码迷,mamicode.com
首页 > 编程语言 > 详细

python3 elf文件解析

时间:2019-08-07 18:57:07      阅读:82      评论:0      收藏:0      [点我收藏+]

标签:typedef   har   its   data   oba   ase   needed   自己   __init__   

原地址:https://github.com/guanchao/elfParser

作者是用python2写的,现在给出我修改后的python3版本。(测试发现有bug,以后自己写个,0.0)

 

  1 #!/usr/bin/env python
  2 # coding:utf-8
  3 
  4 import sys
  5 import binascii
  6 
  7 ‘‘‘
  8 # 节区类型定义
  9 /* sh_type */
 10 #define SHT_NULL    0
 11 #define SHT_PROGBITS    1
 12 #define SHT_SYMTAB    2
 13 #define SHT_STRTAB    3
 14 #define SHT_RELA    4
 15 #define SHT_HASH    5
 16 #define SHT_DYNAMIC    6
 17 #define SHT_NOTE    7
 18 #define SHT_NOBITS    8
 19 #define SHT_REL    9
 20 #define SHT_SHLIB    10
 21 #define SHT_DYNSYM    11
 22 #define SHT_NUM    12
 23 #define SHT_LOPROC    0x70000000
 24 #define SHT_HIPROC    0x7fffffff
 25 #define SHT_LOUSER    0x80000000
 26 #define SHT_HIUSER    0xffffffff
 27 #define SHT_MIPS_LIST    0x70000000
 28 #define SHT_MIPS_CONFLICT    0x70000002
 29 #define SHT_MIPS_GPTAB    0x70000003
 30 #define SHT_MIPS_UCODE    0x70000004
 31 ‘‘‘
 32 SH_TYPE_MAP_LIST = {0: SHT_NULL,
 33                     1: SHT_PROGBITS,
 34                     2: SHT_SYMTAB,
 35                     3: SHT_STRTAB,
 36                     4: SHT_RELA,
 37                     5: SHT_HASH,
 38                     6: SHT_DYNAMIC,
 39                     7: SHT_NOTE,
 40                     8: SHT_NOBITS,
 41                     9: SHT_REL,
 42                     10: SHT_SHLIB,
 43                     11: SHT_DYNSYM,
 44                     # 0x60000000:‘SHT_LOOS‘,
 45                     # 0x6fffffff:‘SHT_HIOS‘,
 46                     0x70000000: SHT_LOPROC,
 47                     0x7FFFFFFF: SHT_HIPROC,
 48                     0x80000000: SHT_LOUSER,
 49                     0x8FFFFFFF: SHT_HIUSER,
 50                     0x70000000: SHT_MIPS_LIST,
 51                     0x70000002: SHT_MIPS_CONFLICT,
 52                     0x70000003: SHT_MIPS_GPTAB,
 53                     0x70000004: SHT_MIPS_UCODE,
 54                     }
 55 
 56 PT_TYPE_MAP_LIST = {
 57     0: NULL,
 58     1: LOAD,
 59     2: DYNAMIC,
 60     3: INTERP,
 61     4: NOTE,
 62     5: SHLIB,
 63     6: PHDR,
 64     7: TLS,
 65     0x70000000: LOPROC,
 66     0x70000001: HIPROC,
 67     0x6474E551: GNU_STACK,
 68     0x6474E552: GNU_RELRO,
 69 }
 70 
 71 ‘‘‘
 72 Elf32_Dyn.d_tag
 73 ‘‘‘
 74 DYNAMIC_TYPE = {
 75     0: NULL,
 76     1: NEEDED,
 77     2: PLTRELSZ,
 78     3: PLTGOT,
 79     4: HASH,
 80     5: STRTAB,
 81     6: SYMTAB,
 82     7: RELA,
 83     8: RELASZ,
 84     9: RELAENT,
 85     10: STRSZ,
 86     11: SYMENT,
 87     12: INIT,
 88     13: FINIT,
 89     14: SONAME,
 90     15: RPATH,
 91     16: SYMBOLIC,
 92     17: REL,
 93     18: RELSZ,
 94     19: RELENT,
 95     20: PLTREL,
 96     21: DEBUG,
 97     22: TEXTREL,
 98     23: JMPREL,
 99     26: FINIT_ARRAY,
100     28: FINIT_ARRAYSZ,
101     25: INIT_ARRAY,
102     27: INIT_ARRAYSZ,
103     30: FLAGS,
104     0x6FFFFFFA: RELCOUNT,
105     0x6FFFFFFB: FLAGS_1,
106     0x70000000: LOPROC,
107     0x7fffffff: HIPROC,
108     0x70000001: MIPS_RLD_VERSION,
109     0x70000002: MIPS_TIME_STAMP,
110     0x70000003: MIPS_ICHECKSUM,
111     0x70000004: MIPS_IVERSION,
112     0x70000005: MIPS_FLAGS,
113     0x70000006: MIPS_BASE_ADDRESS,
114     0x70000008: MIPS_CONFLICT,
115     0x70000009: MIPS_LIBLIST,
116     0x7000000a: MIPS_LOCAL_GOTNO,
117     0x7000000b: MIPS_CONFLICTNO,
118     0x70000010: MIPS_LIBLISTNO,
119     0x70000011: MIPS_SYMTABNO,
