From 47ac3ca04da5072808eab95453b762fed9c031be Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Fri, 24 May 2024 11:09:29 -0400 Subject: updated the README --- README.md | 176 +++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 158 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 8070884..d370884 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,30 @@ - -[![Codacy Badge](https://app.codacy.com/project/badge/Grade/fe73b673bf0343aeae1c84ff1911b3ce)](https://www.codacy.com/gh/terminaldweller/delf/dashboard?utm_source=github.com&utm_medium=referral&utm_content=terminaldweller/delf&utm_campaign=Badge_Grade) +[![Codacy Badge](https://app.codacy.com/project/badge/Grade/fe73b673bf0343aeae1c84ff1911b3ce)](https://www.codacy.com/gh/terminaldweller/delf/dashboard?utm_source=github.com&utm_medium=referral&utm_content=terminaldweller/delf&utm_campaign=Badge_Grade) # delf -delf is an ELF dump tool.
+ +delf is an ELF 64 dump tool.
## Installation -You will also need to have `libcapstone` installed. + ```sh -pip install delf +pipx install delf ``` -## Requirements -You need python3 and `capstone`. If you don't have capstone you can get it by:
-```bash - -pip install capstone +Or: +```sh +git clone https://github.com/terminaldweller/delf +cd delf +poetry install ``` -Your terminal needs to support ASCII escape sequences.
+ +You can then run it with `poetry shell` or `poetry run`.
## Options -For a list of available options just run `delf -h`. Here's what you'll get:
-```bash +For a list of available options just run `delf -h`:
+ +```txt usage: delf [-h] [--dbg] [--obj OBJ] [--header] [--symboltable] [--phdrs] [--shdrs] [--symbolindex] [--stentries] [--objcode] [--test] [--test2] [--funcs] [--objs] [--dynsym] [--dlpath] [--phdynent] @@ -60,10 +62,148 @@ optional arguments: --rodata dump .rodata --disass DISASS disassemblt a section - ``` +``` -## Feature Request -If there is something you need delf to do, make an issue and I'll take a look.
+## Example usage -## TODO -delf does not support ELF32. I'll write that in whenever I get the time to work on delf
+```txt +$ delf --obj ./main --shdrs + +idx sh_name sh_type sh_flags sh_addr sh_offset sh_size sh_link sh_info sh_addralign sh_entsize +0 '' 'NULL' 0 0 0 0 0 0 0 0 +1 '.interp' 'PROGBITS' 2 792 792 28 0 0 1 0 +2 '.note.gnu.property' 'NOTE' 2 824 824 32 0 0 8 0 +3 '.note.gnu.build-id' 'NOTE' 2 856 856 36 0 0 4 0 +4 '.note.ABI-tag' 'NOTE' 2 892 892 32 0 0 4 0 +5 '.gnu.hash' 'GNU_HASH' 2 928 928 36 6 0 8 0 +6 '.dynsym' 'DYNSYM' 2 968 968 144 7 1 8 24 +7 '.dynstr' 'STRTAB' 2 1112 1112 136 0 0 1 0 +8 '.gnu.version' 'VERSYM' 2 1248 1248 12 6 0 2 2 +9 '.gnu.version_r' 'VERNEED' 2 1264 1264 48 7 1 8 0 +10 '.rela.dyn' 'RELA' 2 1312 1312 192 6 0 8 24 +11 '.init' 'PROGBITS' 6 4096 4096 23 0 0 4 0 +12 '.plt' 'PROGBITS' 6 4128 4128 16 0 0 16 16 +13 '.plt.got' 'PROGBITS' 6 4144 4144 8 0 0 8 8 +14 '.text' 'PROGBITS' 6 4160 4160 262 0 0 16 0 +15 '.fini' 'PROGBITS' 6 4424 4424 9 0 0 4 0 +16 '.rodata' 'PROGBITS' 18 8192 8192 4 0 0 4 4 +17 '.eh_frame_hdr' 'PROGBITS' 2 8196 8196 44 0 0 4 0 +18 '.eh_frame' 'PROGBITS' 2 8240 8240 172 0 0 8 0 +19 '.init_array' 'INIT_ARRAY' 3 15872 11776 8 0 0 8 8 +20 '.fini_array' 'FINI_ARRAY' 3 15880 11784 8 0 0 8 8 +21 '.dynamic' 