Class: Rex::ElfParsey::Elf

Inherits:
ElfBase
  • Object
show all
Defined in:
lib/rex/elfparsey/elf.rb

Constant Summary

Constants inherited from ElfBase

Rex::ElfParsey::ElfBase::EI_CLASS, Rex::ElfParsey::ElfBase::EI_DATA, Rex::ElfParsey::ElfBase::EI_MAG0, Rex::ElfParsey::ElfBase::EI_MAG1, Rex::ElfParsey::ElfBase::EI_MAG2, Rex::ElfParsey::ElfBase::EI_MAG3, Rex::ElfParsey::ElfBase::EI_NIDENT, Rex::ElfParsey::ElfBase::EI_PAD, Rex::ElfParsey::ElfBase::EI_VERSION, Rex::ElfParsey::ElfBase::ELF32_EHDR_LSB, Rex::ElfParsey::ElfBase::ELF32_EHDR_MSB, Rex::ElfParsey::ElfBase::ELF32_PHDR_LSB, Rex::ElfParsey::ElfBase::ELF32_PHDR_MSB, Rex::ElfParsey::ElfBase::ELFCLASS32, Rex::ElfParsey::ElfBase::ELFCLASS64, Rex::ElfParsey::ElfBase::ELFCLASSNONE, Rex::ElfParsey::ElfBase::ELFDATA2LSB, Rex::ElfParsey::ElfBase::ELFDATA2MSB, Rex::ElfParsey::ElfBase::ELFDATANONE, Rex::ElfParsey::ElfBase::ELFMAG, Rex::ElfParsey::ElfBase::ELFMAG0, Rex::ElfParsey::ElfBase::ELFMAG1, Rex::ElfParsey::ElfBase::ELFMAG2, Rex::ElfParsey::ElfBase::ELFMAG3, Rex::ElfParsey::ElfBase::ELF_HEADER_SIZE, Rex::ElfParsey::ElfBase::EM_386, Rex::ElfParsey::ElfBase::EM_68K, Rex::ElfParsey::ElfBase::EM_860, Rex::ElfParsey::ElfBase::EM_88K, Rex::ElfParsey::ElfBase::EM_M32, Rex::ElfParsey::ElfBase::EM_MIPS, Rex::ElfParsey::ElfBase::EM_MIPS_RS4_BE, Rex::ElfParsey::ElfBase::EM_SPARC, Rex::ElfParsey::ElfBase::ET_CORE, Rex::ElfParsey::ElfBase::ET_DYN, Rex::ElfParsey::ElfBase::ET_EXEC, Rex::ElfParsey::ElfBase::ET_HIPROC, Rex::ElfParsey::ElfBase::ET_LOPROC, Rex::ElfParsey::ElfBase::ET_NONE, Rex::ElfParsey::ElfBase::ET_REL, Rex::ElfParsey::ElfBase::EV_CURRENT, Rex::ElfParsey::ElfBase::EV_NONE, Rex::ElfParsey::ElfBase::PROGRAM_HEADER_SIZE, Rex::ElfParsey::ElfBase::PT_DYNAMIC, Rex::ElfParsey::ElfBase::PT_HIPROC, Rex::ElfParsey::ElfBase::PT_INTERP, Rex::ElfParsey::ElfBase::PT_LOAD, Rex::ElfParsey::ElfBase::PT_LOPROC, Rex::ElfParsey::ElfBase::PT_NOTE, Rex::ElfParsey::ElfBase::PT_NULL, Rex::ElfParsey::ElfBase::PT_PHDR, Rex::ElfParsey::ElfBase::PT_SHLIB

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(isource) ⇒ Elf

Returns a new instance of Elf.