120     0x70000012: MIPS_UNREFEXTNO,
121     0x70000013: MIPS_GOTSYM,
122     0x70000014: MIPS_HIPAGENO,
123     0x70000016: MIPS_RLD_MAP,
124 
125 }
126 ‘‘‘
127 typedef struct elf32_hdr{
128   unsigned char    e_ident[EI_NIDENT];
129   Elf32_Half    e_type;
130   Elf32_Half    e_machine;
131   Elf32_Word    e_version;
132   Elf32_Addr    e_entry;  /* Entry point */
133   Elf32_Off    e_phoff;
134   Elf32_Off    e_shoff;
135   Elf32_Word    e_flags;
136   Elf32_Half    e_ehsize;
137   Elf32_Half    e_phentsize;
138   Elf32_Half    e_phnum;
139   Elf32_Half    e_shentsize;
140   Elf32_Half    e_shnum;
141   Elf32_Half    e_shstrndx;
142 } Elf32_Ehdr;
143 ‘‘‘
144 
145 
146 class Elf32_Ehdr(object):
147     """docstring for Elf32_Ehdr"""
148 
149     def __init__(self):
150         super(Elf32_Ehdr, self).__init__()
151         self.e_ident = None
152         self.e_type = None
153         self.e_machine = None
154         self.e_version = None
155         self.e_entry = None
156         self.e_phoff = None
157         self.e_shoff = None
158         self.e_flags = None
159         self.e_ehsize = None
160         self.e_phentsize = None
161         self.e_phnum = None
162         self.e_shentsize = None
163         self.e_shnum = None
164         self.e_shstrndx = None
165 
166 
167 class e_ident(object):
168     """docstring for e_ident"""
169 
170     def __init__(self):
171         super(e_ident, self).__init__()
172         self.file_identification = None
173         self.ei_class = None
174         self.ei_data = None
175         self.ei_version = None
176         self.ei_osabi = None
177         self.ei_abiversion = None
178         self.ei_pad = None
179         self.ei_nident = None
180 
181     def __str__(self):
182         return e_ident=[file_identification=%s, ei_class=%d, ei_data=%d, ei_version=%d, ei_osabi=%d, ei_abiversion=%d, ei_pad=%s, ei_nident=%d] % (
183             self.file_identification, self.ei_class, self.ei_data, self.ei_version, self.ei_osabi, self.ei_abiversion,
184             self.ei_pad, self.ei_nident)
185 
186 
187 class Elf32_Shdr(object):
188     """docstring for Elf32_Shdr"""
189 
190     def __init__(self):
191         super(Elf32_Shdr, self).__init__()
192         ‘‘‘
193         typedef struct Elf32_Shdr {
194           Elf32_Word    sh_name;
195           Elf32_Word    sh_type;
196           Elf32_Word    sh_flags;
197           Elf32_Addr    sh_addr;
198           Elf32_Off    sh_offset;
199           Elf32_Word    sh_size;
200           Elf32_Word    sh_link;
201           Elf32_Word    sh_info;
202           Elf32_Word    sh_addralign;
203           Elf32_Word    sh_entsize;
204         } Elf32_Shdr;
205         ‘‘‘
206         self.sh_name = None
207         self.sh_type = None
208         self.sh_flags = None
209         self.sh_addr = None
210         self.sh_offset = None
211         self.size = None
212         self.sh_link = None
213         self.sh_addralign = None
214         self.sh_entsize = None
215 
216         self.section_name = None
217 
218     def __str__(self):
219         return Elf32_Shdr=[sh_name=%s, sh_type=%d, sh_flags=%d, sh_addr=%s, sh_sh_offset=%s, sh_size=%d, sh_link=%d, sh_info=%d, sh_addralign=%d, sh_entsize=%d] % 220                (hex(self.sh_name), self.sh_type, self.sh_flags, hex(self.sh_addr), hex(self.sh_offset), self.sh_size,
221                 self.sh_link, self.sh_info, self.sh_addralign, self.sh_entsize)
222 
223 
224 class Elf32_Sym(object):
225     """docstring for Elf32_Sym"""
226 
227     def __init__(self):
