Class: Rex::ElfParsey::Elf
Constant Summary
Constants inherited from ElfBase
Rex::ElfParsey::ElfBase::EI_CLASS, Rex::ElfParsey::ElfBase::EI_DATA, Rex::ElfParsey::ElfBase::EI_MAG0, Rex::ElfParsey::ElfBase::EI_MAG1, Rex::ElfParsey::ElfBase::EI_MAG2, Rex::ElfParsey::ElfBase::EI_MAG3, Rex::ElfParsey::ElfBase::EI_NIDENT, Rex::ElfParsey::ElfBase::EI_PAD, Rex::ElfParsey::ElfBase::EI_VERSION, Rex::ElfParsey::ElfBase::ELF32_EHDR_LSB, Rex::ElfParsey::ElfBase::ELF32_EHDR_MSB, Rex::ElfParsey::ElfBase::ELF32_PHDR_LSB, Rex::ElfParsey::ElfBase::ELF32_PHDR_MSB, Rex::ElfParsey::ElfBase::ELFCLASS32, Rex::ElfParsey::ElfBase::ELFCLASS64, Rex::ElfParsey::ElfBase::ELFCLASSNONE, Rex::ElfParsey::ElfBase::ELFDATA2LSB, Rex::ElfParsey::ElfBase::ELFDATA2MSB, Rex::ElfParsey::ElfBase::ELFDATANONE, Rex::ElfParsey::ElfBase::ELFMAG, Rex::ElfParsey::ElfBase::ELFMAG0, Rex::ElfParsey::ElfBase::ELFMAG1, Rex::ElfParsey::ElfBase::ELFMAG2, Rex::ElfParsey::ElfBase::ELFMAG3, Rex::ElfParsey::ElfBase::ELF_HEADER_SIZE, Rex::ElfParsey::ElfBase::EM_386, Rex::ElfParsey::ElfBase::EM_68K, Rex::ElfParsey::ElfBase::EM_860, Rex::ElfParsey::ElfBase::EM_88K, Rex::ElfParsey::ElfBase::EM_M32, Rex::ElfParsey::ElfBase::EM_MIPS, Rex::ElfParsey::ElfBase::EM_MIPS_RS4_BE, Rex::ElfParsey::ElfBase::EM_SPARC, Rex::ElfParsey::ElfBase::ET_CORE, Rex::ElfParsey::ElfBase::ET_DYN, Rex::ElfParsey::ElfBase::ET_EXEC, Rex::ElfParsey::ElfBase::ET_HIPROC, Rex::ElfParsey::ElfBase::ET_LOPROC, Rex::ElfParsey::ElfBase::ET_NONE, Rex::ElfParsey::ElfBase::ET_REL, Rex::ElfParsey::ElfBase::EV_CURRENT, Rex::ElfParsey::ElfBase::EV_NONE, Rex::ElfParsey::ElfBase::PROGRAM_HEADER_SIZE, Rex::ElfParsey::ElfBase::PT_DYNAMIC, Rex::ElfParsey::ElfBase::PT_HIPROC, Rex::ElfParsey::ElfBase::PT_INTERP, Rex::ElfParsey::ElfBase::PT_LOAD, Rex::ElfParsey::ElfBase::PT_LOPROC, Rex::ElfParsey::ElfBase::PT_NOTE, Rex::ElfParsey::ElfBase::PT_NULL, Rex::ElfParsey::ElfBase::PT_PHDR, Rex::ElfParsey::ElfBase::PT_SHLIB
Instance Attribute Summary collapse
-
#base_addr ⇒ Object
Returns the value of attribute base_addr.
-
#elf_header ⇒ Object
Returns the value of attribute elf_header.
-
#isource ⇒ Object
Returns the value of attribute isource.
-
#program_header ⇒ Object
Returns the value of attribute program_header.
Class Method Summary collapse
Instance Method Summary collapse
- #close ⇒ Object
- #index(*args) ⇒ Object
-
#initialize(isource) ⇒ Elf
constructor
A new instance of Elf.
- #offset_to_rva(offset) ⇒ Object
-
#ptr_32? ⇒ Boolean
Returns true if this binary is for a 32-bit architecture.
-
#ptr_64? ⇒ Boolean
Returns true if this binary is for a 64-bit architecture.
-
#ptr_s(rva) ⇒ Object
Converts a virtual address to a string representation based on the underlying architecture.
- #read(offset, len) ⇒ Object
- #read_rva(rva, len) ⇒ Object
- #rva_to_offset(rva) ⇒ Object
Constructor Details
#initialize(isource) ⇒ Elf
Returns a new instance of Elf.
