diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/delf.py | 2347 |
1 files changed, 2347 insertions, 0 deletions
diff --git a/src/delf.py b/src/delf.py new file mode 100755 index 0000000..c988098 --- /dev/null +++ b/src/delf.py @@ -0,0 +1,2347 @@ +#!/usr/bin/env python3 +# *****************************************************************************/ +# yet another elfdump in python +# Copyright (C) 2018 Farzad Sadeghi + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, +# MA 02110-1301, USA.*/ +# *****************************************************************************/ +import argparse +import code +import os +import subprocess +import sys + +from capstone import CS_ARCH_X86, CS_MODE_64, Cs + +# from capstone.x86 import Cs + + +class ELF_TYPE_SIZES: + ELF32_HALF = 2 + ELF64_HALF = 2 + ELF32_WORD = 4 + ELF32_SWORD = 4 + ELF64_WORD = 4 + ELF64_SWORD = 4 + ELF32_XWORD = 8 + ELF32_SXWORD = 8 + ELF64_XWORD = 8 + ELF64_SXWORD = 8 + ELF32_ADDR = 4 + ELF64_ADDR = 8 + ELF32_OFF = 4 + ELF64_OFF = 8 + ELF32_SECTION = 2 + ELF64_SECTION = 2 + + +def SigHandler_SIGINT(signum, frame): + print() + sys.exit(0) + + +class CLIArgParser(object): + def __init__(self): + parser = argparse.ArgumentParser() + parser.add_argument("--dbg", action="store_true", help="debug", default=False) + parser.add_argument( + "--obj", + type=str, + help="path to the executbale, shared object " + "or object you want to load in bruiser", + ) + parser.add_argument( + "--header", action="store_true", help="dump headers", default=False + ) + parser.add_argument( + "--symboltable", + action="store_true", + help="dump symbol table", + default=False, + ) + parser.add_argument( + "--phdrs", + action="store_true", + help="dump program haeders", + default=False, + ) + parser.add_argument( + "--shdrs", + action="store_true", + help="dump section haeders", + default=False, + ) + parser.add_argument( + "--symbolindex", + action="store_true", + help="dump symbol index", + default=False, + ) + parser.add_argument( + "--stentries", + action="store_true", + help="dump section table entries", + default=False, + ) + parser.add_argument( + "--objcode", + action="store_true", + help="dump objects", + default=False, + ) + parser.add_argument( + "--test", action="store_true", help="test switch", default=False + ) + parser.add_argument( + "--test2", action="store_true", help="test switch 2", default=False + ) + parser.add_argument( + "--listdso", action="store_true", help="list DSOs", default=False + ) + parser.add_argument( + "--funcs", + action="store_true", + help="dump functions", + default=False, + ) + parser.add_argument( + "--objs", action="store_true", help="dump objects", default=False + ) + parser.add_argument( + "--dynsym", + action="store_true", + help="dump dynamic symbol table", + default=False, + ) + parser.add_argument( + "--dlpath", + action="store_true", + help="dump dynamic linker path", + default=False, + ) + parser.add_argument( + "--phdynent", + action="store_true", + help="dump ph PT_DYNAMIC entries", + default=False, + ) + parser.add_argument("--section", type=str, help="dump a section") + parser.add_argument( + "--dumpfunc", type=str, help="dump a functions machine code" + ) + parser.add_argument( + "--dumpfuncasm", type=str, help="dump a functions assembly code" + ) + parser.add_argument( + "--textasm", + action="store_true", + help="disassemble the text section", + default=False, + ) + parser.add_argument( + "--dynsecents", + action="store_true", + help="dynamic section entries", + default=False, + ) + parser.add_argument( + "--reladyn", + action="store_true", + help=".rela.dyn entries", + default=False, + ) + parser.add_argument( + "--relaplt", + action="store_true", + help=".rela.plt entries", + default=False, + ) + parser.add_argument( + "--rodata", action="store_true", help="dump .rodata", default=False + ) + parser.add_argument( + "--disass", + type=str, + help="disassembls a section by " "name in section headers", + ) + parser.add_argument( + "--disassp", + type=int, + help="disassembls a section " "by index in program headers", + ) + parser.add_argument( + "--got", + action="store_true", + help="dump .got section", + default=False, + ) + parser.add_argument( + "--gotplt", + action="store_true", + help="dump .got.plt section", + default=False, + ) + self.args = parser.parse_args() + if self.args.obj is None: + raise Exception( + "no object file provided. " "please specify an object with --obj." + ) + + +def byte2int(value, sign=False): + return int.from_bytes(value, byteorder="little", signed=sign) + + +def byte2hex(value): + return hex(int.from_bytes(value, byteorder="little", signed=False)) + + +def LEB128UnsignedDecode(bytelist): + result = 0 + shift = 0 + for byte in bytelist: + result |= (byte & 0x7F) << shift + if (byte & 0x80) == 0: + break + shift += 7 + return result + + +def LEB128SignedDecode(bytelist): + result = 0 + shift = 0 + for byte in bytelist: + result |= (byte & 0x7F) << shift + last_byte = byte + shift += 7 + if (byte & 0x80) == 0: + break + if last_byte & 0x40: + result |= -(1 << shift) + return result + + +def LEB128UnsignedEncode(int_val): + if int_val < 0: + raise Exception("value must not be negative") + if int_val == 0: + return bytes([0]) + byte_array = bytearray() + while int_val: + byte = int_val & 0x7F + byte_array.append(byte | 0x80) + int_val >>= 7 + byte_array[-1] ^= 0x80 + return byte_array + + +def LEB128SignedEncode(int_val): + byte_array = bytearray() + while True: + byte = int_val & 0x7F + byte_array.append(byte | 0x80) + int_val >>= 7 + if (int_val == 0 and byte & 0x40 == 0) or (int_val == -1 and byte & 0x40): + byte_array[-1] ^= 0x80 + break + return byte_array + + +class ELF_REL: + def __init__(self, r_offset, r_info): + self.r_offset = r_offset + self.r_info = r_info + + +class ELF_RELA: + def __init__(self, r_offset, r_info, r_addend): + self.r_offset = r_offset + self.r_info = r_info + self.r_addend = r_addend + + +def ffs(offset, header_list, numbered, *args): + # cn = Colors.green + ch = Colors.cyan + cd = Colors.blue + cb = Colors.BOLD + ci = Colors.red + ce = Colors.ENDC + max_column_width = [] + lines = [] + numbers_f = [] + dummy = [] + + if numbered: + numbers_f.extend(range(1, len(args[-1]) + 1)) + max_column_width.append( + max([len(repr(number)) for number in numbers_f]) if numbers_f else 6 + ) + header_list.insert(0, "idx") + + for arg in args: + max_column_width.append( + max([len(repr(argette)) for argette in arg]) if arg else 6 + ) + + index = range(0, len(header_list)) + for header, width, i in zip(header_list, max_column_width, index): + max_column_width[i] = max(len(header), width) + offset + + for i in index: + dummy.append(ch + cb + header_list[i].ljust(max_column_width[i]) + ce) + lines.append("".join(dummy)) + dummy.clear() + + index2 = range(0, len(args[-1])) + for i in index2: + if numbered: + dummy.append(ci + cb + repr(i).ljust(max_column_width[0]) + ce) + for arg, width in zip(args, max_column_width[1:]): + dummy.append(cd + repr(arg[i]).ljust(width) + ce) + else: + for arg, width in zip(args, max_column_width): + dummy.append(cd + repr(arg[i]).ljust(width) + ce) + lines.append("".join(dummy)) + dummy.clear() + return lines + + +def get_section_type_string(number): + if number == 0x0: + return "NULL" + if number == 0x1: + return "PROGBITS" + if number == 0x2: + return "SYMTAB" + if number == 0x3: + return "STRTAB" + if number == 0x4: + return "RELA" + if number == 0x5: + return "HASH" + if number == 0x6: + return "DYNAMIC" + if number == 0x7: + return "NOTE" + if number == 0x8: + return "NOBITS" + if