python3|python3 elf文件解析 python3elf文件解析

原地址：https://github.com/guanchao/elfParser
【python3|python3 elf文件解析】作者是用python2写的，现在给出我修改后的python3版本。（测试发现有bug，以后自己写个，0.0）

1 #!/usr/bin/env python 2 # coding:utf-8 3 4 import sys 5 import binascii 6 7 ''' 8 # 节区类型定义 9 /* sh_type */ 10 #define SHT_NULL0 11 #define SHT_PROGBITS1 12 #define SHT_SYMTAB2 13 #define SHT_STRTAB3 14 #define SHT_RELA4 15 #define SHT_HASH5 16 #define SHT_DYNAMIC6 17 #define SHT_NOTE7 18 #define SHT_NOBITS8 19 #define SHT_REL9 20 #define SHT_SHLIB10 21 #define SHT_DYNSYM11 22 #define SHT_NUM12 23 #define SHT_LOPROC0x70000000 24 #define SHT_HIPROC0x7fffffff 25 #define SHT_LOUSER0x80000000 26 #define SHT_HIUSER0xffffffff 27 #define SHT_MIPS_LIST0x70000000 28 #define SHT_MIPS_CONFLICT0x70000002 29 #define SHT_MIPS_GPTAB0x70000003 30 #define SHT_MIPS_UCODE0x70000004 31 ''' 32 SH_TYPE_MAP_LIST = {0: 'SHT_NULL', 331: 'SHT_PROGBITS', 342: 'SHT_SYMTAB', 353: 'SHT_STRTAB', 364: 'SHT_RELA', 375: 'SHT_HASH', 386: 'SHT_DYNAMIC', 397: 'SHT_NOTE', 408: 'SHT_NOBITS', 419: 'SHT_REL', 4210: 'SHT_SHLIB', 4311: 'SHT_DYNSYM', 44# 0x60000000:'SHT_LOOS', 45# 0x6fffffff:'SHT_HIOS', 460x70000000: 'SHT_LOPROC', 470x7FFFFFFF: 'SHT_HIPROC', 480x80000000: 'SHT_LOUSER', 490x8FFFFFFF: 'SHT_HIUSER', 500x70000000: 'SHT_MIPS_LIST', 510x70000002: 'SHT_MIPS_CONFLICT', 520x70000003: 'SHT_MIPS_GPTAB', 530x70000004: 'SHT_MIPS_UCODE', 54} 55 56 PT_TYPE_MAP_LIST = { 570: 'NULL', 581: 'LOAD', 592: 'DYNAMIC', 603: 'INTERP', 614: 'NOTE', 625: 'SHLIB', 636: 'PHDR', 647: 'TLS', 650x70000000: 'LOPROC', 660x70000001: 'HIPROC', 670x6474E551: 'GNU_STACK', 680x6474E552: 'GNU_RELRO', 69 } 70 71 ''' 72 Elf32_Dyn.d_tag 73 ''' 74 DYNAMIC_TYPE = { 750: 'NULL', 761: 'NEEDED', 772: 'PLTRELSZ', 783: 'PLTGOT', 794: 'HASH', 805: 'STRTAB', 816: 'SYMTAB', 827: 'RELA', 838: 'RELASZ', 849: 'RELAENT', 8510: 'STRSZ', 8611: 'SYMENT', 8712: 'INIT', 8813: 'FINIT', 8914: 'SONAME', 9015: 'RPATH', 9116: 'SYMBOLIC', 9217: 'REL', 9318: 'RELSZ', 9419: 'RELENT', 9520: 'PLTREL', 9621: 'DEBUG', 9722: 'TEXTREL', 9823: 'JMPREL', 9926: 'FINIT_ARRAY', 10028: 'FINIT_ARRAYSZ', 10125: 'INIT_ARRAY', 10227: 'INIT_ARRAYSZ', 10330: 'FLAGS', 1040x6FFFFFFA: 'RELCOUNT', 1050x6FFFFFFB: 'FLAGS_1', 1060x70000000: 'LOPROC', 1070x7fffffff: 'HIPROC', 1080x70000001: 'MIPS_RLD_VERSION', 1090x70000002: 'MIPS_TIME_STAMP', 1100x70000003: 'MIPS_ICHECKSUM', 1110x70000004: 'MIPS_IVERSION', 1120x70000005: 'MIPS_FLAGS', 1130x70000006: 'MIPS_BASE_ADDRESS', 1140x70000008: 'MIPS_CONFLICT', 1150x70000009: 'MIPS_LIBLIST', 1160x7000000a: 'MIPS_LOCAL_GOTNO', 1170x7000000b: 'MIPS_CONFLICTNO', 1180x70000010: 'MIPS_LIBLISTNO', 1190x70000011: 'MIPS_SYMTABNO', 1200x70000012: 'MIPS_UNREFEXTNO', 1210x70000013: 'MIPS_GOTSYM', 1220x70000014: 'MIPS_HIPAGENO', 1230x70000016: 