aboutsummaryrefslogtreecommitdiffstats
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--README.md177
1 files changed, 158 insertions, 19 deletions
diff --git a/README.md b/README.md
index 691a796..d370884 100644
--- a/README.md
+++ b/README.md
@@ -1,29 +1,30 @@
-
-[![Total alerts](https://img.shields.io/lgtm/alerts/g/bloodstalker/delf.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/bloodstalker/delf/alerts/)
-[![Codacy Badge](https://app.codacy.com/project/badge/Grade/fe73b673bf0343aeae1c84ff1911b3ce)](https://www.codacy.com/gh/terminaldweller/delf/dashboard?utm_source=github.com&utm_medium=referral&utm_content=terminaldweller/delf&utm_campaign=Badge_Grade)
+[![Codacy Badge](https://app.codacy.com/project/badge/Grade/fe73b673bf0343aeae1c84ff1911b3ce)](https://www.codacy.com/gh/terminaldweller/delf/dashboard?utm_source=github.com&utm_medium=referral&utm_content=terminaldweller/delf&utm_campaign=Badge_Grade)
# delf
-delf is an ELF dump tool.<br/>
+
+delf is an ELF 64 dump tool.<br/>
## Installation
-You will also need to have `libcapstone` installed.
+
```sh
-pip install delf
+pipx install delf
```
-## Requirements
-You need python3 and `capstone`. If you don't have capstone you can get it by:<br/>
-```bash
-
-pip install capstone
+Or:
+```sh
+git clone https://github.com/terminaldweller/delf
+cd delf
+poetry install
```
-Your terminal needs to support ASCII escape sequences.<br/>
+
+You can then run it with `poetry shell` or `poetry run`.<br/>
## Options
-For a list of available options just run `delf -h`. Here's what you'll get:<br/>
-```bash
+For a list of available options just run `delf -h`:<br/>
+
+```txt
usage: delf [-h] [--dbg] [--obj OBJ] [--header] [--symboltable] [--phdrs]
[--shdrs] [--symbolindex] [--stentries] [--objcode] [--test]
[--test2] [--funcs] [--objs] [--dynsym] [--dlpath] [--phdynent]
@@ -61,10 +62,148 @@ optional arguments:
--rodata dump .rodata
--disass DISASS disassemblt a section
- ```
+```
-## Feature Request
-If there is something you need delf to do, make an issue and I'll take a look.<br/>
+## Example usage
-## TODO
-delf does not support ELF32. I'll write that in whenever I get the time to work on delf<br/>
+```txt
+$ delf --obj ./main --shdrs
+
+idx sh_name sh_type sh_flags sh_addr sh_offset sh_size sh_link sh_info sh_addralign sh_entsize
+0 '' 'NULL' 0 0 0 0 0 0 0 0
+1 '.interp' 'PROGBITS' 2 792 792 28 0 0 1 0
+2 '.note.gnu.property' 'NOTE' 2 824 824 32 0 0 8 0
+3 '.note.gnu.build-id' 'NOTE' 2 856 856 36 0 0 4 0
+4 '.note.ABI-tag' 'NOTE' 2 892 892 32 0 0 4 0
+5 '.gnu.hash' 'GNU_HASH' 2 928 928 36 6 0 8 0
+6 '.dynsym' 'DYNSYM' 2 968 968 144 7 1 8 24
+7 '.dynstr' 'STRTAB' 2 1112 1112 136 0 0 1 0
+8 '.gnu.version' 'VERSYM' 2 1248 1248 12 6 0 2 2
+9 '.gnu.version_r' 'VERNEED' 2 1264 1264 48 7 1 8 0
+10 '.rela.dyn' 'RELA' 2 1312 1312 192 6 0 8 24
+11 '.init' 'PROGBITS' 6 4096 4096 23 0 0 4 0
+12 '.plt' 'PROGBITS' 6 4128 4128 16 0 0 16 16
+13 '.plt.got' 'PROGBITS' 6 4144 4144 8 0 0 8 8
+14 '.text' 'PROGBITS' 6 4160 4160 262 0 0 16 0
+15 '.fini' 'PROGBITS' 6 4424 4424 9 0 0 4 0
+16 '.rodata' 'PROGBITS' 18 8192 8192 4 0 0 4 4
+17 '.eh_frame_hdr' 'PROGBITS' 2 8196 8196 44 0 0 4 0
+18 '.eh_frame' 'PROGBITS' 2 8240 8240 172 0 0 8 0
+19 '.init_array' 'INIT_ARRAY' 3 15872 11776 8 0 0 8 8
