diff options
-rw-r--r-- | README.md | 177 | ||||
-rw-r--r-- | poetry.lock | 26 | ||||
-rw-r--r-- | pyproject.toml | 3 |
3 files changed, 181 insertions, 25 deletions
@@ -1,29 +1,30 @@ - -[![Total alerts](https://img.shields.io/lgtm/alerts/g/bloodstalker/delf.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/bloodstalker/delf/alerts/) -[![Codacy Badge](https://app.codacy.com/project/badge/Grade/fe73b673bf0343aeae1c84ff1911b3ce)](https://www.codacy.com/gh/terminaldweller/delf/dashboard?utm_source=github.com&utm_medium=referral&utm_content=terminaldweller/delf&utm_campaign=Badge_Grade) +[![Codacy Badge](https://app.codacy.com/project/badge/Grade/fe73b673bf0343aeae1c84ff1911b3ce)](https://www.codacy.com/gh/terminaldweller/delf/dashboard?utm_source=github.com&utm_medium=referral&utm_content=terminaldweller/delf&utm_campaign=Badge_Grade) # delf -delf is an ELF dump tool.<br/> + +delf is an ELF 64 dump tool.<br/> ## Installation -You will also need to have `libcapstone` installed. + ```sh -pip install delf +pipx install delf ``` -## Requirements -You need python3 and `capstone`. If you don't have capstone you can get it by:<br/> -```bash - -pip install capstone +Or: +```sh +git clone https://github.com/terminaldweller/delf +cd delf +poetry install ``` -Your terminal needs to support ASCII escape sequences.<br/> + +You can then run it with `poetry shell` or `poetry run`.<br/> ## Options -For a list of available options just run `delf -h`. Here's what you'll get:<br/> -```bash +For a list of available options just run `delf -h`:<br/> + +```txt usage: delf [-h] [--dbg] [--obj OBJ] [--header] [--symboltable] [--phdrs] [--shdrs] [--symbolindex] [--stentries] [--objcode] [--test] [--test2] [--funcs] [--objs] [--dynsym] [--dlpath] [--phdynent] @@ -61,10 +62,148 @@ optional arguments: --rodata dump .rodata --disass DISASS disassemblt a section - ``` +``` -## Feature Request -If there is something you need delf to do, make an issue and I'll take a look.<br/> +## Example usage -## TODO -delf does not support ELF32. I'll write that in whenever I get the time to work on delf<br/> +```txt +$ delf --obj ./main --shdrs + +idx sh_name sh_type sh_flags sh_addr sh_offset sh_size sh_link sh_info sh_addralign sh_entsize +0 '' 'NULL' 0 0 0 0 0 0 0 0 +1 '.interp' 'PROGBITS' 2 792 792 28 0 0 1 0 +2 '.note.gnu.property' 'NOTE' 2 824 824 32 0 0 8 0 +3 '.note.gnu.build-id' 'NOTE' 2 856 856 36 0 0 4 0 +4 '.note.ABI-tag' 'NOTE' 2 892 892 32 0 0 4 0 +5 '.gnu.hash' 'GNU_HASH' 2 928 928 36 6 0 8 0 +6 '.dynsym' 'DYNSYM' 2 968 968 144 7 1 8 24 +7 '.dynstr' 'STRTAB' 2 1112 1112 136 0 0 1 0 +8 '.gnu.version' 'VERSYM' 2 1248 1248 12 6 0 2 2 +9 '.gnu.version_r' 'VERNEED' 2 1264 1264 48 7 1 8 0 +10 '.rela.dyn' 'RELA' 2 1312 1312 192 6 0 8 24 +11 '.init' 'PROGBITS' 6 4096 4096 23 0 0 4 0 +12 '.plt' 'PROGBITS' 6 4128 4128 16 0 0 16 16 +13 '.plt.got' 'PROGBITS' 6 4144 4144 8 0 0 8 8 +14 '.text' 'PROGBITS' 6 4160 4160 262 0 0 16 0 +15 '.fini' 'PROGBITS' 6 4424 4424 9 0 0 4 0 +16 '.rodata' 'PROGBITS' 18 8192 8192 4 0 0 4 4 +17 '.eh_frame_hdr' 'PROGBITS' 2 8196 8196 44 0 0 4 0 +18 '.eh_frame' 'PROGBITS' 2 8240 8240 172 0 0 8 0 +19 '.init_array' 'INIT_ARRAY' 3 15872 11776 8 0 0 8 8 +20 '.fini_array' 'FINI_ARRAY' 3 15880 11784 8 0 0 8 8 +21 '.dynamic' 'DYNAMIC' 3 15888 11792 432 7 0 