'MIPS_RLD_MAP', 124 125 } 126 ''' 127 typedef struct elf32_hdr{ 128unsigned chare_ident[EI_NIDENT]; 129Elf32_Halfe_type; 130Elf32_Halfe_machine; 131Elf32_Worde_version; 132Elf32_Addre_entry; /* Entry point */ 133Elf32_Offe_phoff; 134Elf32_Offe_shoff; 135Elf32_Worde_flags; 136Elf32_Halfe_ehsize; 137Elf32_Halfe_phentsize; 138Elf32_Halfe_phnum; 139Elf32_Halfe_shentsize; 140Elf32_Halfe_shnum; 141Elf32_Halfe_shstrndx; 142 } Elf32_Ehdr; 143 ''' 144 145 146 class Elf32_Ehdr(object): 147"""docstring for Elf32_Ehdr""" 148 149def __init__(self): 150super(Elf32_Ehdr, self).__init__() 151self.e_ident = None 152self.e_type = None 153self.e_machine = None 154self.e_version = None 155self.e_entry = None 156self.e_phoff = None 157self.e_shoff = None 158self.e_flags = None 159self.e_ehsize = None 160self.e_phentsize = None 161self.e_phnum = None 162self.e_shentsize = None 163self.e_shnum = None 164self.e_shstrndx = None 165 166 167 class e_ident(object): 168"""docstring for e_ident""" 169 170def __init__(self): 171super(e_ident, self).__init__() 172self.file_identification = None 173self.ei_class = None 174self.ei_data = https://www.it610.com/article/None 175self.ei_version = None 176self.ei_osabi = None 177self.ei_abiversion = None 178self.ei_pad = None 179self.ei_nident = None 180 181def __str__(self): 182return'e_ident=[file_identification=%s, ei_class=%d, ei_data=https://www.it610.com/article/%d, ei_version=%d, ei_osabi=%d, ei_abiversion=%d, ei_pad=%s, ei_nident=%d]' % ( 183self.file_identification, self.ei_class, self.ei_data, self.ei_version, self.ei_osabi, self.ei_abiversion, 184self.ei_pad, self.ei_nident) 185 186 187 class Elf32_Shdr(object): 188"""docstring for Elf32_Shdr""" 189 190def __init__(self): 191super(Elf32_Shdr, self).__init__() 192''' 193typedef struct Elf32_Shdr { 194Elf32_Wordsh_name; 195Elf32_Wordsh_type; 196Elf32_Wordsh_flags; 197Elf32_Addrsh_addr; 198Elf32_Offsh_offset; 199Elf32_Wordsh_size; 200Elf32_Wordsh_link; 201Elf32_Wordsh_info; 202Elf32_Wordsh_addralign; 203Elf32_Wordsh_entsize; 204} Elf32_Shdr; 205''' 206self.sh_name = None 207self.sh_type = None 208self.sh_flags = None 209self.sh_addr = None 210self.sh_offset = None 211self.size = None 212self.sh_link = None 213self.sh_addralign = None 214self.sh_entsize = None 215 216self.section_name = None 217 218def __str__(self): 219return 'Elf32_Shdr=[sh_name=%s, sh_type=%d, sh_flags=%d, sh_addr=%s, sh_sh_offset=%s, sh_size=%d, sh_link=%d, sh_info=%d, sh_addralign=%d, sh_entsize=%d]' % \ 220(hex(self.sh_name), self.sh_type, self.sh_flags, hex(self.sh_addr), hex(self.sh_offset), self.sh_size, 221self.sh_link, self.sh_info, self.sh_addralign, self.sh_entsize) 222 223 224 class Elf32_Sym(object): 225"""docstring for Elf32_Sym""" 226 227def __init__(self): 228super(Elf32_Sym, self).