Class: Rex::ElfParsey::Elf

Inherits:
ElfBase
  • Object
show all
Defined in:
lib/rex/elfparsey/elf.rb

Constant Summary

Constants inherited from ElfBase

Rex::ElfParsey::ElfBase::EI_CLASS, Rex::ElfParsey::ElfBase::EI_DATA, Rex::ElfParsey::ElfBase::EI_MAG0, Rex::ElfParsey::ElfBase::EI_MAG1, Rex::ElfParsey::ElfBase::EI_MAG2, Rex::ElfParsey::ElfBase::EI_MAG3, Rex::ElfParsey::ElfBase::EI_NIDENT, Rex::ElfParsey::ElfBase::EI_PAD, Rex::ElfParsey::ElfBase::EI_VERSION, Rex::ElfParsey::ElfBase::ELF32_EHDR_LSB, Rex::ElfParsey::ElfBase::ELF32_EHDR_MSB, Rex::ElfParsey::ElfBase::ELF32_PHDR_LSB, Rex::ElfParsey::ElfBase::ELF32_PHDR_MSB, Rex::ElfParsey::ElfBase::ELFCLASS32, Rex::ElfParsey::ElfBase::ELFCLASS64, Rex::ElfParsey::ElfBase::ELFCLASSNONE, Rex::ElfParsey::ElfBase::ELFDATA2LSB, Rex::ElfParsey::ElfBase::ELFDATA2MSB, Rex::ElfParsey::ElfBase::ELFDATANONE, Rex::ElfParsey::ElfBase::ELFMAG, Rex::ElfParsey::ElfBase::ELFMAG0, Rex::ElfParsey::ElfBase::ELFMAG1, Rex::ElfParsey::ElfBase::ELFMAG2, Rex::ElfParsey::ElfBase::ELFMAG3, Rex::ElfParsey::ElfBase::ELF_HEADER_SIZE, Rex::ElfParsey::ElfBase::EM_386, Rex::ElfParsey::ElfBase::EM_68K, Rex::ElfParsey::ElfBase::EM_860, Rex::ElfParsey::ElfBase::EM_88K, Rex::ElfParsey::ElfBase::EM_M32, Rex::ElfParsey::ElfBase::EM_MIPS, Rex::ElfParsey::ElfBase::EM_MIPS_RS4_BE, Rex::ElfParsey::ElfBase::EM_SPARC, Rex::ElfParsey::ElfBase::ET_CORE, Rex::ElfParsey::ElfBase::ET_DYN, Rex::ElfParsey::ElfBase::ET_EXEC, Rex::ElfParsey::ElfBase::ET_HIPROC, Rex::ElfParsey::ElfBase::ET_LOPROC, Rex::ElfParsey::ElfBase::ET_NONE, Rex::ElfParsey::ElfBase::ET_REL, Rex::ElfParsey::ElfBase::EV_CURRENT, Rex::ElfParsey::ElfBase::EV_NONE, Rex::ElfParsey::ElfBase::PROGRAM_HEADER_SIZE, Rex::ElfParsey::ElfBase::PT_DYNAMIC, Rex::ElfParsey::ElfBase::PT_HIPROC, Rex::ElfParsey::ElfBase::PT_INTERP, Rex::ElfParsey::ElfBase::PT_LOAD, Rex::ElfParsey::ElfBase::PT_LOPROC, Rex::ElfParsey::ElfBase::PT_NOTE, Rex::ElfParsey::ElfBase::PT_NULL, Rex::ElfParsey::ElfBase::PT_PHDR, Rex::ElfParsey::ElfBase::PT_SHLIB

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(isource) ⇒ Elf

Returns a new instance of Elf.