number == 0x9: + return "REL" + if number == 0xA: + return "SHLIB" + if number == 0xB: + return "DYNSYM" + if number == 0xE: + return "INIT_ARRAY" + if number == 0xF: + return "FINI_ARRAY" + if number == 0x10: + return "PREINIT" + if number == 0x11: + return "GROUP" + if number == 0x12: + return "SYMTAB" + if number == 0x13: + return "NUM" + if number == 0x60000000: + return "LOOS" + if number == 0x6FFFFFF6: + return "GNU_HASH" + if number == 0x6FFFFFFF: + return "VERSYM" + if number == 0x6FFFFFFE: + return "VERNEED" + + +class sh_type_e: + SHT_NULL = 0x0 + SHT_PROGBITS = 0x1 + SHT_SYMTAB = 0x2 + SHT_STRTAB = 0x3 + SHT_RELA = 0x4 + SHT_HASH = 0x5 + SHT_DYNAMIC = 0x6 + SHT_NOTE = 0x7 + SHT_NOBITS = 0x8 + SHT_REL = 0x9 + SHT_SHLIB = 0xA + SHT_DYNSYM = 0xB + SHT_INIT_ARRAY = 0xE + SHT_FINI_ARRAY = 0xF + SHT_PREINIT = 0x10 + SHT_GROUP = 0x11 + SHT_SYMTAB_SHNDX = 0x12 + SHT_NUM = 0x13 + SHT_LOOS = 0x60000000 + GNU_HASH = 0x6FFFFFF6 + VERSYM = 0x6FFFFFFF + VERNEED = 0x6FFFFFFE + + +class sh_flags_e: + SHF_WRITE = 0x1 + SHF_ALLOC = 0x2 + SHF_EXECINSTR = 0x4 + SHF_MERGE = 0x10 + SHF_STRINGS = 0x20 + SHF_INFO_LINK = 0x40 + SHF_LINK_ORDER = 0x80 + SHF_OS_NONCONFORMING = 0x100 + SHF_GROUP = 0x200 + SHF_TLS = 0x400 + SHF_MASKOS = 0x0FF00000 + SHF_MASKPROC = 0xF0000000 + SHF_ORDERED = 0x4000000 + SHF_EXCLUDE = 0x8000000 + + +class p_type_e: + PT_NULL = 0x0 + PT_LOAD = 0x1 + PT_DYNAMIC = 0x2 + PT_INTERP = 0x3 + PT_NOTE = 0x4 + PT_SHLIB = 0x5 + PT_PHDR = 0x6 + PT_LOOS = 0x60000000 + PT_HIOS = 0x6FFFFFFF + PT_LOPROC = 0x70000000 + PT_HIPROC = 0x7FFFFFFF + GNU_EH_FRAME = 0x6474E550 + GNU_STACK = 0x6474E551 + GNU_RELRO = 0x6474E552 + + +def get_ph_type(value): + if value == p_type_e.PT_NULL: + return "NULL" + elif value == p_type_e.PT_LOAD: + return "LOAD" + elif value == p_type_e.PT_DYNAMIC: + return "DYNAMIC" + elif value == p_type_e.PT_INTERP: + return "INTERP" + elif value == p_type_e.PT_NOTE: + return "NOTE" + elif value == p_type_e.PT_SHLIB: + return "SHLIB" + elif value == p_type_e.PT_PHDR: + return "PHDR" + elif value == p_type_e.PT_LOOS: + return "LOOS" + elif value == p_type_e.PT_HIOS: + return "HIOS" + elif value == p_type_e.PT_LOPROC: + return "LOPROC" + elif value == p_type_e.PT_HIPROC: + return "HIPROC" + elif value == p_type_e.GNU_EH_FRAME: + return "GNU_EH_FRAME" + elif value == p_type_e.GNU_STACK: + return "GNU_STACK" + elif value == p_type_e.GNU_RELRO: + return "GNU_RELRO" + else: + return None + + +class ph_dynamic_entry: + def __init__(self, d_tag, d_un): + self.d_tag = d_tag + self.d_un = d_un + + +class elf_seg_flags: + PF_X = 0x1 + PF_W = 0x2 + PF_R = 0x4 + + +def get_elf_seg_flag(value): + ret = [] + if value & 0x01 == 1: + ret.append("X") + if (value & 0x02) >> 1 == 1: + ret.append("W") + if (value & 0x04) >> 2 == 1: + ret.append("R") + return "".join(ret) + + +class PH_DYN_TAG_TYPE: + DT_NULL = 0 + DT_NEEDED = 1 + DT_PLTRELSZ = 2 + DT_PLTGOT = 3 + DT_HASH = 4 + DT_STRTAB = 5 + DT_SYMTAB = 6 + DT_RELA = 7 + DT_RELASZ = 8 + DT_RELAENT = 9 + DT_STRSZ = 10 + DT_SYMENT = 11 + DT_INIT = 12 + DT_FINI = 13 + DT_SONAME = 14 + DT_RPATH = 15 + DT_SYMBOLIC = 16 + DT_REL = 17 + DT_RELSZ = 18 + DT_RELENT = 19 + DT_PLTREL = 20 + DT_DEBUG = 21 + DT_TEXTREL = 22 + DT_JMPREL = 23 + DT_LOPROC = 0x70000000 + DT_HIPROC = 0x7FFFFFFF + DT_BIND_NOW = 24 + DT_INIT_ARRAY = 25 + DT_FINI_ARRAY = 26 + DT_INIT_ARRAYSZ = 27 + DT_FINI_ARRAYSZ = 28 + DT_RUNPATH = 29 + DT_FLAGS = 30 + DT_ENCODING = 32 + DT_PREINIT_ARRAY = 32 + DT_PREINIT_ARRAYSZ = 33 + DT_NUM = 34 + DT_LOOS = 0x6000000D + DT_HIOS = 0x6FFFF000 + DT_PROC_NUM = 0x0 + DT_MIPS_NUM = 0x0 + DT_VALRNGLO = 0x6FFFFD00 + DT_GNU_PRELINKED = 0x6FFFFDF5 + DT_GNU_CONFLICTSZ = 0x6FFFFDF6 + DT_GNU_LIBLISTSZ = 0x6FFFFDF7 + DT_CHECKSUM = 0x6FFFFDF8 + DT_PLTPADSZ = 0x6FFFFDF9 + DT_MOVEENT = 0x6FFFFDFA + DT_MOVESZ = 0x6FFFFDFB + DT_FEATURE_1 = 0x6FFFFDFC + DT_POSFLAG_1 = 0x6FFFFDFD + DT_SYMINSZ = 0x6FFFFDFE + DT_SYMINENT = 0x6FFFFDFF + DT_VALRNGHI = 0x6FFFFDFF + DT_VALNUM = 12 + DT_ADDRRNGLO = 0x6FFFFE00 + DT_GNU_HASH = 0x6FFFFEF5 + DT_TLSDESC_PLT = 0x6FFFFEF6 + DT_TLSDESC_GOT = 0x6FFFFEF7 + DT_GNU_CONFLICT = 0x6FFFFEF8 + DT_GNU_LIBLIST = 0x6FFFFEF9 + DT_CONFIG = 0x6FFFFEFA + DT_DEPAUDIT = 0x6FFFFEFB + DT_AUDIT = 0x6FFFFEFC + DT_PLTPAD = 0x6FFFFEFD + DT_MOVETAB = 0x6FFFFEFE + DT_SYMINFO = 0x6FFFFEFF + DT_ADDRRNGHI = 0x6FFFFEFF + DT_ADDRNUM = 11 + DT_VERSYM = 0x6FFFFFF0 + DT_RELACOUNT = 0x6FFFFFF9 + DT_RELCOUNT = 0x6FFFFFFA + DT_FLAGS_1 = 0x6FFFFFFB + DT_VERDEF = 0x6FFFFFFC + DT_VERDEFNUM = 0x6FFFFFFD + DT_VERNEED = 0x6FFFFFFE + DT_VERNEEDNUM = 0x6FFFFFFF + DT_VERSIONTAGNUM = 16 + DT_AUXILIARY = 0x7FFFFFFD + DT_FILTER = 0x7FFFFFFF + DT_EXTRANUM = 3 + + +def get_ph_dynamic_ent_tag_type(value): + if value == PH_DYN_TAG_TYPE.DT_NULL: + return "DT_NULL" + elif value == PH_DYN_TAG_TYPE.DT_NEEDED: + return "DT_NEEDED" + elif value == PH_DYN_TAG_TYPE.DT_PLTRELSZ: + return "DT_PLTRELSZ" + elif value == PH_DYN_TAG_TYPE.DT_PLTGOT: + return "DT_PLTGOT" + elif value == PH_DYN_TAG_TYPE.DT_HASH: + return "DT_HASH" + elif value == PH_DYN_TAG_TYPE.DT_STRTAB: + return "DT_STRTAB" + elif value == PH_DYN_TAG_TYPE.DT_SYMTAB: + return "DT_SYMTAB" + elif value == PH_DYN_TAG_TYPE.DT_RELA: + return "DT_RELA" + elif value == PH_DYN_TAG_TYPE.DT_RELASZ: + return "DT_RELASZ" + elif value == PH_DYN_TAG_TYPE.DT_RELAENT: + return "DT_RELAENT" + elif value == PH_DYN_TAG_TYPE.DT_STRSZ: + return "DT_STRSZ" + elif value == PH_DYN_TAG_TYPE.DT_SYMENT: + return "DT_SYMENT" + elif value == PH_DYN_TAG_TYPE.DT_INIT: + return "DT_INIT" + elif value == PH_DYN_TAG_TYPE.DT_FINI: + return "DT_FINI" + elif value == PH_DYN_TAG_TYPE.DT_SONAME: + return "DT_SONAME" + elif value == PH_DYN_TAG_TYPE.DT_RPATH: + return "DT_RPATH" + elif value == PH_DYN_TAG_TYPE.DT_SYMBOLIC: + return "DT_SYMBOLIC" + elif value == PH_DYN_TAG_TYPE.DT_REL: + return "DT_REL" + elif value == PH_DYN_TAG_TYPE.DT_RELSZ: + return "DT_RELSZ" + elif value == PH_DYN_TAG_TYPE.DT_RELENT: + return "DT_RELENT" + elif value == PH_DYN_TAG_TYPE.DT_PLTREL: + return "DT_PLTREL" + elif value == PH_DYN_TAG_TYPE.DT_DEBUG: + return "DT_DEBUG" + elif value == PH_DYN_TAG_TYPE.DT_TEXTREL: + return "DT_TEXTREL" + elif value == PH_DYN_TAG_TYPE.DT_JMPREL: + return "DT_JMPREL" + elif value == PH_DYN_TAG_TYPE.DT_LOPROC: + return "DT_LOPROC" + elif value == PH_DYN_TAG_TYPE.DT_HIPROC: + return "DT_HIPROC" + elif value == PH_DYN_TAG_TYPE.DT_BIND_NOW: + return "DT_BIND_NOW" + elif value == PH_DYN_TAG_TYPE.DT_INIT_ARRAY: + return "DT_INIT_ARRAY" + elif value == PH_DYN_TAG_TYPE.DT_FINI_ARRAY: + return "DT_FINI_ARRAY" + elif value == PH_DYN_TAG_TYPE.DT_INIT_ARRAYSZ: + return "DT_INIT_ARRAYSZ" + elif value == PH_DYN_TAG_TYPE.DT_FINI_ARRAYSZ: + return "DT_FINI_ARRAYSZ" + elif value == PH_DYN_TAG_TYPE.DT_RUNPATH: + return "DT_RUNPATH" + elif value == PH_DYN_TAG_TYPE.DT_FLAGS: + return "DT_FLAGS" + elif value == PH_DYN_TAG_TYPE.DT_ENCODING: + return "DT_ENCODING" + elif value == PH_DYN_TAG_TYPE.DT_PREINIT_ARRAY: + return "DT_PREINIT_ARRAY" + elif value == PH_DYN_TAG_TYPE.DT_PREINIT_ARRAYSZ: + return "DT_PREINIT_ARRAYSZ" + elif value == PH_DYN_TAG_TYPE.DT_NUM: + return "DT_NUM" + elif value == PH_DYN_TAG_TYPE.DT_LOOS: + return "DT_LOOS" + elif value == PH_DYN_TAG_TYPE.DT_HIOS: + return "DT_HIOS" + # elif value == PH_DYN_TAG_TYPE.DT_PROC_NUM: return "DT_PROC_NUM" + # elif value == PH_DYN_TAG_TYPE.DT_MIPS_NUM: return "DT_MIPS_NUM" + elif value == PH_DYN_TAG_TYPE.DT_VALRNGLO: + return "DT_VALRNGLO" + elif value == PH_DYN_TAG_TYPE.DT_GNU_PRELINKED: + return "DT_GNU_PRELINKED" + elif value == PH_DYN_TAG_TYPE.DT_GNU_CONFLICTSZ: + return "DT_GNU_CONFLICTSZ" + elif