
if args.show_relocs or args.show_all:
print_all_relocations(binary)
if args.show_imported_symbols or args.show_all:
print_imported_symbols(binary, args)
if args.show_exported_symbols or args.show_all:
print_exported_symbols(binary, args)
if (args.show_gnu_hash or args.show_all) and binary.use_gnu_hash:
print_gnu_hash(binary)
if (args.show_sysv_hash or args.show_all) and binary.use_sysv_hash:
print_sysv_hash(binary)
if args.show_notes or args.show_all:
print_notes(binary)
if args.show_ctor or args.show_all:
print_ctor(binary)
if args.show_strings or args.show_all:
print_strings(binary)
if args.show_functions:
print_functions(binary)
def main():
optparser = OptionParser(
usage='Usage: %prog [options] <elf-file>',
add_help_option=False, # -h is a real option of readelf
prog=sys.argv[0])
optparser.add_option('-a',
'--all',
action='store_true',
dest='show_all',
help='Equivalent to: -h -l -S -s -r -d -V')
optparser.add_option('-d',
'--dynamic',
action='store_true',
dest='show_dynamic_tags',
help='Display the dynamic section')
optparser.add_option('-H',
'--help',
action='store_true',
dest='help',
help='Display this information')
optparser.add_option('-h',
'--file-header',
action='store_true',
dest='show_file_header',
help='Display the ELF file header')
optparser.add_option('-i',
'--imported',
action='store_true',
dest='show_imported_symbols',
help='Display imported symbols')
optparser.add_option('-l',
'--program-headers',
'--segments',
action='store_true',
dest='show_program_header',
help='Display the program headers')
optparser.add_option('-S',
'--section-headers',
'--sections',
action='store_true',
dest='show_section_header',
help="Display the sections' headers")
optparser.add_option('-e',
'--headers',
action='store_true',
dest='show_all_headers',
help='Equivalent to: -h -l -S')
optparser.add_option('-s',
'--symbols',
'--syms',
action='store_true',
dest='show_symbols',
help='Display the symbol table')
optparser.add_option('-r',
'--relocs',
action='store_true',
dest='show_relocs',
help='Display the relocations (if present)')
optparser.add_option('-V',
'--version-info',
action='store_true',
dest='show_version_info',
help='Display the version sections (if present)')
optparser.add_option('-x',
'--exported',
action='store_true',
dest='show_exported_symbols',
help='Display exported symbols')
optparser.add_option('--gnu-hash',
action='store_true',
dest='show_gnu_hash',
help='Display GNU Hash')
options, args = optparser.parse_args()
if options.help or len(args) == 0:
optparser.print_help()
sys.exit(0)
binary = ELF.parse(args[0])
print_informations(binary)
if options.show_all:
do_file_header = do_section_header = do_program_header = True
if options.show_all_headers:
do_file_header = do_section_header = do_program_header = True
else:
do_file_header = options.show_file_header
do_section_header = options.show_section_header
do_program_header = options.show_program_header
if do_file_header or options.show_all:
print_header(binary)
if do_section_header or options.show_all:
print_sections(binary)
if do_program_header or options.show_all:
print_segments(binary)
if options.show_dynamic_tags or options.show_all:
print_dynamic_entries(binary)
if options.show_symbols or options.show_all:
print_symbols(binary)
if options.show_relocs or options.show_all:
print_relocations(binary)
if options.show_imported_symbols or options.show_all:
print_imported_symbols(binary)
if options.show_exported_symbols or options.show_all:
print_exported_symbols(binary)
if options.show_gnu_hash or options.show_all:
print_gnu_hash(binary)
# -*- coding: utf-8 -*- # Description # ----------- # In this example, we assume that we found # the ``main`` function at address 0x402A00 # and we add a static symbol to the binary # so that we can do: # # (gdb) break main # Breakpoint 1 at 0x402a00 from lief import ELF import sys binary = ELF.parse(sys.argv[1]) symtab_section = ELF.Section() symtab_section.name = "" symtab_section.type = ELF.SECTION_TYPES.SYMTAB symtab_section.entry_size = 0x18 symtab_section.alignment = 8 symtab_section.link = len(binary.sections) + 1 symtab_section.content = [0] * 100 symstr_section = ELF.Section() symstr_section.name = "" symstr_section.type = ELF.SECTION_TYPES.STRTAB symstr_section.entry_size = 1 symstr_section.alignment = 1 symstr_section.content = [0] * 100
def main(argv):
binary = ELF.parse("./KeygenMe")
remove_anti_debug(binary)
crack_it(binary)
binary.write("./KeygenMe.crack")
return 0