228         super(Elf32_Sym, self).__init__()
229         ‘‘‘
230         typedef struct elf32_sym{
231           Elf32_Word    st_name;
232           Elf32_Addr    st_value;
233           Elf32_Word    st_size;
234           unsigned char    st_info;
235           unsigned char    st_other;
236           Elf32_Half    st_shndx;
237         } Elf32_Sym;
238         ‘‘‘
239         self.st_name = None
240         self.st_value = None
241         self.st_size = None
242         self.st_info = None
243         self.st_other = None
244         self.st_shndx = None
245 
246         self.symbol_name = None
247 
248     def __str__(self):
249         return Elf32_Dyn=[st_name=%s, st_value=%d, st_size=%d, st_info=%d, st_other=%d, st_shndx=%d] #%s % 250                (self.st_name, self.st_value, self.st_size, self.st_info, self.st_other, self.st_shndx, self.symbol_name)
251 
252 
253 class Elf32_Phdr(object):
254     """docstring for Elf32_Phdr"""
255 
256     def __init__(self):
257         super(Elf32_Phdr, self).__init__()
258         ‘‘‘
259             /* 32-bit ELF base types. */
260             typedef uint32_t Elf32_Addr;
261             typedef uint16_t Elf32_Half;
262             typedef uint32_t Elf32_Off;
263             typedef int32_t  Elf32_Sword;
264             typedef uint32_t Elf32_Word;
265         ‘‘‘
266         self.p_type = None  # Elf32_Word
267         self.p_offset = None  # Elf32_Off
268         self.p_vaddr = None  # Elf32_Addr
269         self.p_paddr = None  # Elf32_Addr
270         self.p_filesz = None  # Elf32_word
271         self.p_memsz = None  # Elf32_Word
272         self.p_flags = None  # Elf32_Word
273         self.p_align = None  # Elf32_Word
274 
275 
276 class Elf32_Dyn(object):
277     """docstring for Elf32_dyn"""
278 
279     def __init__(self):
280         super(Elf32_Dyn, self).__init__()
281         ‘‘‘
282         typedef struct dynamic{
283           Elf32_Sword d_tag;
284           union{
285             Elf32_Sword    d_val;
286             Elf32_Addr    d_ptr;
287           } d_un;
288         } Elf32_Dyn;
289         ‘‘‘
290         self.d_tag = None
291         self.d_un = None
292 
293     def __str__(self):
294         return Elf32_Dyn=[d_tag=%d, d_un=%d] % 295                (self.d_tag, self.d_un)
296 
297 
298 class ELF(object):
299     """docstring for ELF"""
300 
301     def __init__(self, filepath):
302         super(ELF, self).__init__()
303         self.filepath = filepath
304         self.elf32_Ehdr = Elf32_Ehdr()
305 
306         # section header table
307         self.sectionHeaderTable = []
308 
309         # section name table
310         self.sectionNameTable = None
311 
312         # program header table
313         self.programHeaderTable = []
314 
315         # dynamic symbol table
316         self.symbolTable = []  # .dynsym
317         self.dynstrTable = None  # .dynstr
318 
319         # dynamic link table
320         self.dynamicLinkTable = []  # .dynamic
321 
322         self.initELFHeader()
323         self.initSectionHeader()
324         self.initProgramHeader()
325         self.initSymbolTalbe()
326         self.initDynamicLinkTable()
327 
328     def initELFHeader(self):
329         f = open(self.filepath, "rb")
330         self.f = f
331         # unsigned char    e_ident[EI_NIDENT];
332         f.seek(0, 0)
333         self.elf32_Ehdr.e_ident = e_ident()
334         self.elf32_Ehdr.e_ident.file_identification = f.read(4)
335         self.elf32_Ehdr.e_ident.ei_class = int.from_bytes(f.read(1), little)