value == PH_DYN_TAG_TYPE.DT_GNU_LIBLISTSZ: + return "DT_GNU_LIBLISTSZ" + elif value == PH_DYN_TAG_TYPE.DT_CHECKSUM: + return "DT_CHECKSUM" + elif value == PH_DYN_TAG_TYPE.DT_PLTPADSZ: + return "DT_PLTPADSZ" + elif value == PH_DYN_TAG_TYPE.DT_MOVEENT: + return "DT_MOVEENT" + elif value == PH_DYN_TAG_TYPE.DT_MOVESZ: + return "DT_MOVESZ" + elif value == PH_DYN_TAG_TYPE.DT_FEATURE_1: + return "DT_FEATURE_1" + elif value == PH_DYN_TAG_TYPE.DT_POSFLAG_1: + return "DT_POSFLAG_1" + elif value == PH_DYN_TAG_TYPE.DT_SYMINSZ: + return "DT_SYMINSZ" + elif value == PH_DYN_TAG_TYPE.DT_SYMINENT: + return "DT_SYMINENT" + elif value == PH_DYN_TAG_TYPE.DT_VALRNGHI: + return "DT_VALRNGHI" + # DT_VALNUM = 12 + elif value == PH_DYN_TAG_TYPE.DT_ADDRRNGLO: + return "DT_ADDRRNGLO" + elif value == PH_DYN_TAG_TYPE.DT_GNU_HASH: + return "DT_GNU_HASH" + elif value == PH_DYN_TAG_TYPE.DT_TLSDESC_PLT: + return "DT_TLSDESC_PLT" + elif value == PH_DYN_TAG_TYPE.DT_TLSDESC_GOT: + return "DT_TLSDESC_GOT" + elif value == PH_DYN_TAG_TYPE.DT_GNU_CONFLICT: + return "DT_GNU_CONFLICT" + elif value == PH_DYN_TAG_TYPE.DT_GNU_LIBLIST: + return "DT_GNU_LIBLIST" + elif value == PH_DYN_TAG_TYPE.DT_CONFIG: + return "DT_CONFIG" + elif value == PH_DYN_TAG_TYPE.DT_DEPAUDIT: + return "DT_DEPAUDIT" + elif value == PH_DYN_TAG_TYPE.DT_AUDIT: + return "DT_AUDIT" + elif value == PH_DYN_TAG_TYPE.DT_PLTPAD: + return "DT_PLTPAD" + elif value == PH_DYN_TAG_TYPE.DT_MOVETAB: + return "DT_MOVETAB" + elif value == PH_DYN_TAG_TYPE.DT_SYMINFO: + return "DT_SYMINFO" + elif value == PH_DYN_TAG_TYPE.DT_ADDRRNGHI: + return "DT_ADDRRNGHI" + # DT_ADDRNUM = 11 + elif value == PH_DYN_TAG_TYPE.DT_VERSYM: + return "DT_VERSYM" + elif value == PH_DYN_TAG_TYPE.DT_RELACOUNT: + return "DT_RELACOUNT" + elif value == PH_DYN_TAG_TYPE.DT_RELCOUNT: + return "DT_RELCOUNT" + elif value == PH_DYN_TAG_TYPE.DT_FLAGS_1: + return "DT_FLAGS_1" + elif value == PH_DYN_TAG_TYPE.DT_VERDEF: + return "DT_VERDEF" + elif value == PH_DYN_TAG_TYPE.DT_VERDEFNUM: + return "DT_VERDEFNUM" + elif value == PH_DYN_TAG_TYPE.DT_VERNEED: + return "DT_VERNEED" + elif value == PH_DYN_TAG_TYPE.DT_VERNEEDNUM: + return "DT_VERNEEDNUM" + elif value == PH_DYN_TAG_TYPE.DT_VERSIONTAGNUM: + return "DT_VERSIONTAGNUM" + elif value == PH_DYN_TAG_TYPE.DT_AUXILIARY: + return "DT_AUXILIARY" + elif value == PH_DYN_TAG_TYPE.DT_FILTER: + return "DT_FILTER" + # DT_EXTRANUM = 3 + else: + return str(value) + # else: return "UNKNOWN" + + +class X86_REL_TYPE: + R_386_NONE = 0 + R_386_32 = 1 + R_386_PC32 = 2 + R_386_GOT32 = 3 + R_386_PLT32 = 4 + R_386_COPY = 5 + R_386_GLOB_DAT = 6 + R_386_JMP_SLOT = 7 + R_386_RELATIVE = 8 + R_386_GOTOFF = 9 + R_386_GOTPC = 10 + R_386_32PLT = 11 + R_386_16 = 12 + R_386_PC16 = 13 + R_386_8 = 14 + R_386_PC8 = 15 + R_386_SIZE32 = 16 + + +def get_x86_rel_type(val): + if val == X86_REL_TYPE.R_386_NONE: + return "R_386_NONE" + elif val == X86_REL_TYPE.R_386_32: + return "R_386_32" + elif val == X86_REL_TYPE.R_386_PC32: + return "R_386_PC32" + elif val == X86_REL_TYPE.R_386_GOT32: + return "R_386_GOT32" + elif val == X86_REL_TYPE.R_386_PLT32: + return "R_386_PLT32" + elif val == X86_REL_TYPE.R_386_COPY: + return "R_386_COPY" + elif val == X86_REL_TYPE.R_386_GLOB_DAT: + return "R_386_GLOB_DAT" + elif val == X86_REL_TYPE.R_386_JMP_SLOT: + return "R_386_JMP_SLOT" + elif val == X86_REL_TYPE.R_386_RELATIVE: + return "R_386_RELATIVE" + elif val == X86_REL_TYPE.R_386_GOTOFF: + return "R_386_GOTOFF" + elif val == X86_REL_TYPE.R_386_GOTPC: + return "R_386_GOTPC" + elif val == X86_REL_TYPE.R_386_32PLT: + return "R_386_32PLT" + elif val == X86_REL_TYPE.R_386_16: + return "R_386_16" + elif val == X86_REL_TYPE.R_386_PC16: + return "R_386_PC16" + elif val == X86_REL_TYPE.R_386_8: + return "R_386_8" + elif val == X86_REL_TYPE.R_386_PC8: + return "R_386_PC8" + elif val == X86_REL_TYPE.R_386_SIZE32: + return "R_386_SIZE32" + else: + return "UNKNOWN" + + +class X86_64_REL_TYPE: + R_AMD64_NONE = 0 + R_AMD64_64 = 1 + R_AMD64_PC32 = 2 + R_AMD64_GOT32 = 3 + R_AMD64_PLT32 = 4 + R_AMD64_COPY = 5 + R_AMD64_GLOB_DAT = 6 + R_AMD64_JUMP_SLOT = 7 + R_AMD64_RELATIVE = 8 + R_AMD64_GOTPCREL = 9 + R_AMD64_32 = 10 + R_AMD64_32S = 11 + R_AMD64_16 = 12 + R_AMD64_PC16 = 13 + R_AMD64_8 = 14 + R_AMD64_PC8 = 15 + R_AMD64_PC64 = 24 + R_AMD64_GOTOFF64 = 25 + R_AMD64_GOTPC32 = 26 + R_AMD64_SIZE32 = 32 + R_AMD64_SIZE64 = 33 + + +class X86_64_REL_TYPE_2: + R_X86_64_NONE = 0 + R_X86_64_64 = 1 + R_X86_64_PC32 = 2 + R_X86_64_GOT32 = 3 + R_X86_64_PLT32 = 4 + R_X86_64_COPY = 5 + R_X86_64_GLOB_DAT = 6 + R_X86_64_JUMP_SLOT = 7 + R_X86_64_RELATIVE = 8 + R_X86_64_GOTPCREL = 9 + R_X86_64_32 = 10 + R_X86_64_32S = 11 + R_X86_64_16 = 12 + R_X86_64_PC16 = 13 + R_X86_64_64_8 = 14 + R_X86_64_PC8 = 15 + R_X86_64_DTPMOD64 = 16 + R_X86_64_DTPOFF64 = 17 + R_X86_64_TPOFF64 = 18 + R_X86_64_TLSGD = 19 + R_X86_64_TLSLD = 20 + R_X86_64_DTPOFF32 = 21 + R_X86_64_GOTTPOFF = 22 + R_X86_64_TPOFF32 = 23 + R_X86_64_PC64 = 24 + R_X86_64_GOTOFF64 = 25 + R_X86_64_GOTPC32 = 26 + R_X86_64_SIZE32 = 32 + R_X86_64_SIZE64 = 33 + R_X86_64_GOTPC32_TLDSEC = 34 + R_X86_64_TLDSEC_CALL = 35 + R_X86_64_TLDSEC = 36 + R_X86_64_IRELATIVE = 37 + + +def get_x86_64_rel_type(val): + if val == X86_64_REL_TYPE.R_AMD64_NONE: + return "R_386_NONE" + elif val == X86_64_REL_TYPE.R_AMD64_64: + return "R_AMD64_64" + elif val == X86_64_REL_TYPE.R_AMD64_PC32: + return "R_AMD64_PC32" + elif val == X86_64_REL_TYPE.R_AMD64_GOT32: + return "R_AMD64_GOT32" + elif val == X86_64_REL_TYPE.R_AMD64_PLT32: + return "R_AMD64_PLT32" + elif val == X86_64_REL_TYPE.R_AMD64_COPY: + return "R_AMD64_COPY" + elif val == X86_64_REL_TYPE.R_AMD64_GLOB_DAT: + return "R_AMD64_GLOB_DAT" + elif val == X86_64_REL_TYPE.R_AMD64_JUMP_SLOT: + return "R_AMD64_JUMP_SLOT" + elif val == X86_64_REL_TYPE.R_AMD64_RELATIVE: + return "R_AMD64_RELATIVE" + elif val == X86_64_REL_TYPE.R_AMD64_GOTPCREL: + return "R_AMD64_GOTPCREL" + elif val == X86_64_REL_TYPE.R_AMD64_32: + return "R_AMD64_32" + elif val == X86_64_REL_TYPE.R_AMD64_32S: + return "R_AMD64_32S" + elif val == X86_64_REL_TYPE.R_AMD64_16: + return "R_AMD64_16" + elif val == X86_64_REL_TYPE.R_AMD64_PC16: + return "R_AMD64_PC16" + elif val == X86_64_REL_TYPE.R_AMD64_8: + return "R_AMD64_8" + elif val == X86_64_REL_TYPE.R_AMD64_PC8: + return "R_AMD64_PC8" + elif val == X86_64_REL_TYPE.R_AMD64_PC64: + return "R_AMD64_PC64" + elif val == X86_64_REL_TYPE.R_AMD64_GOTOFF64: + return "R_AMD64_GOTOFF64" + elif val == X86_64_REL_TYPE.R_AMD64_GOTPC32: + return "R_AMD64_GOTPC32" + elif val == X86_64_REL_TYPE.R_AMD64_SIZE32: + return "R_AMD64_SIZE32" + elif val == X86_64_REL_TYPE.R_AMD64_SIZE64: + return "R_AMD64_SIZE64" + else: + return "UNKNOWN" + + +def get_x86_64_rel_type_2(val): + if val == X86_64_REL_TYPE_2.R_X86_64_NONE: + return "R_X86_64_NONE" + elif val == X86_64_REL_TYPE_2.R_X86_64_64: + return "R_X86_64_64" + elif val == X86_64_REL_TYPE_2.R_X86_64_PC32: + return "R_X86_64_PC32" + elif val == X86_64_REL_TYPE_2.R_X86_64_GOT32: + return "R_X86_64_GOT32" + elif val == X86_64_REL_TYPE_2.R_X86_64_PLT32: + return "R_X86_64_PLT32" + elif val == X86_64_REL_TYPE_2.R_X86_64_COPY: + return "R_X86_64_COPY" + elif val == X86_64_REL_TYPE_2.R_X86_64_GLOB_DAT: + return "R_X86_64_GLOB_DAT" + elif val == X86_64_REL_TYPE_2.R_X86_64_JUMP_SLOT: + return "R_X86_64_JUMP_SLOT" + elif val == X86_64_REL_TYPE_2.R_X86_64_RELATIVE: + return "R_X86_64_RELATIVE" + elif val == X86_64_REL_TYPE_2.R_X86_64_GOTPCREL: + return "R_X86_64_GOTPCREL" + elif val == X86_64_REL_TYPE_2.R_X86_64_32: + return "R_X86_64_32" + elif val == X86_64_REL_TYPE_2.R_X86_64_32S: + return "R_X86_64_32S" + elif