__init__() 229''' 230typedef struct elf32_sym{ 231Elf32_Wordst_name; 232Elf32_Addrst_value; 233Elf32_Wordst_size; 234unsigned charst_info; 235unsigned charst_other; 236Elf32_Halfst_shndx; 237} Elf32_Sym; 238''' 239self.st_name = None 240self.st_value = https://www.it610.com/article/None 241self.st_size = None 242self.st_info = None 243self.st_other = None 244self.st_shndx = None 245 246self.symbol_name = None 247 248def __str__(self): 249return'Elf32_Dyn=[st_name=%s, st_value=https://www.it610.com/article/%d, st_size=%d, st_info=%d, st_other=%d, st_shndx=%d] #%s' % \ 250(self.st_name, self.st_value, self.st_size, self.st_info, self.st_other, self.st_shndx, self.symbol_name) 251 252 253 class Elf32_Phdr(object): 254"""docstring for Elf32_Phdr""" 255 256def __init__(self): 257super(Elf32_Phdr, self).__init__() 258''' 259/* 32-bit ELF base types. */ 260typedef uint32_t Elf32_Addr; 261typedef uint16_t Elf32_Half; 262typedef uint32_t Elf32_Off; 263typedef int32_tElf32_Sword; 264typedef uint32_t Elf32_Word; 265''' 266self.p_type = None# Elf32_Word 267self.p_offset = None# Elf32_Off 268self.p_vaddr = None# Elf32_Addr 269self.p_paddr = None# Elf32_Addr 270self.p_filesz = None# Elf32_word 271self.p_memsz = None# Elf32_Word 272self.p_flags = None# Elf32_Word 273self.p_align = None# Elf32_Word 274 275 276 class Elf32_Dyn(object): 277"""docstring for Elf32_dyn""" 278 279def __init__(self): 280super(Elf32_Dyn, self).__init__() 281''' 282typedef struct dynamic{ 283Elf32_Sword d_tag; 284union{ 285Elf32_Swordd_val; 286Elf32_Addrd_ptr; 287} d_un; 288} Elf32_Dyn; 289''' 290self.d_tag = None 291self.d_un = None 292 293def __str__(self): 294return 'Elf32_Dyn=[d_tag=%d, d_un=%d]' % \ 295(self.d_tag, self.d_un) 296 297 298 class ELF(object): 299"""docstring for ELF""" 300 301def __init__(self, filepath): 302super(ELF, self).__init__() 303self.filepath = filepath 304self.elf32_Ehdr = Elf32_Ehdr() 305 306# section header table 307self.sectionHeaderTable = [] 308 309# section name table 310self.sectionNameTable = None 311 312# program header table 313self.programHeaderTable = [] 314 315# dynamic symbol table 316self.symbolTable = []# .dynsym 317self.dynstrTable = None# .dynstr 318 319# dynamic link table 320self.dynamicLinkTable = []# .dynamic 321 322self.initELFHeader() 323self.initSectionHeader() 324self.initProgramHeader() 325self.initSymbolTalbe() 326self.initDynamicLinkTable() 327 328def initELFHeader(self): 329f = open(self.filepath, "rb") 330self.f = f 331# unsigned chare_ident[EI_NIDENT]; 332f.seek(0, 0) 333self.elf32_Ehdr.e_ident = e_ident() 334self.elf32_Ehdr.e_ident.file_identification = f.read(4) 335self.elf32_Ehdr.e_ident.ei_class = int.from_bytes(f.read(1), 'little') 