336         self.elf32_Ehdr.e_ident.ei_data = int.from_bytes(f.read(1), little)
337         self.elf32_Ehdr.e_ident.ei_version = int.from_bytes(f.read(1), little)
338         self.elf32_Ehdr.e_ident.ei_osabi = int.from_bytes(f.read(1), little)
339         self.elf32_Ehdr.e_ident.ei_abiversion = int.from_bytes(f.read(1), little)
340         self.elf32_Ehdr.e_ident.ei_pad = binascii.b2a_hex(f.read(6))
341         self.elf32_Ehdr.e_ident.ei_nident = int.from_bytes(f.read(1), little)
342 
343         # Elf32_Half    e_type;
344         f.seek(16, 0)
345         self.elf32_Ehdr.e_type = int.from_bytes(f.read(2), little)
346 
347         # Elf32_Half    e_machine;
348         f.seek(18, 0)
349         self.elf32_Ehdr.e_machine = int.from_bytes(f.read(2), little)
350 
351         # Elf32_Word    e_version;
352         f.seek(20, 0)
353         self.elf32_Ehdr.e_version = int.from_bytes(f.read(4), little)
354 
355         # Elf32_Addr    e_entry;
356         f.seek(24, 0)
357         self.elf32_Ehdr.e_entry = int.from_bytes(f.read(4), little)
358 
359         # Elf32_Off    e_phoff;
360         f.seek(28, 0)
361         self.elf32_Ehdr.e_phoff = int.from_bytes(f.read(4), little)
362 
363         # Elf32_Off    e_shoff;
364         f.seek(32, 0)
365         self.elf32_Ehdr.e_shoff = int.from_bytes(f.read(4), little)
366 
367         # Elf32_Word    e_flags;
368         f.seek(36, 0)
369         self.elf32_Ehdr.e_flags = int.from_bytes(f.read(4), little)
370 
371         # Elf32_Half    e_ehsize;
372         f.seek(40, 0)
373         self.elf32_Ehdr.e_ehsize = int.from_bytes(f.read(2), little)
374 
375         # Elf32_Half    e_phentsize;
376         f.seek(42, 0)
377         self.elf32_Ehdr.e_phentsize = int.from_bytes(f.read(2), little)
378 
379         # Elf32_Half    e_phnum;
380         f.seek(44, 0)
381         self.elf32_Ehdr.e_phnum = int.from_bytes(f.read(2), little)
382 
383         # Elf32_Half    e_shentsize;
384         f.seek(46, 0)
385         self.elf32_Ehdr.e_shentsize = int.from_bytes(f.read(2), little)
386 
387         # Elf32_Half    e_shnum;
388         f.seek(48, 0)
389         self.elf32_Ehdr.e_shnum = int.from_bytes(f.read(2), little)
390 
391         # Elf32_Half    e_shstrndx;
392         f.seek(50, 0)
393         self.elf32_Ehdr.e_shstrndx = int.from_bytes(f.read(2), little)
394 
395     def initSectionHeader(self):
396         # print(self.elf32_Ehdr.e_shnum)
397         for i in range(self.elf32_Ehdr.e_shnum):
398             self.sectionHeaderTable.append(self.parseSectionHeader(self.elf32_Ehdr.e_shoff + i * self.elf32_Ehdr.e_shentsize))
399         if self.elf32_Ehdr.e_shnum == 0:
400             return
401         # init section name table
402         self.f.seek(self.sectionHeaderTable[self.elf32_Ehdr.e_shstrndx].sh_offset)
403         size = self.sectionHeaderTable[self.elf32_Ehdr.e_shstrndx].sh_size
404         self.sectionNameTable = self.f.read(size)
405 
406         for i in range(self.elf32_Ehdr.e_shnum):
407             idx = self.sectionHeaderTable[i].sh_name
408             name = []
409             while self.sectionNameTable[idx] != 0:
410                 name.append(chr(self.sectionNameTable[idx]))
411                 idx += 1
412             # print("".join(name))
413             self.sectionHeaderTable[i].section_name = "".join(name)
414 
415     def parseSectionHeader(self, offset):
416         self.f.seek(offset, 0)
417         elf32_Shdr = Elf32_Shdr()
418         # elf32_Shdr.sh_name = int.from_bytes(self.f.read(4), 16)
419         elf32_Shdr.sh_name = int.from_bytes(self.f.read(4), little)