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/rex/elfparsey/elf.rb', line 15 def initialize(isource) offset = 0 base_addr = 0 # ELF Header elf_header = ElfHeader.new(isource.read(offset, ELF_HEADER_SIZE)) # Data encoding ei_data = elf_header.e_ident[EI_DATA,1].unpack("C")[0] e_phoff = elf_header.e_phoff e_phentsize = elf_header.e_phentsize e_phnum = elf_header.e_phnum # Program Header Table program_header = [] e_phnum.times do |i| offset = e_phoff + (e_phentsize * i) program_header << ProgramHeader.new( isource.read(offset, PROGRAM_HEADER_SIZE), ei_data ) if program_header[-1].p_type == PT_LOAD && base_addr == 0 base_addr = program_header[-1].p_vaddr end end self.elf_header = elf_header self.program_header = program_header self.base_addr = base_addr self.isource = isource end |
Instance Attribute Details
#base_addr ⇒ Object
Returns the value of attribute base_addr.
13 14 15 |
# File 'lib/rex/elfparsey/elf.rb', line 13 def base_addr @base_addr end |
#elf_header ⇒ Object
Returns the value of attribute elf_header.
13 14 15 |
# File 'lib/rex/elfparsey/elf.rb', line 13 def elf_header @elf_header end |
#isource ⇒ Object
Returns the value of attribute isource.
13 14 15 |
# File 'lib/rex/elfparsey/elf.rb', line 13 def isource @isource end |
#program_header ⇒ Object
Returns the value of attribute program_header.
13 14 15 |
# File 'lib/rex/elfparsey/elf.rb', line 13 def program_header @program_header end |
Class Method Details
.new_from_file(filename, disk_backed = false) ⇒ Object
51 52 53 54 55 56 57 58 59 60 61 62 63 |
# File 'lib/rex/elfparsey/elf.rb', line 51 def self.new_from_file(filename, disk_backed = false) file = ::File.new(filename) # file.binmode # windows... :\ if disk_backed return self.new(ImageSource::Disk.new(file)) else obj = new_from_string(file.read) file.close return obj end end |
.new_from_string(data) ⇒ Object
65 66 67 |
# File 'lib/rex/elfparsey/elf.rb', line 65 def self.new_from_string(data) return self.new(ImageSource::Memory.new(data)) end |
Instance Method Details
#close ⇒ Object
117 118 119 |
# File 'lib/rex/elfparsey/elf.rb', line 117 def close isource.close end |
#index(*args) ⇒ Object
113 114 115 |
# File 'lib/rex/elfparsey/elf.rb', line 113 def index(*args) isource.index(*args) end |
#offset_to_rva(offset) ⇒ Object
97 98 99 |
# File 'lib/rex/elfparsey/elf.rb', line 97 def offset_to_rva(offset) base_addr + offset end |
#ptr_32? ⇒ Boolean
Returns true if this binary is for a 32-bit architecture. This check does not take into account 16-bit binaries at the moment.
85 86 87 |
# File 'lib/rex/elfparsey/elf.rb', line 85 def ptr_32? ptr_64? == false end |
#ptr_64? ⇒ Boolean
Returns true if this binary is for a 64-bit architecture.
72 73 74 75 76 77 78 79 |
# File 'lib/rex/elfparsey/elf.rb', line 72 def ptr_64? unless [ ELFCLASS32, ELFCLASS64 ].include?( elf_header.e_ident[EI_CLASS,1].unpack("C*")[0]) raise ElfHeaderError, 'Invalid class', caller end elf_header.e_ident[EI_CLASS,1].unpack("C*")[0] == ELFCLASS64 end |
#ptr_s(rva) ⇒ Object
Converts a virtual address to a string representation based on the underlying architecture.
93 94 95 |
# File 'lib/rex/elfparsey/elf.rb', line 93 def ptr_s(rva) (ptr_32?) ? ("0x%.8x" % rva) : ("0x%.16x" % rva) end |
#read(offset, len) ⇒ Object
105 106 107 |
# File 'lib/rex/elfparsey/elf.rb', line 105 def read(offset, len) isource.read(offset, len) end |
#read_rva(rva, len) ⇒ Object
109 110 111 |
# File 'lib/rex/elfparsey/elf.rb', line 109 def read_rva(rva, len) isource.read(rva_to_offset(rva), len) end |
#rva_to_offset(rva) ⇒ Object
101 102 103 |
# File 'lib/rex/elfparsey/elf.rb', line 101 def rva_to_offset(rva) rva - base_addr end |