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/rex/elfparsey/elf.rb', line 16

def initialize(isource)
  offset = 0
  base_addr = 0

  # ELF Header
  elf_header = ElfHeader.new(isource.read(offset, ELF_HEADER_SIZE))

  # Data encoding
  ei_data = elf_header.e_ident[EI_DATA,1].unpack("C")[0]

  e_phoff = elf_header.e_phoff
  e_phentsize = elf_header.e_phentsize
  e_phnum = elf_header.e_phnum

  # Program Header Table
  program_header = []

  e_phnum.times do |i|
    offset = e_phoff + (e_phentsize * i)

    program_header << ProgramHeader.new(
      isource.read(offset, PROGRAM_HEADER_SIZE), ei_data
    )

    if program_header[-1].p_type == PT_LOAD && base_addr == 0
      base_addr = program_header[-1].p_vaddr
    end

  end

  self.elf_header = elf_header
  self.program_header = program_header
  self.base_addr = base_addr
  self.isource = isource
end

Instance Attribute Details

#base_addrObject

Returns the value of attribute base_addr.



14
15
16
 
# File 'lib/rex/elfparsey/elf.rb', line 14

def base_addr
  @base_addr
end

#elf_headerObject

Returns the value of attribute elf_header.



14
15
16
 
# File 'lib/rex/elfparsey/elf.rb', line 14

def elf_header
  @elf_header
end

#isourceObject

Returns the value of attribute isource.



14
15
16
 
# File 'lib/rex/elfparsey/elf.rb', line 14

def isource
  @isource
end

#program_headerObject

Returns the value of attribute program_header.



14
15
16
 
# File 'lib/rex/elfparsey/elf.rb', line 14

def program_header
  @program_header
end

Class Method Details

.new_from_file(filename, disk_backed = false) ⇒ Object 



52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/rex/elfparsey/elf.rb', line 52

def self.new_from_file(filename, disk_backed = false)

  file = ::File.new(filename)
  # file.binmode # windows... : 
  if disk_backed
    return self.new(ImageSource::Disk.new(file))
  else
    obj = new_from_string(file.read)
    file.close
    return obj
  end
end

.new_from_string(data) ⇒ Object 



66
67
68
 
# File 'lib/rex/elfparsey/elf.rb', line 66

def self.new_from_string(data)
  return self.new(ImageSource::Memory.new(data))
end

Instance Method Details

#closeObject 



118
119
120
 
# File 'lib/rex/elfparsey/elf.rb', line 118

def close
  isource.close
end

#index(*args) ⇒ Object 



114
115
116
 
# File 'lib/rex/elfparsey/elf.rb', line 114

def index(*args)
  isource.index(*args)
end

#offset_to_rva(offset) ⇒ Object 



98
99
100
 
# File 'lib/rex/elfparsey/elf.rb', line 98

def offset_to_rva(offset)
  base_addr + offset
end

#ptr_32?Boolean

Returns true if this binary is for a 32-bit architecture. This check does not take into account 16-bit binaries at the moment.

Returns:

  • (Boolean) 


86
87
88
 
# File 'lib/rex/elfparsey/elf.rb', line 86

def ptr_32?
  ptr_64? == false
end

#ptr_64?Boolean

Returns true if this binary is for a 64-bit architecture.

Returns:

  • (Boolean) 


73
74
75
76
77
78
79
80
 
# File 'lib/rex/elfparsey/elf.rb', line 73

def ptr_64?
  unless [ ELFCLASS32, ELFCLASS64 ].include?(
  elf_header.e_ident[EI_CLASS,1].unpack("C*")[0])
    raise ElfHeaderError, 'Invalid class', caller
  end

  elf_header.e_ident[EI_CLASS,1].unpack("C*")[0] == ELFCLASS64
end

#ptr_s(rva) ⇒ Object

Converts a virtual address to a string representation based on the underlying architecture.



94
95
96
 
# File 'lib/rex/elfparsey/elf.rb', line 94

def ptr_s(rva)
  (ptr_32?) ? ("0x%.8x" % rva) : ("0x%.16x" % rva)
end

#read(offset, len) ⇒ Object 



106
107
108
 
# File 'lib/rex/elfparsey/elf.rb', line 106

def read(offset, len)
  isource.read(offset, len)
end

#read_rva(rva, len) ⇒ Object 



110
111
112
 
# File 'lib/rex/elfparsey/elf.rb', line 110

def read_rva(rva, len)
  isource.read(rva_to_offset(rva), len)
end

#rva_to_offset(rva) ⇒ Object 



102
103
104
 
# File 'lib/rex/elfparsey/elf.rb', line 102

def rva_to_offset(rva)
  rva - base_addr
end