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/rex/elfparsey/elf.rb', line 15

def initialize(isource)
	offset = 0
	base_addr = 0

	# ELF Header
	elf_header = ElfHeader.new(isource.read(offset, ELF_HEADER_SIZE))

	# Data encoding
	ei_data = elf_header.e_ident[EI_DATA,1].unpack("C")[0]

	e_phoff = elf_header.e_phoff
	e_phentsize = elf_header.e_phentsize
	e_phnum = elf_header.e_phnum

	# Program Header Table
	program_header = []

	e_phnum.times do |i|
		offset = e_phoff + (e_phentsize * i)

		program_header << ProgramHeader.new(
			isource.read(offset, PROGRAM_HEADER_SIZE), ei_data
		)

		if program_header[-1].p_type == PT_LOAD && base_addr == 0
			base_addr = program_header[-1].p_vaddr
		end

	end

	self.elf_header = elf_header
	self.program_header = program_header
	self.base_addr = base_addr
	self.isource = isource
end

Instance Attribute Details

#base_addrObject

Returns the value of attribute base_addr.



13
14
15
 
# File 'lib/rex/elfparsey/elf.rb', line 13

def base_addr
  @base_addr
end

#elf_headerObject

Returns the value of attribute elf_header.



13
14
15
 
# File 'lib/rex/elfparsey/elf.rb', line 13

def elf_header
  @elf_header
end

#isourceObject

Returns the value of attribute isource.



13
14
15
 
# File 'lib/rex/elfparsey/elf.rb', line 13

def isource
  @isource
end

#program_headerObject

Returns the value of attribute program_header.



13
14
15
 
# File 'lib/rex/elfparsey/elf.rb', line 13

def program_header
  @program_header
end

Class Method Details

.new_from_file(filename, disk_backed = false) ⇒ Object 



51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/rex/elfparsey/elf.rb', line 51

def self.new_from_file(filename, disk_backed = false)

	file = ::File.new(filename)
	# file.binmode # windows... :\

	if disk_backed
		return self.new(ImageSource::Disk.new(file))
	else
		obj = new_from_string(file.read)
		file.close
		return obj
	end
end

.new_from_string(data) ⇒ Object 



65
66
67
 
# File 'lib/rex/elfparsey/elf.rb', line 65

def self.new_from_string(data)
	return self.new(ImageSource::Memory.new(data))
end

Instance Method Details

#closeObject 



117
118
119
 
# File 'lib/rex/elfparsey/elf.rb', line 117

def close
	isource.close
end

#index(*args) ⇒ Object 



113
114
115
 
# File 'lib/rex/elfparsey/elf.rb', line 113

def index(*args)
	isource.index(*args)
end

#offset_to_rva(offset) ⇒ Object 



97
98
99
 
# File 'lib/rex/elfparsey/elf.rb', line 97

def offset_to_rva(offset)
	base_addr + offset
end

#ptr_32?Boolean

Returns true if this binary is for a 32-bit architecture. This check does not take into account 16-bit binaries at the moment.

Returns:

  • (Boolean) 


85
86
87
 
# File 'lib/rex/elfparsey/elf.rb', line 85

def ptr_32?
	ptr_64? == false
end

#ptr_64?Boolean

Returns true if this binary is for a 64-bit architecture.

Returns:

  • (Boolean) 


72
73
74
75
76
77
78
79
 
# File 'lib/rex/elfparsey/elf.rb', line 72

def ptr_64?
	unless [ ELFCLASS32, ELFCLASS64 ].include?(
	elf_header.e_ident[EI_CLASS,1].unpack("C*")[0])
		raise ElfHeaderError, 'Invalid class', caller
	end

	elf_header.e_ident[EI_CLASS,1].unpack("C*")[0] == ELFCLASS64
end

#ptr_s(rva) ⇒ Object

Converts a virtual address to a string representation based on the underlying architecture.



93
94
95
 
# File 'lib/rex/elfparsey/elf.rb', line 93

def ptr_s(rva)
	(ptr_32?) ? ("0x%.8x" % rva) : ("0x%.16x" % rva)
end

#read(offset, len) ⇒ Object 



105
106
107
 
# File 'lib/rex/elfparsey/elf.rb', line 105

def read(offset, len)
	isource.read(offset, len)
end

#read_rva(rva, len) ⇒ Object 



109
110
111
 
# File 'lib/rex/elfparsey/elf.rb', line 109

def read_rva(rva, len)
	isource.read(rva_to_offset(rva), len)
end

#rva_to_offset(rva) ⇒ Object 



101
102
103
 
# File 'lib/rex/elfparsey/elf.rb', line 101

def rva_to_offset(rva)
	rva - base_addr
end