'DYNAMIC' 3 15888 11792 432 7 0 8 16 +22 '.got' 'PROGBITS' 3 16320 12224 40 0 0 8 8 +23 '.got.plt' 'PROGBITS' 3 16360 12264 24 0 0 8 8 +24 '.data' 'PROGBITS' 3 16384 12288 16 0 0 8 0 +25 '.bss' 'NOBITS' 3 16400 12304 8 0 0 1 0 +26 '.comment' 'PROGBITS' 48 0 12304 39 0 0 1 1 +27 '.debug_aranges' 'PROGBITS' 0 0 12352 240 0 0 16 0 +28 '.debug_info' 'PROGBITS' 0 0 12592 1393 0 0 1 0 +29 '.debug_abbrev' 'PROGBITS' 0 0 13985 398 0 0 1 0 +30 '.debug_line' 'PROGBITS' 0 0 14383 463 0 0 1 0 +31 '.debug_str' 'PROGBITS' 48 0 14846 944 0 0 1 1 +32 '.debug_line_str' 'PROGBITS' 48 0 15790 265 0 0 1 1 +33 '.debug_rnglists' 'PROGBITS' 0 0 16055 66 0 0 1 0 +34 '.symtab' 'SYMTAB' 0 0 16128 864 35 19 8 24 +35 '.strtab' 'STRTAB' 0 0 16992 467 0 0 1 0 +36 '.shstrtab' 'STRTAB' 0 0 17459 368 0 0 1 0 +``` + +```txt +$ delf --obj ./main --phdrs + +idx p_type p_flags p_offset p_vaddr p_paddr p_filesz p_memsz p_flags2 p_align +0 'PHDR' 'WR' 64 64 64 728 728 0 '0x8' +1 'INTERP' 'XW' 792 792 792 28 28 0 '0x1' +2 'LOAD' 'X' 0 0 0 1504 1504 0 '0x1000' +3 'LOAD' 'X' 4096 4096 4096 337 337 0 '0x1000' +4 'LOAD' 'X' 8192 8192 8192 220 220 0 '0x1000' +5 'LOAD' 'X' 11776 15872 15872 528 536 0 '0x1000' +6 'DYNAMIC' 'W' 11792 15888 15888 432 432 0 '0x8' +7 'NOTE' 'R' 824 824 824 32 32 0 '0x8' +8 'NOTE' 'R' 856 856 856 68 68 0 '0x4' +9 None 'XW' 824 824 824 32 32 0 '0x8' +10 'GNU_EH_FRAME' '' 8196 8196 8196 44 44 0 '0x4' +11 'GNU_STACK' 'X' 0 0 0 0 0 0 '0x10' +12 'GNU_RELRO' 'W' 11776 15872 15872 512 512 0 '0x1' +``` + +```txt +$ delf --obj ./main --section .interp + +000000 : 2f 6c 69 62 36 34 2f 6c 64 2d 6c 69 6e 75 78 2d /lib64/ld-linux- +000010 : 78 38 36 2d 36 34 2e 73 6f 2e 32 00 x86-64.so.2 +``` + +```txt +$ delf --obj ./main --disass .text + +0x0 xor ebp, ebp +0x2 mov r9, rdx +0x5 pop rsi +0x6 mov rdx, rsp +0x9 and rsp, 0xfffffffffffffff0 +0xd push rax +0xe push rsp +0xf xor r8d, r8d +0x12 xor ecx, ecx +0x14 lea rdi, [rip + 0xd5] +0x1b call qword ptr [rip + 0x2f5f] +0x21 hlt +0x22 nop word ptr cs:[rax + rax] +0x2c nop dword ptr [rax] +0x30 lea rdi, [rip + 0x2f99] +0x37 lea rax, [rip + 0x2f92] +0x3e cmp rax, rdi +0x41 je 0x58 +0x43 mov rax, qword ptr [rip + 0x2f3e] +0x4a test rax, rax +0x4d je 0x58 +0x4f jmp rax +0x51 nop dword ptr [rax] +0x58 ret +0x59 nop dword ptr [rax] +0x60 lea rdi, [rip + 0x2f69] +0x67 lea rsi, [rip + 0x2f62] +0x6e sub rsi, rdi +0x71 mov rax, rsi +0x74 shr rsi, 0x3f +0x78 sar rax, 3 +0x7c add rsi, rax +0x7f sar rsi, 1 +0x82 je 0x98 +0x84 mov rax, qword ptr [rip + 0x2f0d] +0x8b test rax, rax +0x8e je 0x98 +0x90 jmp rax +0x92 nop word ptr [rax + rax] +0x98 ret +0x99 nop dword ptr [rax] +0xa0 endbr64 +0xa4 cmp byte ptr [rip + 0x2f25], 0 +0xab jne 0xd8 +0xad push rbp +0xae cmp qword ptr [rip + 0x2eea], 0 +0xb6 mov rbp, rsp +0xb9 je 0xc7 +0xbb mov rdi, qword ptr [rip + 0x2f06] +0xc2 call 0xfffffffffffffff0 +0xc7 call 0x30 +0xcc mov byte ptr [rip + 0x2efd], 1 +0xd3 pop rbp +0xd4 ret +0xd5 nop dword ptr [rax] +0xd8 ret +0xd9 nop dword ptr [rax] +0xe0 endbr64 +0xe4 jmp 0x60 +0xe9 nop dword ptr [rax] +0xf0 push rbp +0xf1 mov rbp, rsp +0xf4 mov dword ptr [rbp - 4], 0 +0xfb mov dword ptr [rbp - 8], edi +0xfe mov qword ptr [rbp - 0x10], rsi +0x102 xor eax, eax +0x104 pop rbp +0x105 ret +``` -- cgit v1.2.3