420         elf32_Shdr.sh_type = int.from_bytes(self.f.read(4), little)
421         elf32_Shdr.sh_flags = int.from_bytes(self.f.read(4), little)
422         elf32_Shdr.sh_addr = int.from_bytes(self.f.read(4), little)
423         elf32_Shdr.sh_offset = int.from_bytes(self.f.read(4), little)
424         elf32_Shdr.sh_size = int.from_bytes(self.f.read(4), little)
425         elf32_Shdr.sh_link = int.from_bytes(self.f.read(4), little)
426         elf32_Shdr.sh_info = int.from_bytes(self.f.read(4), little)
427         elf32_Shdr.sh_addralign = int.from_bytes(self.f.read(4), little)
428         elf32_Shdr.sh_entsize = int.from_bytes(self.f.read(4), little)
429         return elf32_Shdr
430 
431     def displaySectionHeader(self):
432         print([+] Section Header Table:)
433 
434         print(  #      %-32s%-16s%-16s%-16s%-8s%-8s%-8s%-8s%-8s%-8s % (
435             Name, Type, Addr, Offset, Size, ES, Flg, Lk, Inf, Al))
436 
437         for index in range(len(self.sectionHeaderTable)):
438             elf32_Shdr = self.sectionHeaderTable[index]
439             if elf32_Shdr.sh_type in SH_TYPE_MAP_LIST:
440                 print(  [%4d] %-32s%-16s%-16s%-16s%-8s%-8d%-8d%-8d%-8d%-8d % 441                 (index,
442                  self.getSectionName(elf32_Shdr),
443                  SH_TYPE_MAP_LIST[elf32_Shdr.sh_type].strip(),
444                  hex(elf32_Shdr.sh_addr),
445                  hex(elf32_Shdr.sh_offset),
446                  hex(elf32_Shdr.sh_size),
447                  elf32_Shdr.sh_entsize,
448                  elf32_Shdr.sh_flags,
449                  elf32_Shdr.sh_link,
450                  elf32_Shdr.sh_info,
451                  elf32_Shdr.sh_addralign,
452                  ))
453 
454             else:
455                 print(  [%4d] %-32s%-16d%-16s%-16s%-8s%-8d%-8d%-8d%-8d%-8d % 456                 (index,
457                  self.getSectionName(elf32_Shdr),
458                  elf32_Shdr.sh_type,
459                  hex(elf32_Shdr.sh_addr),
460                  hex(elf32_Shdr.sh_offset),
461                  hex(elf32_Shdr.sh_size),
462                  elf32_Shdr.sh_entsize,
463                  elf32_Shdr.sh_flags,
464                  elf32_Shdr.sh_link,
465                  elf32_Shdr.sh_info,
466                  elf32_Shdr.sh_addralign,
467                  ))
468 
469         print()
470 
471     def getSectionName(self, elf32_Shdr):
472         idx = self.sectionNameTable.find(0, elf32_Shdr.sh_name)
473         return self.sectionNameTable[elf32_Shdr.sh_name:idx]
474 
475     def initProgramHeader(self):
476         for i in range(self.elf32_Ehdr.e_phnum):
477             self.programHeaderTable.append(
478                 self.parseProgramHeader(self.elf32_Ehdr.e_phoff + i * self.elf32_Ehdr.e_phentsize))
479 
480     def parseProgramHeader(self, offset):
481         ‘‘‘
482         typedef struct elf32_phdr{
483           Elf32_Word    p_type;
484           Elf32_Off    p_offset;
485           Elf32_Addr    p_vaddr;
486           Elf32_Addr    p_paddr;
487           Elf32_Word    p_filesz;
488           Elf32_Word    p_memsz;
489           Elf32_Word    p_flags;
490           Elf32_Word    p_align;
491         } Elf32_Phdr;
492         ‘‘‘
493         self.f.seek(offset, 0)
494         elf32_Phdr = Elf32_Phdr()
495         elf32_Phdr.p_type = int.from_bytes(self.f.read(4), little)
496         elf32_Phdr.p_offset = int.from_bytes(self.f.read(4), little)
497         elf32_Phdr.p_vaddr = int.from_bytes(self.f.read(4), little)