+20 '.fini_array' 'FINI_ARRAY' 3 15880 11784 8 0 0 8 8
+21 '.dynamic' 'DYNAMIC' 3 15888 11792 432 7 0 8 16
+22 '.got' 'PROGBITS' 3 16320 12224 40 0 0 8 8
+23 '.got.plt' 'PROGBITS' 3 16360 12264 24 0 0 8 8
+24 '.data' 'PROGBITS' 3 16384 12288 16 0 0 8 0
+25 '.bss' 'NOBITS' 3 16400 12304 8 0 0 1 0
+26 '.comment' 'PROGBITS' 48 0 12304 39 0 0 1 1
+27 '.debug_aranges' 'PROGBITS' 0 0 12352 240 0 0 16 0
+28 '.debug_info' 'PROGBITS' 0 0 12592 1393 0 0 1 0
+29 '.debug_abbrev' 'PROGBITS' 0 0 13985 398 0 0 1 0
+30 '.debug_line' 'PROGBITS' 0 0 14383 463 0 0 1 0
+31 '.debug_str' 'PROGBITS' 48 0 14846 944 0 0 1 1
+32 '.debug_line_str' 'PROGBITS' 48 0 15790 265 0 0 1 1
+33 '.debug_rnglists' 'PROGBITS' 0 0 16055 66 0 0 1 0
+34 '.symtab' 'SYMTAB' 0 0 16128 864 35 19 8 24
+35 '.strtab' 'STRTAB' 0 0 16992 467 0 0 1 0
+36 '.shstrtab' 'STRTAB' 0 0 17459 368 0 0 1 0
+```
+
+```txt
+$ delf --obj ./main --phdrs
+
+idx p_type p_flags p_offset p_vaddr p_paddr p_filesz p_memsz p_flags2 p_align
+0 'PHDR' 'WR' 64 64 64 728 728 0 '0x8'
+1 'INTERP' 'XW' 792 792 792 28 28 0 '0x1'
+2 'LOAD' 'X' 0 0 0 1504 1504 0 '0x1000'
+3 'LOAD' 'X' 4096 4096 4096 337 337 0 '0x1000'
+4 'LOAD' 'X' 8192 8192 8192 220 220 0 '0x1000'
+5 'LOAD' 'X' 11776 15872 15872 528 536 0 '0x1000'
+6 'DYNAMIC' 'W' 11792 15888 15888 432 432 0 '0x8'
+7 'NOTE' 'R' 824 824 824 32 32 0 '0x8'
+8 'NOTE' 'R' 856 856 856 68 68 0 '0x4'
+9 None 'XW' 824 824 824 32 32 0 '0x8'
+10 'GNU_EH_FRAME' '' 8196 8196 8196 44 44 0 '0x4'
+11 'GNU_STACK' 'X' 0 0 0 0 0 0 '0x10'
+12 'GNU_RELRO' 'W' 11776 15872 15872 512 512 0 '0x1'
+```
+
+```txt
+$ delf --obj ./main --section .interp
+
+000000 : 2f 6c 69 62 36 34 2f 6c 64 2d 6c 69 6e 75 78 2d /lib64/ld-linux-
+000010 : 78 38 36 2d 36 34 2e 73 6f 2e 32 00 x86-64.so.2
+```
+
+```txt
+$ delf --obj ./main --disass .text
+
+0x0 xor ebp, ebp
+0x2 mov r9, rdx
+0x5 pop rsi
+0x6 mov rdx, rsp
+0x9 and rsp, 0xfffffffffffffff0
+0xd push rax
+0xe push rsp
+0xf xor r8d, r8d
+0x12 xor ecx, ecx
+0x14 lea rdi, [rip + 0xd5]
+0x1b call qword ptr [rip + 0x2f5f]
+0x21 hlt
+0x22 nop word ptr cs:[rax + rax]
+0x2c nop dword ptr [rax]
+0x30 lea rdi, [rip + 0x2f99]
+0x37 lea rax, [rip + 0x2f92]
+0x3e cmp rax, rdi
+0x41 je 0x58
+0x43 mov rax, qword ptr [rip + 0x2f3e]
+0x4a test rax, rax
+0x4d je 0x58
+0x4f jmp rax
+0x51 nop dword ptr [rax]
+0x58 ret
+0x59 nop dword ptr [rax]
+0x60 lea rdi, [rip + 0x2f69]
+0x67 lea rsi, [rip + 0x2f62]
+0x6e sub rsi, rdi
+0x71 mov rax, rsi
+0x74 shr rsi, 0x3f
+0x78 sar rax, 3
+0x7c add rsi, rax
+0x7f sar rsi, 1
+0x82 je 0x98
+0x84 mov rax, qword ptr [rip + 0x2f0d]
+0x8b test rax, rax
+0x8e je 0x98
+0x90 jmp rax
+0x92 nop word ptr [rax + rax]
+0x98 ret
+0x99 nop dword ptr [rax]
+0xa0 endbr64
+0xa4 cmp byte ptr [rip + 0x2f25], 0
+0xab jne 0xd8
+0xad push rbp
+0xae cmp qword ptr [rip + 0x2eea], 0
+0xb6 mov rbp, rsp
+0xb9 je 0xc7
+0xbb mov rdi, qword ptr [rip + 0x2f06]
+0xc2 call 0xfffffffffffffff0
+0xc7 call 0x30
+0xcc mov byte ptr [rip + 0x2efd], 1
+0xd3 pop rbp
+0xd4 ret
+0xd5 nop dword ptr [rax]
+0xd8 ret
+0xd9 nop dword ptr [rax]
+0xe0 endbr64
+0xe4 jmp 0x60
+0xe9 nop dword ptr [rax]
+0xf0 push rbp
+0xf1 mov rbp, rsp
+0xf4 mov dword ptr [rbp - 4], 0
+0xfb mov dword ptr [rbp - 8], edi
+0xfe mov qword ptr [rbp - 0x10], rsi
+0x102 xor eax, eax
+0x104 pop rbp
+0x105 ret
+```