336self.elf32_Ehdr.e_ident.ei_data = https://www.it610.com/article/int.from_bytes(f.read(1),'little') 337self.elf32_Ehdr.e_ident.ei_version = int.from_bytes(f.read(1), 'little') 338self.elf32_Ehdr.e_ident.ei_osabi = int.from_bytes(f.read(1), 'little') 339self.elf32_Ehdr.e_ident.ei_abiversion = int.from_bytes(f.read(1), 'little') 340self.elf32_Ehdr.e_ident.ei_pad = binascii.b2a_hex(f.read(6)) 341self.elf32_Ehdr.e_ident.ei_nident = int.from_bytes(f.read(1), 'little') 342 343# Elf32_Halfe_type; 344f.seek(16, 0) 345self.elf32_Ehdr.e_type = int.from_bytes(f.read(2), 'little') 346 347# Elf32_Halfe_machine; 348f.seek(18, 0) 349self.elf32_Ehdr.e_machine = int.from_bytes(f.read(2), 'little') 350 351# Elf32_Worde_version; 352f.seek(20, 0) 353self.elf32_Ehdr.e_version = int.from_bytes(f.read(4), 'little') 354 355# Elf32_Addre_entry; 356f.seek(24, 0) 357self.elf32_Ehdr.e_entry = int.from_bytes(f.read(4), 'little') 358 359# Elf32_Offe_phoff; 360f.seek(28, 0) 361self.elf32_Ehdr.e_phoff = int.from_bytes(f.read(4), 'little') 362 363# Elf32_Offe_shoff; 364f.seek(32, 0) 365self.elf32_Ehdr.e_shoff = int.from_bytes(f.read(4), 'little') 366 367# Elf32_Worde_flags; 368f.seek(36, 0) 369self.elf32_Ehdr.e_flags = int.from_bytes(f.read(4), 'little') 370 371# Elf32_Halfe_ehsize; 372f.seek(40, 0) 373self.elf32_Ehdr.e_ehsize = int.from_bytes(f.read(2), 'little') 374 375# Elf32_Halfe_phentsize; 376f.seek(42, 0) 377self.elf32_Ehdr.e_phentsize = int.from_bytes(f.read(2), 'little') 378 379# Elf32_Halfe_phnum; 380f.seek(44, 0) 381self.elf32_Ehdr.e_phnum = int.from_bytes(f.read(2), 'little') 382 383# Elf32_Halfe_shentsize; 384f.seek(46, 0) 385self.elf32_Ehdr.e_shentsize = int.from_bytes(f.read(2), 'little') 386 387# Elf32_Halfe_shnum; 388f.seek(48, 0) 389self.elf32_Ehdr.e_shnum = int.from_bytes(f.read(2), 'little') 390 391# Elf32_Halfe_shstrndx; 392f.seek(50, 0) 393self.elf32_Ehdr.e_shstrndx = int.from_bytes(f.read(2), 'little') 394 395def initSectionHeader(self): 396# print(self.elf32_Ehdr.e_shnum) 397for i in range(self.elf32_Ehdr.e_shnum): 398self.sectionHeaderTable.append(self.parseSectionHeader(self.elf32_Ehdr.e_shoff + i * self.elf32_Ehdr.e_shentsize)) 399if self.elf32_Ehdr.e_shnum == 0: 400return 401# init section name table 402self.f.seek(self.sectionHeaderTable[self.elf32_Ehdr.e_shstrndx].sh_offset) 403size = self.sectionHeaderTable[self.elf32_Ehdr.e_shstrndx].sh_size 404self.sectionNameTable = self.f.read(size) 405 406for i in range(self.elf32_Ehdr.e_shnum): 407idx = self.sectionHeaderTable[i].sh_name 408name = [] 409while self.sectionNameTable[idx] != 0: 410name.append(chr(self.sectionNameTable[idx])) 411idx += 1 412# print("".join(name)) 413self.sectionHeaderTable[i].section_name = "".join(name) 414 415def parseSectionHeader(self, offset): 