498         elf32_Phdr.p_paddr = int.from_bytes(self.f.read(4), little)
499         elf32_Phdr.p_filesz = int.from_bytes(self.f.read(4), little)
500         elf32_Phdr.p_memsz = int.from_bytes(self.f.read(4), little)
501         elf32_Phdr.p_flags = int.from_bytes(self.f.read(4), little)
502         elf32_Phdr.p_align = int.from_bytes(self.f.read(4), little)
503         return elf32_Phdr
504 
505     def displayProgramHeader(self):
506         print([+] Program Header Table:)
507 
508         print(  #      %-16s%-16s%-16s%-16s%-8s%-8s%-8s%-8s % (
509             Type, offset, VirtAddr, PhysAddr, FileSiz, MemSiz, Flg, Align))
510 
511         for index in range(len(self.programHeaderTable)):
512             elf32_Phdr = self.programHeaderTable[index]
513 
514             if elf32_Phdr.p_type in PT_TYPE_MAP_LIST:
515                 print(  [%4d] %-16s%-16s%-16s%-16s%-8s%-8s%-8d%-8s % (
516                     index,
517                     PT_TYPE_MAP_LIST[elf32_Phdr.p_type],
518                     hex(elf32_Phdr.p_offset),
519                     hex(elf32_Phdr.p_vaddr),
520                     hex(elf32_Phdr.p_paddr),
521                     hex(elf32_Phdr.p_filesz),
522                     hex(elf32_Phdr.p_memsz),
523                     elf32_Phdr.p_flags,
524                     hex(elf32_Phdr.p_align),
525                 ))
526 
527             else:
528                 print(  [%4d] %-16d%-16s%-16s%-16s%-8s%-8s%-8d%-8s % (
529                     index,
530                     elf32_Phdr.p_type,
531                     hex(elf32_Phdr.p_offset),
532                     hex(elf32_Phdr.p_vaddr),
533                     hex(elf32_Phdr.p_paddr),
534                     hex(elf32_Phdr.p_filesz),
535                     hex(elf32_Phdr.p_memsz),
536                     elf32_Phdr.p_flags,
537                     hex(elf32_Phdr.p_align),
538                 ))
539 
540         print(\n[+] Section to segment mapping:)
541 
542         for index in range(len(self.programHeaderTable)):
543             elf32_Phdr = self.programHeaderTable[index]
544             sections = self.getSegmentSections(elf32_Phdr)
545 
546             sections_str = ‘‘
547             for elf32_Shdr in sections:
548                 idx = self.sectionNameTable.index(0, elf32_Shdr.sh_name)
549                 sections_str += self.sectionNameTable[elf32_Shdr.sh_name:idx].decode() +  
550             print(  [%4d] %s % (index, sections_str))
551 
552         print()
553 
554 
555     def getSegmentSections(self, elf32_Phdr):
556         start = elf32_Phdr.p_offset
557         end = elf32_Phdr.p_offset + elf32_Phdr.p_filesz
558 
559         sections = []
560         for index in range(len(self.sectionHeaderTable)):
561             elf32_Shdr = self.sectionHeaderTable[index]
562             section_start = elf32_Shdr.sh_offset
563             section_end = elf32_Shdr.sh_offset + elf32_Shdr.sh_size
564             if section_start >= start and section_end <= end:
565                 sections.append(elf32_Shdr)
566 
567         return sections
568 
569     def initSymbolTalbe(self):
570         # init dynsym
571         elf32_Shdr = self.getSectionByName(.dynsym)
572         if elf32_Shdr != None:
573             for i in range(int(elf32_Shdr.sh_size / elf32_Shdr.sh_entsize)):
574                 self.symbolTable.append(self.parseSymbolTable(elf32_Shdr.sh_offset + i * elf32_Shdr.sh_entsize))
575 
576         # init dynstr
577         dynstr_elf32_Shdr = self.getSectionByName(.dynstr)
578         self.f.seek(dynstr_elf32_Shdr.sh_offset)
579 