val == X86_64_REL_TYPE_2.R_X86_64_16: + return "R_X86_64_16" + elif val == X86_64_REL_TYPE_2.R_X86_64_PC16: + return "R_X86_64_PC16" + elif val == X86_64_REL_TYPE_2.R_X86_64_64_8: + return "R_X86_64_64_8" + elif val == X86_64_REL_TYPE_2.R_X86_64_PC8: + return "R_X86_64_PC8" + elif val == X86_64_REL_TYPE_2.R_X86_64_DTPMOD64: + return "R_X86_64_DTPMOD64" + elif val == X86_64_REL_TYPE_2.R_X86_64_DTPOFF64: + return "R_X86_64_DTPOFF64" + elif val == X86_64_REL_TYPE_2.R_X86_64_TPOFF64: + return "R_X86_64_TPOFF64" + elif val == X86_64_REL_TYPE_2.R_X86_64_TLSGD: + return "R_X86_64_TLSGD" + elif val == X86_64_REL_TYPE_2.R_X86_64_TLSLD: + return "R_X86_64_TLSLD" + elif val == X86_64_REL_TYPE_2.R_X86_64_DTPOFF32: + return "R_X86_64_DTPOFF32" + elif val == X86_64_REL_TYPE_2.R_X86_64_GOTTPOFF: + return "R_X86_64_GOTTPOFF" + elif val == X86_64_REL_TYPE_2.R_X86_64_TPOFF32: + return "R_X86_64_TPOFF32" + elif val == X86_64_REL_TYPE_2.R_X86_64_PC64: + return "R_X86_64_PC64" + elif val == X86_64_REL_TYPE_2.R_X86_64_GOTOFF64: + return "R_X86_64_GOTOFF64" + elif val == X86_64_REL_TYPE_2.R_X86_64_GOTPC32: + return "R_X86_64_GOTPC32" + elif val == X86_64_REL_TYPE_2.R_X86_64_SIZE32: + return "R_X86_64_SIZE32" + elif val == X86_64_REL_TYPE_2.R_X86_64_SIZE64: + return "R_X86_64_SIZE64" + elif val == X86_64_REL_TYPE_2.R_X86_64_GOTPC32_TLDSEC: + return "R_X86_64_GOTPC32_TLDSEC" + elif val == X86_64_REL_TYPE_2.R_X86_64_TLDSEC_CALL: + return "R_X86_64_TLDSEC_CALL" + elif val == X86_64_REL_TYPE_2.R_X86_64_TLDSEC: + return "R_X86_64_TLDSEC" + elif val == X86_64_REL_TYPE_2.R_X86_64_IRELATIVE: + return "R_X86_64_IRELATIVE" + else: + return "UNKNOWN" + + +class ELF_ST_BIND: + STB_LOCAL = 0 + STB_GLOBAL = 1 + STB_WEAK = 2 + STB_LOOS = 10 + STB_HIOS = 12 + STB_LOPROC = 13 + STB_HIPROC = 15 + + +def get_elf_st_bind_string(value): + if value == ELF_ST_BIND.STB_LOCAL: + return "STB_LOCAL" + elif value == ELF_ST_BIND.STB_GLOBAL: + return "STB_GLOBAL" + elif value == ELF_ST_BIND.STB_WEAK: + return "STB_WEAK" + elif value == ELF_ST_BIND.STB_LOOS: + return "STB_LOOS" + elif value == ELF_ST_BIND.STB_HIOS: + return "STB_HIOS" + elif value == ELF_ST_BIND.STB_LOPROC: + return "STB_LOPROC" + elif value == ELF_ST_BIND.STB_LOPROC: + return "STB_HIPROC" + else: + return None + + +class ELF_ST_TYPE: + STT_NOTYPE = 0 + STT_OBJECT = 1 + STT_FUNC = 2 + STT_SECTION = 3 + STT_FILE = 4 + STT_COMMON = 5 + STT_TLS = 6 + STT_LOOS = 10 + STT_HIOS = 12 + STT_LOPROC = 13 + STT_SPARC_REGISTER = 13 + STT_HIPROC = 15 + + +def get_elf_st_type_string(value): + if value == ELF_ST_TYPE.STT_NOTYPE: + return "STT_NOTYPE" + elif value == ELF_ST_TYPE.STT_OBJECT: + return "STT_OBJECT" + elif value == ELF_ST_TYPE.STT_FUNC: + return "STT_FUNC" + elif value == ELF_ST_TYPE.STT_SECTION: + return "STT_SECTION" + elif value == ELF_ST_TYPE.STT_FILE: + return "STT_FILE" + elif value == ELF_ST_TYPE.STT_COMMON: + return "STT_COMMON" + elif value == ELF_ST_TYPE.STT_TLS: + return "STT_TLS" + elif value == ELF_ST_TYPE.STT_LOOS: + return "STT_LOOS" + elif value == ELF_ST_TYPE.STT_HIOS: + return "STT_HIOS" + elif value == ELF_ST_TYPE.STT_LOPROC: + return "STT_LOPROC" + elif value == ELF_ST_TYPE.STT_SPARC_REGISTER: + return "STT_SPARC_REGISTER" + elif value == ELF_ST_TYPE.STT_HIPROC: + return "STT_HIPROC" + else: + return None + + +class ELF_VIS: + STV_DEFAULT = 0 + STV_INTERNAL = 1 + STV_HIDDEN = 2 + STV_PROTECTED = 3 + STV_EXPORTED = 4 + STV_SINGLETON = 5 + STV_ELIMINATE = 6 + + +def get_elf_vis_string(value): + if value == ELF_VIS.STV_DEFAULT: + return "STV_DEFAULT" + elif value == ELF_VIS.STV_INTERNAL: + return "STV_INTERNAL" + elif value == ELF_VIS.STV_HIDDEN: + return "STV_HIDDEN" + elif value == ELF_VIS.STV_PROTECTED: + return "STV_PROTECTED" + elif value == ELF_VIS.STV_EXPORTED: + return "STV_EXPORTED" + elif value == ELF_VIS.STV_SINGLETON: + return "STV_SINGLETON" + elif value == ELF_VIS.STV_ELIMINATE: + return "STV_ELIMINATE" + else: + return None + + +class Colors: + purple = "\033[95m" + blue = "\033[94m" + green = "\033[92m" + yellow = "\033[93m" + red = "\033[91m" + grey = "\033[1;37m" + darkgrey = "\033[1;30m" + cyan = "\033[1;36m" + ENDC = "\033[0m" + BOLD = "\033[1m" + UNDERLINE = "\033[4m" + + +def openSO_r(path): + so = open(path, "rb") + return so + + +def openSO_w(path): + so = open(path, "wb") + return so + + +class ELFHDR: + def __init__( + self, + ei_mag, + ei_class, + ei_data, + ei_version, + ei_osabi, + ei_abiversion, + ei_pad, + e_type, + e_machine, + e_version, + e_entry, + e_phoff, + e_shoff, + e_flags, + e_ehsize, + e_phentsize, + e_phnum, + e_shentsize, + e_shnum, + e_shstrndx, + ): + self.ei_mag = ei_mag + self.ei_class = ei_class + self.ei_data = ei_data + self.ei_version = ei_version + self.ei_osabi = ei_osabi + self.ei_abiversion = ei_abiversion + self.ei_pad = ei_pad + self.e_type = e_type + self.e_machine = e_machine + self.e_version = e_version + self.e_entry = e_entry + self.e_phoff = e_phoff + self.e_shoff = e_shoff + self.e_flags = e_flags + self.e_ehsize = e_ehsize + self.e_phentsize = e_phentsize + self.e_phnum = e_phnum + self.e_shentsize = e_shentsize + self.e_shnum = e_shnum + self.e_shstrndx = e_shstrndx + + +class PHDR: + def __init__( + self, + p_type, + p_flags, + p_offset, + p_vaddr, + p_paddr, + p_filesz, + p_memsz, + p_flags2, + p_align, + ): + self.p_type = p_type + self.p_flags = p_flags + self.p_offset = p_offset + self.p_vaddr = p_vaddr + self.p_paddr = p_paddr + self.p_filesz = p_filesz + self.p_memsz = p_memsz + self.p_flags2 = p_flags2 + self.p_align = p_align + + +class SHDR: + def __init__( + self, + sh_name, + sh_type, + sh_flags, + sh_addr, + sh_offset, + sh_size, + sh_link, + sh_info, + sh_addralign, + sh_entsize, + ): + self.sh_name = sh_name + self.sh_type = sh_type + self.sh_flags = sh_flags + self.sh_addr = sh_addr + self.sh_offset = sh_offset + self.sh_size = sh_size + self.sh_link = sh_link + self.sh_info = sh_info + self.sh_addralign = sh_addralign + self.sh_entsize = sh_entsize + + +class Symbol_Table_Entry64: + def __init__( + self, + st_name, + st_info, + st_other, + st_shndx, + st_value, + st_size, + st_bind, + st_type, + ): + self.st_name = st_name + self.st_info = st_info + self.st_other = st_other + self.st_shndx = st_shndx + self.st_value = st_value + self.st_size = st_size + self.st_bind = st_bind + self.st_type = st_type + + +class ELF(object): + def __init__(self, so): + self.so = so + self.so.seek(0, 0) + self.elfhdr = ELFHDR(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) + self.phdr = [] + self.shhdr = [] + self.size = int() + self.string_tb_e = [] + self.string_tb_e_dyn = [] + self.symbol_table_e = [] + self.data_section = [] + self.text_section = [] + self.dlpath = str() + self.ph_dyn_ent = [] + self.dyn_section = [] + self.dyn_section_ents = [] + self.rela_dyn = [] + self.rela_dyn_ents = [] + self.rela_plt = [] + self.rela_plt_ents = [] + self.rodata = [] + self.plt = [] + self.got = [] + self.got_plt = [] + self.plt_got = [] + self.plt_ents = [] + self.plt_got_ents = [] + self.got_ents = [] + self.got_plt_ents = [] + + def init(self, size): + self.size = size + self.read_ELF_H(size) + self.so.seek(byte2int(self.elfhdr.e_phoff)) + phnum = byte2int(self.elfhdr.e_phnum) + for i in range(0, phnum): + self.read_PHDR(size) + self.so.seek(byte2int(self.elfhdr.e_shoff)) + shnum = byte2int(self.elfhdr.e_shnum) + for i in range(0, shnum): + self.read_SHDR(size) + for i in range(0, shnum): + type = byte2int(self.shhdr[i].sh_type) + if type == sh_type_e.SHT_SYMTAB: + self.so.seek(byte2int(self.shhdr[i].sh_offset), 0) + symbol_tb = self.so.read(byte2int(self.shhdr[i].sh_size)) + offset = 0 + num = int(byte2int(self.shhdr[i].sh_size) / 24) + for j in range(0, num): + self.read_st_entry( + symbol_tb[offset : offset + 24], self.string_tb_e + ) + offset += 24 + if type == sh_type_e.SHT_DYNSYM: + self.so.seek(byte2int(self.shhdr[i].sh_offset), 0) + symbol_tb = self.so.read(byte2int(self.shhdr[i].sh_size)) + offset = 0 + num = int(byte2int(self.shhdr[i].sh_size) / 24) + for j in range(0, num): + self.read_st_entry( + symbol_tb[offset : offset + 24], self.string_tb_e_dyn + ) + offset += 24 + self.pop_data_section() + self.pop_text_section() + self.get_ph_dyn_entries() + self.pop_dynamic_entries(".dynamic", self.dyn_section_ents) + self.pop_rela(".rela.plt", self.rela_plt, self.rela_plt_ents) + self.pop_rela(".rela.dyn", self.rela_dyn, self.rela_dyn_ents) + # self.pop_rel() + + def read_ELF_H(self, size): + self.elfhdr.ei_mag = self.so.read(4) + self.elfhdr.ei_class = self.so.read(1) + self.elfhdr.ei_data = self.so.read(1) + self.elfhdr.ei_version = self.so.read(1) + self.elfhdr.ei_osabi = self.so.read(1) + self.elfhdr.ei_abiversion = self.so.read(1) + self.elfhdr.ei_pad = self.so.read(7) + self.elfhdr.e_type = self.so.read(2) + self.elfhdr.e_machine = self.so.read(2) + self.elfhdr.e_version = self.so.read(4) + if size == 32: + self.elfhdr.e_entry = self.so.read(4) + elif size == 64: + self.elfhdr.e_entry = self.so.read(8) + if size == 32: + self.elfhdr.e_phoff = self.so.read(4) + elif size == 64: + self.elfhdr.e_phoff = self.so.read(8) + if size == 32: + self.elfhdr.e_shoff = self.so.read(4) + elif size == 64: + self.elfhdr.e_shoff = self.so.read(8) + self.elfhdr.e_flags = self.so.read(4) + self.elfhdr.e_ehsize = self.so.read(2) + self.elfhdr.e_phentsize = self.so.read(2) + self.elfhdr.e_phnum = self.so.read(2) + self.elfhdr.e_shentsize = self.so.read(2) + self.elfhdr.e_shnum = self.so.read(2) + self.elfhdr.e_shstrndx = self.so.read(2) + + def read_PHDR(self, size): + dummy = PHDR(0, 0, 0, 0, 0, 0, 0, 0, 0) + dummy.p_type = self.so.read(4) + if size == 64: + dummy.p_flags = self.so.read(4) + if size == 32: + dummy.p_offset = self.so.read(4) + elif size == 64: + dummy.p_offset = self.so.read(8) + if size == 32: + dummy.p_vaddr = self.so.read(4) + elif size == 64: + dummy.p_vaddr = self.so.read(8) + if size == 32: + dummy.p_paddr = self.so.read(4) + elif size == 64: + dummy.p_paddr = self.so.read(8) + if size == 32: + dummy.p_filesz = self.so.read(4) + elif size == 64: + dummy.p_filesz = self.so.read(8) + if size == 32: + dummy.p_memsz = self.so.read(4) + elif size == 64: + dummy.p_memsz = self.so.read(8) + if size == 32: + dummy.p_flags2 = self.so.read(4) + elif size == 64: + pass + if size == 32: + dummy.p_align = self.so.read(4) + elif size == 64: + dummy.p_align = self.so.read(8) + self.phdr.append(dummy) + + def read_SHDR(self, size): + dummy = SHDR(0, 0, 0, 0, 0, 0, 0, 0, 0, 0) + dummy.sh_name = self.so.read(4) + dummy.sh_type = self.so.read(4) + if size == 32: + dummy.sh_flags = self.so.read(4) + elif size == 64: + dummy.sh_flags = self.so.read(8) + if size == 32: + dummy.sh_addr = self.so.read(4) + elif size == 64: + dummy.sh_addr = self.so.read(8) + if size == 32: + dummy.sh_offset = self.so.read(4) + elif size == 64: + dummy.sh_offset = self.so.read(8) + if size == 32: + dummy.sh_size = self.so.read(4) + elif size == 64: + dummy.sh_size = self.so.read(8) + dummy.sh_link = self.so.read(4) + dummy.sh_info = self.so.read(4) + if size == 32: + dummy.sh_addralign = self.so.read(4) + elif size == 64: + dummy.sh_addralign = self.so.read(8) + if size == 32: + dummy.sh_entsize = self.so.read(4) + elif size == 64: + dummy.sh_entsize = self.so.read(8) + self.shhdr.append(dummy) + + def read_st_entry(self, st, entry_list): + dummy = Symbol_Table_Entry64(0, 0, 0, 0, 0, 0, 0, 0) + dummy.st_name = st[0:4] + dummy.st_info = st[4:5] + dummy.st_other = st[5:6] + dummy.st_shndx = st[6:8] + dummy.st_value = st[8:16] + dummy.st_size = st[16:24] + dummy.st_bind = byte2int(dummy.st_info) >> 4 + dummy.st_type = byte2int(dummy.st_info) & 0x0F + entry_list.append(dummy) + + def read_section_name(self, index): + shstrtab_index = byte2int(self.elfhdr.e_shstrndx) + name = [] + self.so.seek(byte2int(self.shhdr[shstrtab_index].sh_offset), 0) + strings = self.so.read(byte2int(self.shhdr[shstrtab_index].sh_size)) + char = strings[index] + while chr(char) != "\0": + index += 1 + name.append(chr(char)) + char = strings[index] + return "".join(name) + + def get_ph_dyn_entries(self): + size = 0 + for phdr in self.phdr: + if byte2int(phdr.p_type) == p_type_e.PT_DYNAMIC: + self.so.seek(byte2int(phdr.p_offset), 0) + size = byte2int(phdr.p_filesz) + ph_dyn = self.so.read(size) + for i in range(int(size / 8)): + d_tag = byte2int(ph_dyn[8 * i : 8 * i + 4]) + d_un = byte2int(ph_dyn[8 * i + 4 : 8 * i + 8]) + self.ph_dyn_ent.append(ph_dynamic_entry(d_tag, d_un)) + + def dump_ph_dyn_entries(self): + header = ["d_tag", "d_un"] + tag_list = [get_ph_dynamic_ent_tag_type(ph.d_tag) for ph in self.ph_dyn_ent] + un_list = [ph.d_un for ph in self.ph_dyn_ent] + lines = ffs(2, header, True, tag_list, un_list) + for line in lines: + print(line) + + def dump_funcs(self, dump_b): + ret_list = [] + dummy = [] + ret_list_int = [] + for iter in self.string_tb_e: + if iter.st_type == ELF_ST_TYPE.STT_FUNC: + self.so.seek(int.from_bytes(iter.st_value, byteorder="little")) + obj = self.so.read(int.from_bytes(iter.st_size, byteorder="little")) + ret_list.append(obj) + for byte in obj: + dummy.append(int(byte)) + ret_list_int.append(dummy) + dummy = [] + if dump_b: + for obj in ret_list_int: + for byte in obj: + print(format(byte, "02x") + " ", end="") + print("\n") + + return ret_list_int + + def dump_symbol_string(self, stt_type, dump_b): + ret_list = [] + for entry in self.string_tb_e: + if entry.st_type == stt_type: + ret_list.append( + "".join( + self.get_st_entry_symbol_string( + byte2int(entry.st_name), ".strtab" + ) + ) + ) + if dump_b: + for name in ret_list: + print(name) + return ret_list + + def dump_section(self, section_name, dump): + hit = False + for section in self.shhdr: + name = self.read_section_name(byte2int(section.sh_name)) + if name == section_name: + hit = True + self.so.seek(byte2int(section.sh_offset)) + obj = self.so.read(byte2int(section.sh_size)) + if section_name == ".interp": + self.dlpath = repr(obj) + count = int() + if dump: + strrep = [] + for byte in obj: + if count % 16 == 0: + for ch in strrep: + if ord(ch) > 32 and ord(ch) < 127: + print(ch, end="") + else: + print(" ", end="") + print() + strrep = [] + print(format(count, "06x"), ": ", end="") + strrep.append(str(chr(byte))) + print(format(byte, "02x") + " ", end="") + else: + strrep += str(chr(byte)) + print(format(byte, "02x") + " ", end="") + count += 1 + for i in range(0, 16 - count % 16): + print(" ", end="") + for ch in strrep: + if ord(ch) > 32 and ord(ch) < 127: + print(ch, end="") + else: + print(" ", end="") + print() + + ret_dummy = [] + for i in range(0, len(obj)): + ret_dummy.append(obj[i]) + # print(ret_dummy) + return ret_dummy + if not hit: + print(Colors.red + Colors.BOLD + "section is not present" + Colors.ENDC) + + def dump_obj_size(self, stt_type, dump_b): + ret_list = [] + for entry in self.string_tb_e: + if entry.st_type == stt_type: + ret_list.append(byte2int(entry.st_size)) + if dump_b: + for name in ret_list: + print(name) + return ret_list + + def dump_symbol_idx(self): + header = ["name", "size", "value", "info", "other", "shndx"] + name_list = [byte2int(st.st_name) for st in self.string_tb_e] + size_list = [byte2int(st.st_size) for st in self.string_tb_e] + value_list = [byte2int(st.st_value) for st in self.string_tb_e] + info_list = [byte2int(st.st_info) for st in self.string_tb_e] + other_list = [byte2int(st.st_other) for st in self.string_tb_e] + shndx_list = [byte2int(st.st_shndx) for st in self.string_tb_e] + lines = ffs( + 2, + header, + True, + name_list, + size_list, + value_list, + info_list, + other_list, + shndx_list, + ) + print(Colors.green + Colors.BOLD + "symbol:" + Colors.ENDC) + for line in lines: + print(line) + print(Colors.green + Colors.BOLD + "dyn symbol:" + Colors.ENDC) + header = ["name", "size", "value", "info", "other", "shndx"] + name_list = [byte2int(st.st_name) for st in self.string_tb_e_dyn] + size_list = [byte2int(st.st_size) for st in self.string_tb_e_dyn] + value_list = [byte2int(st.st_value) for st in self.string_tb_e_dyn] + info_list = [byte2int(st.st_info) for st in self.string_tb_e_dyn] + other_list = [byte2int(st.st_other) for st in self.string_tb_e_dyn] + shndx_list = [byte2int(st.st_shndx) for st in self.string_tb_e_dyn] + lines = ffs( + 2, + header, + True, + name_list, + size_list, + value_list, + info_list, + other_list, + shndx_list, + ) + for line in lines: + print(line) + + def dump_header(self): + header = [ + "ei_mag", + "ei_class", + "ei_data", + "ei_version", + "ei_osabi", + "ei_abiversion", + "ei_pad", + "e_type", + "e_machine", + "e_version", + "e_version", + "e_entry", + "e_phoff", + "e_shoff", + "e_flags", + "e_entsize", + "e_phentsize", + "e_phnum", + "e_shentsize", + "e_shnum", + "e_shstrndx", + ] + mag_list = [self.elfhdr.ei_mag] + class_list = [byte2int(self.elfhdr.ei_class)] + data_list = [byte2int(self.elfhdr.ei_data)] + version_list = [byte2int(self.elfhdr.ei_version)] + osabi_list = [byte2int(self.elfhdr.ei_osabi)] + abiversion_list = [byte2int(self.elfhdr.ei_abiversion)] + pad_list = [byte2int(self.elfhdr.ei_pad)] + type_list = [byte2int(self.elfhdr.e_type)] + machine_list = [byte2int(self.elfhdr.e_machine)] + # e_version_list = [byte2int(self.elfhdr.e_version)] + entry_list = [byte2int(self.elfhdr.e_entry)] + phoff_list = [byte2int(self.elfhdr.e_phoff)] + shoff_list = [byte2int(self.elfhdr.e_shoff)] + flags_list = [byte2int(self.elfhdr.e_flags)] + ehsize_list = [byte2int(self.elfhdr.e_ehsize)] + phentsize_list = [byte2int(self.elfhdr.e_phentsize)] + phnum_list = [byte2int(self.elfhdr.e_phnum)] + shentsize_list = [byte2int(self.elfhdr.e_shentsize)] + shnum_list = [byte2int(self.elfhdr.e_shnum)] + shstrndx_list = [byte2int(self.elfhdr.e_shstrndx)] + lines = ffs( + 2, + header, + True, + mag_list, + class_list, + data_list, + version_list, + osabi_list, + abiversion_list, + pad_list, + type_list, + machine_list, + version_list, + entry_list, + phoff_list, + shoff_list, + flags_list, + ehsize_list, + phentsize_list, + phnum_list, + shentsize_list, + phnum_list, + shentsize_list, + shnum_list, + shstrndx_list, + ) + for line in lines: + print(line) + + def dump_phdrs(self): + header = [ + "p_type", + "p_flags", + "p_offset", + "p_vaddr", + "p_paddr", + "p_filesz", + "p_memsz", + "p_flags2", + "p_align", + ] + type_list = [get_ph_type(byte2int(phdr.p_type)) for phdr in self.phdr] + flags_list = [get_elf_seg_flag(byte2int(phdr.p_type)) for phdr in self.phdr] + offset_list = [byte2int(phdr.p_offset) for phdr in self.phdr] + vaddr_list = [byte2int(phdr.p_vaddr) for phdr in self.phdr] + paddr_list = [byte2int(phdr.p_paddr) for phdr in self.phdr] + filesz_list = [byte2int(phdr.p_filesz) for phdr in self.phdr] + memsz_list = [byte2int(phdr.p_memsz) for phdr in self.phdr] + flags2_list = [phdr.p_flags2 for phdr in self.phdr] + align_list = [byte2hex(phdr.p_align) for phdr in self.phdr] + + lines = ffs( + 2, + header, + True, + type_list, + flags_list, + offset_list, + vaddr_list, + paddr_list, + filesz_list, + memsz_list, + flags2_list, + align_list, + ) + for line in lines: + print(line) + + def dump_shdrs(self): + header = [ + "sh_name", + "sh_type", + "sh_flags", + "sh_addr", + "sh_offset", + "sh_size", + "sh_link", + "sh_info", + "sh_addralign", + "sh_entsize", + ] + name_list = [ + self.read_section_name(byte2int(shhdr.sh_name)) for shhdr in self.shhdr + ] + type_list = [ + get_section_type_string(byte2int(shhdr.sh_type)) for shhdr in self.shhdr + ] + flag_list = [byte2int(shhdr.sh_flags) for shhdr in self.shhdr] + addr_list = [byte2int(shhdr.sh_addr) for shhdr in self.shhdr] + offset_list = [byte2int(shhdr.sh_offset) for shhdr in self.shhdr] + size_list = [byte2int(shhdr.sh_size) for shhdr in self.shhdr] + link_list = [byte2int(shhdr.sh_link) for shhdr in self.shhdr] + info_list = [byte2int(shhdr.sh_info) for shhdr in self.shhdr] + allign_list = [byte2int(shhdr.sh_addralign) for shhdr in self.shhdr] + entsize_list = [byte2int(shhdr.sh_entsize) for shhdr in self.shhdr] + + lines = ffs( + 2, + header, + True, + name_list, + type_list, + flag_list, + addr_list, + offset_list, + size_list, + link_list, + info_list, + allign_list, + entsize_list, + ) + for line in lines: + print(line) + + def dump_symbol_tb(self, name, type): + for i in range(0, byte2int(self.elfhdr.e_shnum)): + if byte2int(self.shhdr[i].sh_type) == type: + if name == self.read_section_name(byte2int(self.shhdr[i].sh_name)): + print(Colors.BOLD + Colors.yellow + "STRING TABLE:" + Colors.ENDC) + self.so.seek(byte2int(self.shhdr[i].sh_offset), 0) + symbol_tb = self.so.read(byte2int(self.shhdr[i].sh_size)) + for byte in symbol_tb: + print(chr(byte), end="") + if chr(byte) == "\0": + print() + + def dump_st_entries(self): + header = [ + "name_index", + "name", + "value", + "size", + "info", + "other", + "shndx", + "bind", + "type", + ] + idx_list = [byte2int(entry.st_name) for entry in self.string_tb_e] + name_list = [ + "".join(self.get_st_entry_symbol_string(byte2int(entry.st_name), ".strtab")) + for entry in self.string_tb_e + ] + value_list = [byte2int(entry.st_value) for entry in self.string_tb_e] + size_list = [byte2int(entry.st_size) for entry in self.string_tb_e] + info_list = [byte2int(entry.st_info) for entry in self.string_tb_e] + other_list = [byte2int(entry.st_other) for entry in self.string_tb_e] + shndx_list = [byte2int(entry.st_shndx) for entry in self.string_tb_e] + bind_list = [ + get_elf_st_bind_string(entry.st_bind) for entry in self.string_tb_e + ] + type_list = [ + get_elf_st_type_string(entry.st_type) for entry in self.string_tb_e + ] + + lines = ffs( + 2, + header, + True, + idx_list, + name_list, + value_list, + size_list, + info_list, + other_list, + shndx_list, + bind_list, + type_list, + ) + for line in lines: + print(line) + + def dump_st_entries_dyn(self): + header = [ + "name_index", + "name", + "value", + "size", + "info", + "other", + "shndx", + "bind", + "type", + ] + idx_list = [byte2int(entry.st_name) for entry in self.string_tb_e_dyn] + name_list = [ + "".join(self.get_st_entry_symbol_string(byte2int(entry.st_name), ".dynstr")) + for entry in self.string_tb_e_dyn + ] + value_list = [byte2int(entry.st_value) for entry in self.string_tb_e_dyn] + size_list = [byte2int(entry.st_size) for entry in self.string_tb_e_dyn] + info_list = [byte2int(entry.st_info) for entry in self.string_tb_e_dyn] + other_list = [byte2int(entry.st_other) for entry in self.string_tb_e_dyn] + shndx_list = [byte2int(entry.st_shndx) for entry in self.string_tb_e_dyn] + bind_list = [ + get_elf_st_bind_string(entry.st_bind) for entry in self.string_tb_e_dyn + ] + type_list = [ + get_elf_st_type_string(entry.st_type) for entry in self.string_tb_e_dyn + ] + + lines = ffs( + 2, + header, + True, + idx_list, + name_list, + value_list, + size_list, + info_list, + other_list, + shndx_list, + bind_list, + type_list, + ) + for