416self.f.seek(offset, 0) 417elf32_Shdr = Elf32_Shdr() 418# elf32_Shdr.sh_name = int.from_bytes(self.f.read(4), 16) 419elf32_Shdr.sh_name = int.from_bytes(self.f.read(4), 'little') 420elf32_Shdr.sh_type = int.from_bytes(self.f.read(4), 'little') 421elf32_Shdr.sh_flags = int.from_bytes(self.f.read(4), 'little') 422elf32_Shdr.sh_addr = int.from_bytes(self.f.read(4), 'little') 423elf32_Shdr.sh_offset = int.from_bytes(self.f.read(4), 'little') 424elf32_Shdr.sh_size = int.from_bytes(self.f.read(4), 'little') 425elf32_Shdr.sh_link = int.from_bytes(self.f.read(4), 'little') 426elf32_Shdr.sh_info = int.from_bytes(self.f.read(4), 'little') 427elf32_Shdr.sh_addralign = int.from_bytes(self.f.read(4), 'little') 428elf32_Shdr.sh_entsize = int.from_bytes(self.f.read(4), 'little') 429return elf32_Shdr 430 431def displaySectionHeader(self): 432print('[+] Section Header Table:') 433 434print('#%-32s%-16s%-16s%-16s%-8s%-8s%-8s%-8s%-8s%-8s' % ( 435'Name', 'Type', 'Addr', 'Offset', 'Size', 'ES', 'Flg', 'Lk', 'Inf', 'Al')) 436 437for index in range(len(self.sectionHeaderTable)): 438elf32_Shdr = self.sectionHeaderTable[index] 439if elf32_Shdr.sh_type in SH_TYPE_MAP_LIST: 440print('[%4d] %-32s%-16s%-16s%-16s%-8s%-8d%-8d%-8d%-8d%-8d' % \ 441(index, 442self.getSectionName(elf32_Shdr), 443SH_TYPE_MAP_LIST[elf32_Shdr.sh_type].strip(), 444hex(elf32_Shdr.sh_addr), 445hex(elf32_Shdr.sh_offset), 446hex(elf32_Shdr.sh_size), 447elf32_Shdr.sh_entsize, 448elf32_Shdr.sh_flags, 449elf32_Shdr.sh_link, 450elf32_Shdr.sh_info, 451elf32_Shdr.sh_addralign, 452)) 453 454else: 455print('[%4d] %-32s%-16d%-16s%-16s%-8s%-8d%-8d%-8d%-8d%-8d' % \ 456(index, 457self.getSectionName(elf32_Shdr), 458elf32_Shdr.sh_type, 459hex(elf32_Shdr.sh_addr), 460hex(elf32_Shdr.sh_offset), 461hex(elf32_Shdr.sh_size), 462elf32_Shdr.sh_entsize, 463elf32_Shdr.sh_flags, 464elf32_Shdr.sh_link, 465elf32_Shdr.sh_info, 466elf32_Shdr.sh_addralign, 467)) 468 469print() 470 471def getSectionName(self, elf32_Shdr): 472idx = self.sectionNameTable.find(0, elf32_Shdr.sh_name) 473return self.sectionNameTable[elf32_Shdr.sh_name:idx] 474 475def initProgramHeader(self): 476for i in range(self.elf32_Ehdr.e_phnum): 477self.programHeaderTable.append( 478self.parseProgramHeader(self.elf32_Ehdr.e_phoff + i * self.elf32_Ehdr.e_phentsize)) 479 480def parseProgramHeader(self, offset): 481''' 482typedef struct elf32_phdr{ 483Elf32_Wordp_type; 484Elf32_Offp_offset; 485Elf32_Addrp_vaddr; 486Elf32_Addrp_paddr; 487Elf32_Wordp_filesz; 488Elf32_Wordp_memsz; 489Elf32_Wordp_flags; 490Elf32_Wordp_align; 491} Elf32_Phdr; 492''' 493self.f.seek(offset, 0) 494elf32_Phdr = Elf32_Phdr() 495elf32_Phdr.p_type = int.from_bytes(self.f.read(4), 'little') 496elf32_Phdr.p_offset = int.from_bytes(self.f.read(4), 'little') 