580         self.dynstrTable = self.f.read(dynstr_elf32_Shdr.sh_size)
581 
582         for i in range(len(self.symbolTable)):
583             idx = self.symbolTable[i].st_name
584             name = []
585             while  self.dynstrTable[idx+1] != 0:
586                 name.append(chr(self.dynstrTable[idx]))
587                 idx += 1
588             # print("".join(name))
589             self.symbolTable[i].symbol_name = "".join(name)
590 
591     def parseSymbolTable(self, offset):
592         ‘‘‘
593             typedef struct elf32_sym{
594               Elf32_Word    st_name;
595               Elf32_Addr    st_value;
596               Elf32_Word    st_size;
597               unsigned char    st_info;
598               unsigned char    st_other;
599               Elf32_Half    st_shndx;
600             } Elf32_Sym;
601         ‘‘‘
602         self.f.seek(offset, 0)
603         elf32_Sym = Elf32_Sym()
604         elf32_Sym.st_name = int.from_bytes(self.f.read(4), little)
605         elf32_Sym.st_value = int.from_bytes(self.f.read(4), little)
606         elf32_Sym.st_size = int.from_bytes(self.f.read(4), little)
607         elf32_Sym.st_info = int.from_bytes(self.f.read(1), little)
608         elf32_Sym.st_other = int.from_bytes(self.f.read(1), little)
609         elf32_Sym.st_shndx = int.from_bytes(self.f.read(2), little)
610         return elf32_Sym
611 
612     def displaySymbolTable(self):
613         print([+] Dynamic Symbol Table:)
614 
615         print(  #      %-10s%-8s%-8s%-8s%-8s%-8s%-8s
616               % (Value, Size, Type, Bind, Other, Ndx, Name))
617         BIND_TYPE = {0: LOCAL, 1: GLOBAL, 2: WEAK, 13: LOPROC, 15: HIPROC}
618         ELF32_ST_TYPE = {0: NOTYPE, 1: OBJECT, 2: FUNC, 3: SECTION, 4: FILE, 13: LOPROC, 15: HIPROC}
619         SHN_TYPE = {0: UNDEF, 0xfff1: ABS, 0xfff2: COMMON, }
620 
621         for index in range(len(self.symbolTable)):
622             elf32_Sym = self.symbolTable[index]
623             bind = elf32_Sym.st_info >> 4
624             type = elf32_Sym.st_info & 0xf
625 
626             if elf32_Sym.st_shndx == 0 or elf32_Sym.st_shndx == 0xfff1 or elf32_Sym.st_shndx == 0xfff2:
627                 shn_type = SHN_TYPE[elf32_Sym.st_shndx]
628             else:
629                 shn_type = str(elf32_Sym.st_shndx)
630             print(  [%4d] %-10s%-8d%-8s%-8s%-8d%-8s%-8s % (
631                 index,
632                 hex(elf32_Sym.st_value),
633                 elf32_Sym.st_size,
634                 ELF32_ST_TYPE[type],
635                 BIND_TYPE[bind],
636                 elf32_Sym.st_other,
637                 shn_type,
638                 elf32_Sym.symbol_name
639             ))
640         print()
641 
642     def initDynamicLinkTable(self):
643         # init dynamic
644         elf32_Shdr = self.getSectionByName(.dynamic)
645         if elf32_Shdr != None:
646             for i in range(int(elf32_Shdr.sh_size / elf32_Shdr.sh_entsize)):
647                 self.dynamicLinkTable.append(
648                     self.parseDynamicLinkTable(elf32_Shdr.sh_offset + i * elf32_Shdr.sh_entsize))
649 
650     def parseDynamicLinkTable(self, offset):
651         ‘‘‘
652         typedef struct dynamic{
653           Elf32_Sword d_tag;
654           union{
655             Elf32_Sword    d_val;
656             Elf32_Addr    d_ptr;
657           } d_un;
658         } Elf32_Dyn;
659         ‘‘‘
660         self.f.seek(offset, 0)
661         elf32_Dyn = Elf32_Dyn()
662         elf32_Dyn.d_tag = int.from_bytes(self.f.read(4), little)
663         elf32_Dyn.d_un = int.from_bytes(self.f.read(4), little)