line in lines: + print(line) + + def dump_dyn_sec_ents(self, who): + header = ["type_string", "tag", "value", "value(hex)"] + tag_string_list = [entry["type_string"] for entry in who] + tag_list = [entry["tag"] for entry in who] + value_list = [entry["value"] for entry in who] + value_list_hex = [hex(entry["value"]) for entry in who] + lines = ffs( + 2, + header, + True, + tag_string_list, + tag_list, + value_list, + value_list_hex, + ) + for line in lines: + print(line) + + def dump_rela(self, to_dump): + header = ["r_offset", "r_info", "r_addend"] + r_offset_list = [entry["r_offset"] for entry in to_dump] + r_info_list = [entry["r_info"] for entry in to_dump] + addend_list = [entry["r_addend"] for entry in to_dump] + lines = ffs(2, header, True, r_offset_list, r_info_list, addend_list) + for line in lines: + print(line) + + def dump_rel(self, to_dump): + header = ["r_offset", "r_info"] + r_offset_list = [entry["r_offset"] for entry in to_dump] + r_info_list = [entry["r_info"] for entry in to_dump] + lines = ffs(2, header, True, r_offset_list, r_info_list) + for line in lines: + print(line) + + def get_st_entry_symbol_string(self, index, section_name): + symbol = [] + for i in range(0, byte2int(self.elfhdr.e_shnum)): + name = self.read_section_name(byte2int(self.shhdr[i].sh_name)) + if ( + byte2int(self.shhdr[i].sh_type) == sh_type_e.SHT_STRTAB + and name == section_name + ): + self.so.seek(byte2int(self.shhdr[i].sh_offset) + index, 0) + byte = self.so.read(1) + while chr(byte[0]) != "\0": + if chr(byte[0]) != "\0": + symbol.append(chr(byte[0])) + byte = self.so.read(1) + return symbol + + def get_symbol_string_table(self, offset): + symbol = [] + for i in range( + 0, + int.from_bytes(self.elfhdr.e_shnum, byteorder="little", signed=False), + ): + if ( + int.from_bytes(self.shhdr[i].sh_type, byteorder="little", signed=False) + == sh_type_e.SHT_STRTAB + ): + self.so.seek( + int.from_bytes( + self.shhdr[i].sh_offset, + byteorder="little", + signed=False, + ) + + offset + - 0, + 0, + ) + byte = self.so.read(1) + while chr(byte[0]) != "\0": + if chr(byte[0]) != "\0": + symbol.append(chr(byte[0])) + byte = self.so.read(1) + return symbol + + def dump_inst_sections(self): + indices = [] + for section in self.shhdr: + if ( + int.from_bytes(section.sh_flags, byteorder="little", signed=False) + & sh_flags_e.SHF_EXECINSTR + == sh_flags_e.SHF_EXECINSTR + ): + indices.append(int.from_bytes(section.sh_name, byteorder="little")) + return indices + + def pop_data_section(self): + for section in self.shhdr: + name = self.read_section_name(byte2int(section.sh_name)) + if name == ".data": + self.so.seek(byte2int(section.sh_offset)) + self.data_section = self.so.read(byte2int(section.sh_size)) + + def pop_text_section(self): + for section in self.shhdr: + name = self.read_section_name(byte2int(section.sh_name)) + if name == ".text": + self.so.seek(byte2int(section.sh_offset)) + self.text_section = self.so.read(byte2int(section.sh_size)) + + def pop_dynamic_entries(self, section_name, struct_to_pop): + for section in self.shhdr: + name = self.read_section_name(byte2int(section.sh_name)) + if name == section_name: + self.so.seek(byte2int(section.sh_offset)) + self.dyn_section = self.so.read(byte2int(section.sh_size)) + length = int(len(self.dyn_section)) + dummy = {} + if self.size == 64: + jmp_val = 8 + elif self.size == 32: + jmp_val = 4 + else: + jmp_val = 8 + print("self.size is not set for class " "elf.going with 8 as a default.") + for offset in range(0, length, jmp_val * 2): + tag_type = byte2int(self.dyn_section[offset : offset + jmp_val]) + dummy["tag"] = tag_type + value = byte2int( + self.dyn_section[offset + jmp_val : offset + (jmp_val * 2)] + ) + dummy["value"] = value + type_string = get_ph_dynamic_ent_tag_type(tag_type) + dummy["type_string"] = type_string + type_string = str() + struct_to_pop.append(dummy) + dummy = {} + + def pop_rela(self, section_name, section_whole, to_pop): + size = int() + entsize = int() + dummy = {} + step = int() + if self.size == 64: + step = 8 + if self.size == 32: + step = 4 + for section in self.shhdr: + name = self.read_section_name(byte2int(section.sh_name)) + if name == section_name: + self.so.seek(byte2int(section.sh_offset)) + section_whole = self.so.read(byte2int(section.sh_size)) + size = byte2int(section.sh_size) + entsize = byte2int(section.sh_entsize) + if entsize != 0: + for i in range(0, int(size / entsize)): + dummy["r_offset"] = byte2int( + section_whole[i * entsize : i * entsize + step] + ) + dummy["r_info"] = byte2int( + section_whole[i * entsize + step : i * entsize + (step * 2)] + ) + dummy["r_addend"] = byte2int( + section_whole[i * entsize + (step * 2) : i * entsize + (step * 3)], + sign=True, + ) + to_pop.append(dummy) + dummy = {} + + def pop_rel(self, section_name, section_whole, to_pop): + size = int() + entsize = int() + dummy = {} + step = int() + if self.size == 64: + step = 8 + if self.size == 32: + step = 4 + for section in self.shhdr: + name = self.read_section_name(byte2int(section.sh_name)) + if name == section_name: + self.so.seek(byte2int(section.sh_offset)) + section_whole = self.so.read(byte2int(section.sh_size)) + size = byte2int(section.sh_size) + entsize = byte2int(section.sh_entsize) + for i in range(0, int(size / entsize)): + dummy["r_offset"] = byte2int( + section_whole[i * entsize : i * entsize + step] + ) + dummy["r_info"] = byte2int( + section_whole[i * entsize + step : i * entsize + (step * 2)] + ) + to_pop.append(dummy) + dummy = {} + + # FIXME-ELF64 only + def pop_got(self): + for shhdr in self.shhdr: + name = self.read_section_name(byte2int(shhdr.sh_name)) + if name == ".got": + self.so.seek(byte2int(shhdr.sh_offset)) + self.got = self.so.read(byte2int(shhdr.sh_size)) + self.so.seek(byte2int(shhdr.sh_offset)) + for i in range(0, int(byte2int(shhdr.sh_size) / 8)): + self.got_ents.append(byte2int(self.so.read(8))) + + # FIXME-ELF64 only + def pop_got_plt(self): + for shhdr in self.shhdr: + name = self.read_section_name(byte2int(shhdr.sh_name)) + if name == ".got.plt": + self.so.seek(byte2int(shhdr.sh_offset)) + self.got_plt = self.so.read(byte2int(shhdr.sh_size)) + self.so.seek(byte2int(shhdr.sh_offset)) + for i in range(0, int(byte2int(shhdr.sh_size) / 8)): + self.got_plt_ents.append(byte2int(self.so.read(8))) + + def dump_got(self): + header = ["value"] + value_list = [entry for entry in self.got_ents] + lines = ffs(2, header, True, value_list) + for line in lines: + print(line) + + def dump_got_plt(self): + header = ["value"] + value_list = [entry for entry in self.got_plt_ents] + lines = ffs(2, header, True, value_list) + for line in lines: + print(line) + + +class obj_loader: + def __init__(self, bytes): + self.memory = bytes() + + def load(self, obj): + for byte in obj: + self.memory.append(byte) + + +def ch_so_to_exe(path): + so = open(path, "r+b") + so.seek(16) + so.write(bytes([2])) + print(Colors.purple + "changed so to exe" + Colors.ENDC) + so.close + + +def ch_exe_to_so(path): + so = open(path, "r+b") + so.seek(16) + so.write(bytes([3])) + print(Colors.purple + "changed exe to so" + Colors.ENDC) + so.close + + +def elf_init(): + so = openSO_r(sys.argv[1]) + elf = ELF(so) + elf.init(64) + + +def elf_get_func_names(): + so = openSO_r(sys.argv[1]) + elf = ELF(so) + elf.init(64) + return elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, False) + + +def elf_get_text_section(): + so = openSO_r(sys.argv[1]) + elf = ELF(so) + elf.init(64) + return elf.dump_section(".text", False) + + +def elf_get_section(name): + so = openSO_r(sys.argv[1]) + elf = ELF(so) + elf.init(64) + return elf.dump_section(name, False) + + +def elf_get_rodata_section(): + so = openSO_r(sys.argv[1]) + elf = ELF(so) + elf.init(64) + return elf.dump_section(".rodata", False) + + +# obj here means variables or what the C standard means by objects + + +def elf_get_obj_names(): + so = openSO_r(sys.argv[1]) + elf = ELF(so) + elf.init(64) + return elf.dump_symbol_string(ELF_ST_TYPE.STT_OBJECT, False) + + +# obj here means variables or what the C standard means by objects + + +def elf_get_obj_sizes(): + so = openSO_r(sys.argv[1]) + elf = ELF(so) + elf.init(64) + return elf.dump_obj_size(ELF_ST_TYPE.STT_OBJECT, False) + + +def elf_get_func_code(): + so = openSO_r(sys.argv[1]) + elf = ELF(so) + elf.init(64) + return elf.dump_funcs(False) + + +def elf_get_func_code_byname(): + so = openSO_r(sys.argv[1]) + arg = openSO_r(sys.argv[2]) + elf = ELF(so) + elf.init(64) + counter = 0 + # hit = False + for name in elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, False): + if name == arg: + code = elf.dump_funcs(False)[counter] + # hit = True + counter += 1 + return code + + +class Call_Rewriter(object): + # def __init__(self, obj_code, arch, mode): + def __init__(self, obj_code): + self.obj_code = bytes(obj_code) + self.md = Cs(CS_ARCH_X86, CS_MODE_64) + # self.md = Cs(arch, mode) + + def dumpall(self): + for i in self.md.disasm(self.obj_code, 0x1): + print("0x%x:\t%s\t%s" % (i.address, i.mnemonic, i.op_str)) + + def run(self): + for i in self.md.disasm(self.obj_code, 0x1): + if i.mnemonic == "call": + print("0x%x:\t%s\t%s" % (i.address, i.mnemonic, i.op_str)) + print(i.bytes) + + +class Global_Rewriter(object): + def __init__(self): + pass + + +class Rewriter(object): + def __init__(self, path, new_name): + so = openSO_r(path) + self.elf = ELF(so) + self.elf.init(64) + # shutil.copyfile(path, "/tmp/exe") + self.magic_section_number = int() + self.new_name = new_name + self.shdr_new_size = [] + self.shdr_new_offset = [] + + def fix_section_offsets(self, section_name, new_size: int, new_section: bytes): + # file_w = open(self.new_name, "wb") + # magic_number = int() + for i in range(0, byte2int(self.elf.elfhdr.e_shnum)): + name = self.elf.read_section_name(byte2int(self.elf.shhdr[i].sh_name)) + if section_name == name: + self.magic_section_number = i + print(self.magic_section_number) + + # copy the sections before magic_number + # write in the new section + # fix section headers + + end = int() + for i in range(0, byte2int(self.elf.elfhdr.e_shnum)): + if i > self.magic_section_number: + extra_chunk = end % byte2int(self.elf.shhdr[i].sh_addralign) + missing_chunk = byte2int(self.elf.shhdr[i].sh_addralign) - extra_chunk + assert missing_chunk > 0, "missing chunk is negative" + self.shdr_new_size.append(byte2int(self.elf.shhdr[i].sh_size)) + self.shdr_new_offset.append( + end + missing_chunk % byte2int(self.elf.shhdr[i].sh_addralign) + ) + end = self.shdr_new_offset[-1] + self.shdr_new_size[-1] + + elif i < self.magic_section_number: + self.shdr_new_size.append(byte2int(self.elf.shhdr[i].sh_size)) + self.shdr_new_offset.append(byte2int(self.elf.shhdr[i].sh_offset)) + elif i == self.magic_section_number: + self.shdr_new_size.append(new_size) + self.shdr_new_offset.append(byte2int(self.elf.shhdr[i].sh_offset)) + end = byte2int(self.elf.shhdr[i].sh_offset) + new_size + for size in self.shdr_new_size: + print(repr(i) + " new size is " + repr(size)) + for offset in self.shdr_new_offset: + print(repr(i) + " new offset is " + repr(offset)) + + +def main() -> None: + argparser = CLIArgParser() + so = openSO_r(argparser.args.obj) + elf = ELF(so) + elf.init(64) + if argparser.args.header: + elf.dump_header() + elif argparser.args.symboltable: + elf.dump_symbol_tb(".strtab", sh_type_e.SHT_STRTAB) + elf.dump_symbol_tb(".dynstr", sh_type_e.SHT_STRTAB) + elif argparser.args.phdrs: + elf.dump_phdrs() + elif argparser.args.shdrs: + elf.dump_shdrs() + elif argparser.args.symbolindex: + elf.dump_symbol_idx() + elif argparser.args.stentries: + elf.dump_st_entries() + elif argparser.args.objcode: + elf.dump_funcs(True) + elif argparser.args.funcs: + elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, True) + elif argparser.args.objs: + elf.dump_symbol_string(ELF_ST_TYPE.STT_OBJECT, True) + elif argparser.args.dynsym: + elf.dump_st_entries_dyn() + elif argparser.args.dlpath: + elf.dump_section(".interp", True) + elif argparser.args.section: + elf.dump_section(argparser.args.section, True) + elif argparser.args.test2: + rewriter = Rewriter(argparser.args.obj, "new_exe") + new_text = bytes() + rewriter.fix_section_offsets(".text", 1000, new_text) + elif argparser.args.dumpfunc: + counter = 0 + for name in elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, False): + if name == argparser.args.dumpfunc: + print(Colors.red + Colors.BOLD + name + Colors.ENDC) + code = elf.dump_funcs(False)[counter] + print(code) + counter += 1 + elif argparser.args.dumpfuncasm: + counter = 0 + hit = False + for name in elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, False): + if name == argparser.args.dumpfuncasm: + code = elf.dump_funcs(False)[counter] + hit = True + counter += 1 + if hit: + md = Cs(CS_ARCH_X86, CS_MODE_64) + for i in md.disasm(bytes(code), 0x0): + print(hex(i.address).ljust(7), i.mnemonic.ljust(7), i.op_str) + elif argparser.args.phdynent: + elf.dump_ph_dyn_entries() + elif argparser.args.disass: + for section in elf.shhdr: + name = elf.read_section_name(byte2int(section.sh_name)) + if name == argparser.args.disass: + if byte2int(section.sh_flags) & 0x4 != 0x04: + print( + "section is not executable...but, " + "since you asked, here you go..." + ) + elf.so.seek(byte2int(section.sh_offset)) + code = elf.so.read(byte2int(section.sh_size)) + md = Cs(CS_ARCH_X86, CS_MODE_64) + for i in md.disasm(bytes(code), 0x0): + print(hex(i.address).ljust(7), i.mnemonic.ljust(7), i.op_str) + elif argparser.args.disassp is not None: + index = argparser.args.disassp + # section not executable message + if byte2int(elf.phdr[index].p_flags) & 0x1 != 1: + print("program header section is not " "executable but since you asked...") + header_offset = elf.phdr[index].p_offset + header_size = elf.phdr[index].p_filesz + elf.so.seek(byte2int(header_offset)) + code = elf.so.read(byte2int(header_size)) + md = Cs(CS_ARCH_X86, CS_MODE_64) + for i in md.disasm(bytes(code), 0x0): + print(hex(i.address).ljust(7), i.mnemonic.ljust(7), i.op_str) + elif argparser.args.textasm: + md = Cs(CS_ARCH_X86, CS_MODE_64) + for i in md.disasm(bytes(elf.text_section), 0x0): + print(hex(i.address).ljust(7), i.mnemonic.ljust(7), i.op_str) + elif argparser.args.dynsecents: + elf.dump_dyn_sec_ents(elf.dyn_section_ents) + elif argparser.args.reladyn: + elf.dump_rela(elf.rela_dyn_ents) + elif argparser.args.relaplt: + elf.dump_rela(elf.rela_plt_ents) + elif argparser.args.got: + elf.pop_got() + elf.dump_got() + elif argparser.args.gotplt: + elf.pop_got_plt() + elf.dump_got_plt() + elif argparser.args.listdso: + os.environ["LD_TRACE_LOADED_OBJECTS"] = "1" + os.environ["LD_WARN"] = "yes" + os.environ["LD_BIND_NOW"] = "yes" + # os.environ["LD_VERBOSE"] = "yes" + # os.environ["LD_DEBUG"] = "all" + rtldlist = [ + "/usr/lib/ld-linux.so.2", + "/usr/lib64/ld-linux-x86-64.so.2", + "/usr/libx32/ld-linux-x32.so.2", + ] + for rtld in rtldlist: + if os.path.exists(rtld): + result = subprocess.run( + [rtld, argparser.args.obj], + capture_output=True, + ) + print(result.stdout.decode("utf-8")) + break + else: + print("why even bother if you were not gonna type anythng decent in?") + + +if __name__ == "__main__": + main() |