8 16 +22 '.got' 'PROGBITS' 3 16320 12224 40 0 0 8 8 +23 '.got.plt' 'PROGBITS' 3 16360 12264 24 0 0 8 8 +24 '.data' 'PROGBITS' 3 16384 12288 16 0 0 8 0 +25 '.bss' 'NOBITS' 3 16400 12304 8 0 0 1 0 +26 '.comment' 'PROGBITS' 48 0 12304 39 0 0 1 1 +27 '.debug_aranges' 'PROGBITS' 0 0 12352 240 0 0 16 0 +28 '.debug_info' 'PROGBITS' 0 0 12592 1393 0 0 1 0 +29 '.debug_abbrev' 'PROGBITS' 0 0 13985 398 0 0 1 0 +30 '.debug_line' 'PROGBITS' 0 0 14383 463 0 0 1 0 +31 '.debug_str' 'PROGBITS' 48 0 14846 944 0 0 1 1 +32 '.debug_line_str' 'PROGBITS' 48 0 15790 265 0 0 1 1 +33 '.debug_rnglists' 'PROGBITS' 0 0 16055 66 0 0 1 0 +34 '.symtab' 'SYMTAB' 0 0 16128 864 35 19 8 24 +35 '.strtab' 'STRTAB' 0 0 16992 467 0 0 1 0 +36 '.shstrtab' 'STRTAB' 0 0 17459 368 0 0 1 0 +``` + +```txt +$ delf --obj ./main --phdrs + +idx p_type p_flags p_offset p_vaddr p_paddr p_filesz p_memsz p_flags2 p_align +0 'PHDR' 'WR' 64 64 64 728 728 0 '0x8' +1 'INTERP' 'XW' 792 792 792 28 28 0 '0x1' +2 'LOAD' 'X' 0 0 0 1504 1504 0 '0x1000' +3 'LOAD' 'X' 4096 4096 4096 337 337 0 '0x1000' +4 'LOAD' 'X' 8192 8192 8192 220 220 0 '0x1000' +5 'LOAD' 'X' 11776 15872 15872 528 536 0 '0x1000' +6 'DYNAMIC' 'W' 11792 15888 15888 432 432 0 '0x8' +7 'NOTE' 'R' 824 824 824 32 32 0 '0x8' +8 'NOTE' 'R' 856 856 856 68 68 0 '0x4' +9 None 'XW' 824 824 824 32 32 0 '0x8' +10 'GNU_EH_FRAME' '' 8196 8196 8196 44 44 0 '0x4' +11 'GNU_STACK' 'X' 0 0 0 0 0 0 '0x10' +12 'GNU_RELRO' 'W' 11776 15872 15872 512 512 0 '0x1' +``` + +```txt +$ delf --obj ./main --section .interp + +000000 : 2f 6c 69 62 36 34 2f 6c 64 2d 6c 69 6e 75 78 2d /lib64/ld-linux- +000010 : 78 38 36 2d 36 34 2e 73 6f 2e 32 00 x86-64.so.2 +``` + +```txt +$ delf --obj ./main --disass .text + +0x0 xor ebp, ebp +0x2 mov r9, rdx +0x5 pop rsi +0x6 mov rdx, rsp +0x9 and rsp, 0xfffffffffffffff0 +0xd push rax +0xe push rsp +0xf xor r8d, r8d +0x12 xor ecx, ecx +0x14 lea rdi, [rip + 0xd5] +0x1b call qword ptr [rip + 0x2f5f] +0x21 hlt +0x22 nop word ptr cs:[rax + rax] +0x2c nop dword ptr [rax] +0x30 lea rdi, [rip + 0x2f99] +0x37 lea rax, [rip + 0x2f92] +0x3e cmp rax, rdi +0x41 je 0x58 +0x43 mov rax, qword ptr [rip + 0x2f3e] +0x4a test rax, rax +0x4d je 0x58 +0x4f jmp rax +0x51 nop dword ptr [rax] +0x58 ret +0x59 nop dword ptr [rax] +0x60 lea rdi, [rip + 0x2f69] +0x67 lea rsi, [rip + 0x2f62] +0x6e sub rsi, rdi +0x71 mov rax, rsi +0x74 shr rsi, 0x3f +0x78 sar rax, 3 +0x7c add rsi, rax +0x7f sar rsi, 1 +0x82 je 0x98 +0x84 mov rax, qword ptr [rip + 0x2f0d] +0x8b test rax, rax +0x8e je 0x98 +0x90 jmp rax +0x92 nop word ptr [rax + rax] +0x98 ret +0x99 nop dword ptr [rax] +0xa0 endbr64 +0xa4 cmp byte ptr [rip + 0x2f25], 0 +0xab jne 0xd8 +0xad push rbp +0xae cmp qword ptr [rip + 0x2eea], 0 +0xb6 mov rbp, rsp +0xb9 je 0xc7 +0xbb mov rdi, qword ptr [rip + 0x2f06] +0xc2 call 0xfffffffffffffff0 +0xc7 call 0x30 +0xcc mov byte ptr [rip + 0x2efd], 1 +0xd3 pop rbp +0xd4 ret +0xd5 nop dword ptr [rax] +0xd8 ret +0xd9 nop dword ptr [rax] +0xe0 endbr64 +0xe4 jmp 0x60 +0xe9 nop dword ptr [rax] +0xf0 push rbp +0xf1 mov rbp, rsp +0xf4 mov dword ptr [rbp - 4], 0 +0xfb mov dword ptr [rbp - 8], edi +0xfe mov qword ptr [rbp - 0x10], rsi +0x102 xor eax, eax +0x104 pop rbp +0x105 ret +``` diff --git a/poetry.lock b/poetry.lock index a96a8c9..13d7ccd 100644 --- a/poetry.lock +++ b/poetry.lock @@ -152,20 +152,20 @@ smmap = ">=3.0.1,<6" [[package]] name = "gitpython" -version = "3.1.40" +version = "3.1.41" description = "GitPython is a Python library used to interact with Git repositories" optional = false python-versions = ">=3.7" files = [ - {file = "GitPython-3.1.40-py3-none-any.whl", hash = "sha256:cf14627d5a8049ffbf49915732e5eddbe8134c3bdb9d476e6182b676fc573f8a"}, - {file = "GitPython-3.1.40.tar.gz", hash = "sha256:22b126e9ffb671fdd0c129796343a02bf67bf2994b35449ffc9321aa755e18a4"}, + {file = "GitPython-3.1.41-py3-none-any.whl", hash = "sha256:c36b6634d069b3f719610175020a9aed919421c87552185b085e04fbbdb10b7c"}, + {file = "GitPython-3.1.41.tar.gz", hash = "sha256:ed66e624884f76df22c8e16066d567aaa5a37d5b5fa19db2c6df6f7156db9048"}, ] [package.dependencies] gitdb = ">=4.0.1,<5" [package.extras] -test = ["black", "coverage[toml]", "ddt (>=1.1.1,!=1.4.3)", "mock", "mypy", "pre-commit", "pytest", "pytest-cov", "pytest-instafail", "pytest-subtests", "pytest-sugar"] +test = ["black", "coverage[toml]", "ddt (>=1.1.1,!=1.4.3)", "mock", "mypy", "pre-commit", "pytest (>=7.3.1)", "pytest-cov", "pytest-instafail", "pytest-mock", "pytest-sugar", "sumtypes"] [[package]] name = "isort" @@ -485,6 +485,22 @@ files = [ ] [[package]] +name = "setuptools" +version = "69.5.1" +description = "Easily download, build, install, upgrade, and uninstall Python packages" +optional = false +python-versions = ">=3.8" +files = [ + {file = "setuptools-69.5.1-py3-none-any.whl", hash = "sha256:c636ac361bc47580504644275c9ad802c50415c7522212252c033bd15f301f32"}, + {file = "setuptools-69.5.1.tar.gz", hash = "sha256:6c1fccdac05a97e598fb0ae3bbed5904ccb317337a51139dcd51453611bbb987"}, +] + +[package.extras] +docs = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (>=1,<2)", "sphinx-reredirects", "sphinxcontrib-towncrier"] +testing = ["build[virtualenv]", "filelock (>=3.4.0)", "importlib-metadata", "ini2toml[lite] (>=0.9)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "mypy (==1.9)", "packaging (>=23.2)", "pip (>=19.1)", "pytest (>=6,!=8.1.1)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-home (>=0.5)", "pytest-mypy", "pytest-perf", "pytest-ruff (>=0.2.1)", "pytest-timeout", "pytest-xdist (>=3)", "tomli", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel"] +testing-integration = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "packaging (>=23.2)", "pytest", "pytest-enabler", "pytest-xdist", "tomli", "virtualenv (>=13.0.0)", "wheel"] + +[[package]] name = "smmap" version = "5.0.1" description = "A pure Python implementation of a sliding window memory map manager" @@ -545,4 +561,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.8" -content-hash = "7fd609242e7d428792a0fabe74b6e12e3d88fe5318fcff85c0113cf63586384f" +content-hash = "7fd609242e7d428792a0fabe74b6e12e3d88fe5318fcff85c0113cf63586384f"
\ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index b3e5a23..75b3179 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "delf" -version = "0.1.3" +version = "0.1.4" description = "yet another elf dump tool" authors = ["terminaldweller <devi@terminaldweller.com>"] license = "GPL-3.0" @@ -16,6 +16,7 @@ include = [ [tool.poetry.dependencies] python = "^3.8" capstone = "^4.0.2" +setuptools = "^69.5.1" [tool.poetry.scripts] delf = "delf:main" |