497elf32_Phdr.p_vaddr = int.from_bytes(self.f.read(4), 'little') 498elf32_Phdr.p_paddr = int.from_bytes(self.f.read(4), 'little') 499elf32_Phdr.p_filesz = int.from_bytes(self.f.read(4), 'little') 500elf32_Phdr.p_memsz = int.from_bytes(self.f.read(4), 'little') 501elf32_Phdr.p_flags = int.from_bytes(self.f.read(4), 'little') 502elf32_Phdr.p_align = int.from_bytes(self.f.read(4), 'little') 503return elf32_Phdr 504 505def displayProgramHeader(self): 506print('[+] Program Header Table:') 507 508print('#%-16s%-16s%-16s%-16s%-8s%-8s%-8s%-8s' % ( 509'Type', 'offset', 'VirtAddr', 'PhysAddr', 'FileSiz', 'MemSiz', 'Flg', 'Align')) 510 511for index in range(len(self.programHeaderTable)): 512elf32_Phdr = self.programHeaderTable[index] 513 514if elf32_Phdr.p_type in PT_TYPE_MAP_LIST: 515print('[%4d] %-16s%-16s%-16s%-16s%-8s%-8s%-8d%-8s' % ( 516index, 517PT_TYPE_MAP_LIST[elf32_Phdr.p_type], 518hex(elf32_Phdr.p_offset), 519hex(elf32_Phdr.p_vaddr), 520hex(elf32_Phdr.p_paddr), 521hex(elf32_Phdr.p_filesz), 522hex(elf32_Phdr.p_memsz), 523elf32_Phdr.p_flags, 524hex(elf32_Phdr.p_align), 525)) 526 527else: 528print('[%4d] %-16d%-16s%-16s%-16s%-8s%-8s%-8d%-8s' % ( 529index, 530elf32_Phdr.p_type, 531hex(elf32_Phdr.p_offset), 532hex(elf32_Phdr.p_vaddr), 533hex(elf32_Phdr.p_paddr), 534hex(elf32_Phdr.p_filesz), 535hex(elf32_Phdr.p_memsz), 536elf32_Phdr.p_flags, 537hex(elf32_Phdr.p_align), 538)) 539 540print('\n[+] Section to segment mapping:') 541 542for index in range(len(self.programHeaderTable)): 543elf32_Phdr = self.programHeaderTable[index] 544sections = self.getSegmentSections(elf32_Phdr) 545 546sections_str = '' 547for elf32_Shdr in sections: 548idx = self.sectionNameTable.index(0, elf32_Shdr.sh_name) 549sections_str += self.sectionNameTable[elf32_Shdr.sh_name:idx].decode() + ' ' 550print('[%4d] %s' % (index, sections_str)) 551 552print() 553 554 555def getSegmentSections(self, elf32_Phdr): 556start = elf32_Phdr.p_offset 557end = elf32_Phdr.p_offset + elf32_Phdr.p_filesz 558 559sections = [] 560for index in range(len(self.sectionHeaderTable)): 561elf32_Shdr = self.sectionHeaderTable[index] 562section_start = elf32_Shdr.sh_offset 563section_end = elf32_Shdr.sh_offset + elf32_Shdr.sh_size 564if section_start >= start and section_end <= end: 565sections.append(elf32_Shdr) 566 567return sections 568 569def initSymbolTalbe(self): 570# init dynsym 571elf32_Shdr = self.getSectionByName('.dynsym') 572if elf32_Shdr != None: 573for i in range(int(elf32_Shdr.sh_size / elf32_Shdr.sh_entsize)): 574self.symbolTable.append(self.parseSymbolTable(elf32_Shdr.sh_offset + i * elf32_Shdr.sh_entsize)) 575 576# init dynstr 577dynstr_elf32_Shdr = self.getSectionByName('.dynstr') 578self.f.seek(dynstr_elf32_Shdr.sh_offset) 579 580self.dynstrTable = self.f.read(dynstr_elf32_Shdr.sh_size) 581 582for i in range(len(self.symbolTable)): 583idx = self.symbolTable[i].st_name 584name = [] 585whileself.dynstrTable[idx+1] != 0: 586name.append(chr(self.dynstrTable[idx])) 587idx += 1 588# print("".join(name)) 589self.symbolTable[i].symbol_name = "".join(name) 590 591def parseSymbolTable(self, offset): 592''' 593typedef struct elf32_sym{ 594Elf32_Wordst_name; 595Elf32_Addrst_value; 596Elf32_Wordst_size; 597unsigned charst_info; 598unsigned charst_other; 599Elf32_Halfst_shndx; 600} Elf32_Sym; 601''' 602self.f.seek(offset, 0) 603elf32_Sym = Elf32_Sym() 604elf32_Sym.st_name = int.from_bytes(self.f.read(4), 'little') 605elf32_Sym.st_value = https://www.it610.com/article/int.from_bytes(self.f.read(4),'little') 606elf32_Sym.st_size = int.from_bytes(self.f.read(4), 'little') 607elf32_Sym.st_info = int.from_bytes(self.f.read(1), 'little') 608elf32_Sym.st_other = int.from_bytes(self.f.read(1), 'little') 609elf32_Sym.st_shndx = int.from_bytes(self.f.read(2), 'little') 610return elf32_Sym 611 612def displaySymbolTable(self): 613print('[+] Dynamic Symbol Table:') 614 615print('#%-10s%-8s%-8s%-8s%-8s%-8s%-8s' 616% ('Value', 'Size', 'Type', 'Bind', 'Other', 'Ndx', 'Name')) 617BIND_TYPE = {0: 'LOCAL', 1: 'GLOBAL', 2: 'WEAK', 13: 'LOPROC', 15: 'HIPROC'} 618ELF32_ST_TYPE = {0: 'NOTYPE', 1: 'OBJECT', 2: 'FUNC', 3: 'SECTION', 4: 'FILE', 13: 'LOPROC', 15: 'HIPROC'} 619SHN_TYPE = {0: 'UNDEF', 0xfff1: 'ABS', 0xfff2: 'COMMON', } 620 621for index in range(len(self.symbolTable)): 622elf32_Sym = self.symbolTable[index] 623bind = elf32_Sym.st_info >> 4 624type = elf32_Sym.st_info & 0xf 625 626if elf32_Sym.st_shndx == 0 or elf32_Sym.st_shndx == 0xfff1 or elf32_Sym.st_shndx == 0xfff2: 627shn_type = SHN_TYPE[elf32_Sym.st_shndx] 628else: 629shn_type = str(elf32_Sym.st_shndx) 630print('[%4d] %-10s%-8d%-8s%-8s%-8d%-8s%-8s' % ( 631index, 632hex(elf32_Sym.st_value), 633elf32_Sym.st_size, 634ELF32_ST_TYPE[type], 635BIND_TYPE[bind], 636elf32_Sym.st_other, 637shn_type, 638elf32_Sym.symbol_name 639)) 640print() 641 642def initDynamicLinkTable(self): 643# init dynamic 644elf32_Shdr = self.getSectionByName('.dynamic') 645if elf32_Shdr != None: 646for i in range(int(elf32_Shdr.sh_size / elf32_Shdr.sh_entsize)): 647self.dynamicLinkTable.append( 648self.parseDynamicLinkTable(elf32_Shdr.sh_offset + i * elf32_Shdr.sh_entsize)) 649 650def parseDynamicLinkTable(self, offset): 651''' 652typedef struct dynamic{ 653Elf32_Sword d_tag; 654union{ 655Elf32_Swordd_val; 656Elf32_Addrd_ptr; 657} d_un; 658} Elf32_Dyn; 659''' 660self.f.seek(offset, 0) 661elf32_Dyn = Elf32_Dyn() 662elf32_Dyn.d_tag = int.from_bytes(self.f.read(4), 'little') 663elf32_Dyn.d_un = int.from_bytes(self.f.read(4), 'little') 664return elf32_Dyn 665 666def