664         return elf32_Dyn
665 
666     def displayDynamicLinkTable(self):
667         print([+] Dynamic Link Table:)
668         print(  #      %-16s%-16s%-8s % (Tag, Type, Name/Value))
669 
670         for index in range(len(self.dynamicLinkTable)):
671             elf32_Dyn = self.dynamicLinkTable[index]
672             print(  [%4d] %-16s%-16s%-16s % (
673                 index,
674                 hex(elf32_Dyn.d_tag),
675                 DYNAMIC_TYPE[elf32_Dyn.d_tag],
676                 self.getElf32_Dyn_TypeInfo(elf32_Dyn),
677 
678             ))
679 
680     def getElf32_Dyn_TypeInfo(self, elf32_Dyn):
681         if elf32_Dyn.d_tag == 1:  # DT_NEEDED
682             idx = self.dynstrTable.find(0, elf32_Dyn.d_un)
683             return Shared library: [%s] % self.dynstrTable[elf32_Dyn.d_un: idx]
684 
685         elif elf32_Dyn.d_tag == 0xe:  # DT_SONAME
686             idx = self.dynstrTable.find(0, elf32_Dyn.d_un)
687             return Library soname: [%s] % self.dynstrTable[elf32_Dyn.d_un: idx]
688 
689         return hex(elf32_Dyn.d_un)
690 
691     def displayELFHeader(self):
692         print([+] ELF Header:)
693         print(e_ident:\t%s % self.elf32_Ehdr.e_ident)
694         print(e_type: \t%s % self.elf32_Ehdr.e_type)
695         print(e_machine:\t%s % self.elf32_Ehdr.e_machine)
696         print(e_version:\t%s % self.elf32_Ehdr.e_version)
697         print(e_entry:\t%s % self.elf32_Ehdr.e_entry)
698         print(e_phoff:\t%s\t//Program header offset % hex(self.elf32_Ehdr.e_phoff))
699         print(e_shoff:\t%s\t//Section header offset % hex(self.elf32_Ehdr.e_shoff))
700         print(e_flags:\t%s % self.elf32_Ehdr.e_flags)
701         print(e_ehsize:\t%s\t//ELF header size % self.elf32_Ehdr.e_ehsize)
702         print(e_phentsize:\t%s\t//Program header entry size % self.elf32_Ehdr.e_phentsize)
703         print(e_phnum:\t%s\t//Program header number % self.elf32_Ehdr.e_phnum)
704         print(e_shentsize:\t%s\t//Section header entry size % (self.elf32_Ehdr.e_shentsize))
705         print(e_shnum:\t%s\t//Section header number % (self.elf32_Ehdr.e_shnum))
706         print(e_shstrndx:\t%s\t//Section header string index % (self.elf32_Ehdr.e_shstrndx))
707         print()
708 
709     def disassemble(self):
710         ‘‘‘
711         Display assembler contents of executable sections (.text .plt ...)
712         ‘‘‘
713         self.__disassembleTEXTSection()
714         self.__disassemblePLTSection()
715 
716     def __disassembleTEXTSection(self):
717         elf32_Shdr = self.getSectionByName(.text)
718         if elf32_Shdr == None:
719             return
720         # TODO
721         pass
722 
723     def __disassemblePLTSection(self):
724         elf32_Shdr = self.getSectionByName(.plt)
725         if elf32_Shdr == None:
726             return
727         # TODO
728         pass
729 
730     def getSectionByName(self, name):
731         for elf32_Shdr in self.sectionHeaderTable:
732             if elf32_Shdr.section_name == name:
733                 return elf32_Shdr
734         return None
735 
736 
737 if __name__ == __main__:
738     elf = ELF(sys.argv[1])
739     elf.displayELFHeader()
740     elf.displaySectionHeader()
741     elf.displayProgramHeader()
742     elf.displaySymbolTable()
743     elf.displayDynamicLinkTable()
744     elf.disassemble()

 

python3 elf文件解析

标签:typedef   har   its   data   oba   ase   needed   自己   __init__   

原文地址:https://www.cnblogs.com/DirWang/p/11316892.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!