displayDynamicLinkTable(self): 667print('[+] Dynamic Link Table:') 668print('#%-16s%-16s%-8s' % ('Tag', 'Type', 'Name/Value')) 669 670for index in range(len(self.dynamicLinkTable)): 671elf32_Dyn = self.dynamicLinkTable[index] 672print('[%4d] %-16s%-16s%-16s' % ( 673index, 674hex(elf32_Dyn.d_tag), 675DYNAMIC_TYPE[elf32_Dyn.d_tag], 676self.getElf32_Dyn_TypeInfo(elf32_Dyn), 677 678)) 679 680def getElf32_Dyn_TypeInfo(self, elf32_Dyn): 681if elf32_Dyn.d_tag == 1:# DT_NEEDED 682idx = self.dynstrTable.find(0, elf32_Dyn.d_un) 683return 'Shared library: [%s]' % self.dynstrTable[elf32_Dyn.d_un: idx] 684 685elif elf32_Dyn.d_tag == 0xe:# DT_SONAME 686idx = self.dynstrTable.find(0, elf32_Dyn.d_un) 687return 'Library soname: [%s]' % self.dynstrTable[elf32_Dyn.d_un: idx] 688 689return hex(elf32_Dyn.d_un) 690 691def displayELFHeader(self): 692print('[+] ELF Header:') 693print('e_ident:\t%s' % self.elf32_Ehdr.e_ident) 694print('e_type: \t%s' % self.elf32_Ehdr.e_type) 695print('e_machine:\t%s' % self.elf32_Ehdr.e_machine) 696print('e_version:\t%s' % self.elf32_Ehdr.e_version) 697print('e_entry:\t%s' % self.elf32_Ehdr.e_entry) 698print('e_phoff:\t%s\t//Program header offset' % hex(self.elf32_Ehdr.e_phoff)) 699print('e_shoff:\t%s\t//Section header offset' % hex(self.elf32_Ehdr.e_shoff)) 700print('e_flags:\t%s' % self.elf32_Ehdr.e_flags) 701print('e_ehsize:\t%s\t//ELF header size' % self.elf32_Ehdr.e_ehsize) 702print('e_phentsize:\t%s\t//Program header entry size' % self.elf32_Ehdr.e_phentsize) 703print('e_phnum:\t%s\t//Program header number' % self.elf32_Ehdr.e_phnum) 704print('e_shentsize:\t%s\t//Section header entry size' % (self.elf32_Ehdr.e_shentsize)) 705print('e_shnum:\t%s\t//Section header number' % (self.elf32_Ehdr.e_shnum)) 706print('e_shstrndx:\t%s\t//Section header string index' % (self.elf32_Ehdr.e_shstrndx)) 707print() 708 709def disassemble(self): 710''' 711Display assembler contents of executable sections (.text .plt ...) 712''' 713self.__disassembleTEXTSection() 714self.__disassemblePLTSection() 715 716def __disassembleTEXTSection(self): 717elf32_Shdr = self.getSectionByName('.text') 718if elf32_Shdr == None: 719return 720# TODO 721pass 722 723def __disassemblePLTSection(self): 724elf32_Shdr = self.getSectionByName('.plt') 725if elf32_Shdr == None: 726return 727# TODO 728pass 729 730def getSectionByName(self, name): 731for elf32_Shdr in self.sectionHeaderTable: 732if elf32_Shdr.section_name == name: 733return elf32_Shdr 734return None 735 736 737 if __name__ == '__main__': 738elf = ELF(sys.argv[1]) 739elf.displayELFHeader() 740elf.displaySectionHeader() 741elf.displayProgramHeader() 742elf.displaySymbolTable() 743elf.displayDynamicLinkTable() 744elf.disassemble()

转载于:https://www.cnblogs.com/DirWang/p/11316892.html