Class: Rex::ElfParsey::Elf

Inherits:
ElfBase
  • Object
show all
Defined in:
lib/rex/elfparsey/elf.rb

Constant Summary

Constants inherited from ElfBase

Rex::ElfParsey::ElfBase::EI_CLASS, Rex::ElfParsey::ElfBase::EI_DATA, Rex::ElfParsey::ElfBase::EI_MAG0, Rex::ElfParsey::ElfBase::EI_MAG1, Rex::ElfParsey::ElfBase::EI_MAG2, Rex::ElfParsey::ElfBase::EI_MAG3, Rex::ElfParsey::ElfBase::EI_NIDENT, Rex::ElfParsey::ElfBase::EI_PAD, Rex::ElfParsey::ElfBase::EI_VERSION, Rex::ElfParsey::ElfBase::ELF32_EHDR_LSB, Rex::ElfParsey::ElfBase::ELF32_EHDR_MSB, Rex::ElfParsey::ElfBase::ELF32_PHDR_LSB, Rex::ElfParsey::ElfBase::ELF32_PHDR_MSB, Rex::ElfParsey::ElfBase::ELFCLASS32, Rex::ElfParsey::ElfBase::ELFCLASS64, Rex::ElfParsey::ElfBase::ELFCLASSNONE, Rex::ElfParsey::ElfBase::ELFDATA2LSB, Rex::ElfParsey::ElfBase::ELFDATA2MSB, Rex::ElfParsey::ElfBase::ELFDATANONE, Rex::ElfParsey::ElfBase::ELFMAG, Rex::ElfParsey::ElfBase::ELFMAG0, Rex::ElfParsey::ElfBase::ELFMAG1, Rex::ElfParsey::ElfBase::ELFMAG2, Rex::ElfParsey::ElfBase::ELFMAG3, Rex::ElfParsey::ElfBase::ELF_HEADER_SIZE, Rex::ElfParsey::ElfBase::EM_386, Rex::ElfParsey::ElfBase::EM_68K, Rex::ElfParsey::ElfBase::EM_860, Rex::ElfParsey::ElfBase::EM_88K, Rex::ElfParsey::ElfBase::EM_M32, Rex::ElfParsey::ElfBase::EM_MIPS, Rex::ElfParsey::ElfBase::EM_MIPS_RS4_BE, Rex::ElfParsey::ElfBase::EM_SPARC, Rex::ElfParsey::ElfBase::ET_CORE, Rex::ElfParsey::ElfBase::ET_DYN, Rex::ElfParsey::ElfBase::ET_EXEC, Rex::ElfParsey::ElfBase::ET_HIPROC, Rex::ElfParsey::ElfBase::ET_LOPROC, Rex::ElfParsey::ElfBase::ET_NONE, Rex::ElfParsey::ElfBase::ET_REL, Rex::ElfParsey::ElfBase::EV_CURRENT, Rex::ElfParsey::ElfBase::EV_NONE, Rex::ElfParsey::ElfBase::PF_EXEC, Rex::ElfParsey::ElfBase::PF_READ, Rex::ElfParsey::ElfBase::PF_WRITE, Rex::ElfParsey::ElfBase::PROGRAM_HEADER_SIZE, Rex::ElfParsey::ElfBase::PT_DYNAMIC, Rex::ElfParsey::ElfBase::PT_HIPROC, Rex::ElfParsey::ElfBase::PT_INTERP, Rex::ElfParsey::ElfBase::PT_LOAD, Rex::ElfParsey::ElfBase::PT_LOPROC, Rex::ElfParsey::ElfBase::PT_NOTE, Rex::ElfParsey::ElfBase::PT_NULL, Rex::ElfParsey::ElfBase::PT_PHDR, Rex::ElfParsey::ElfBase::PT_SHLIB

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(isource) ⇒ Elf

Returns a new instance of Elf.



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# File 'lib/rex/elfparsey/elf.rb', line 13

def initialize(isource)
  offset = 0
  base_addr = 0

  # ELF Header
  elf_header = ElfHeader.new(isource.read(offset, ELF_HEADER_SIZE))

  # Data encoding
  ei_data = elf_header.e_ident[EI_DATA,1].unpack("C")[0]

  e_phoff = elf_header.e_phoff
  e_phentsize = elf_header.e_phentsize
  e_phnum = elf_header.e_phnum

  # Program Header Table
  program_header = []

  e_phnum.times do |i|
    offset = e_phoff + (e_phentsize * i)

    program_header << ProgramHeader.new(
      isource.read(offset, PROGRAM_HEADER_SIZE), ei_data
    )

    if program_header[-1].p_type == PT_LOAD && program_header[-1].p_flags & PF_EXEC > 0
      base_addr = program_header[-1].p_vaddr
    end

  end

  self.elf_header = elf_header
  self.program_header = program_header
  self.base_addr = base_addr
  self.isource = isource
end

Instance Attribute Details

#base_addrObject

Returns the value of attribute base_addr.



11
12
13
# File 'lib/rex/elfparsey/elf.rb', line 11

def base_addr
  @base_addr
end

#elf_headerObject

Returns the value of attribute elf_header.



11
12
13
# File 'lib/rex/elfparsey/elf.rb', line 11

def elf_header
  @elf_header
end

#isourceObject

Returns the value of attribute isource.



11
12
13
# File 'lib/rex/elfparsey/elf.rb', line 11

def isource
  @isource
end

#program_headerObject

Returns the value of attribute program_header.



11
12
13
# File 'lib/rex/elfparsey/elf.rb', line 11

def program_header
  @program_header
end

Class Method Details

.new_from_file(filename, disk_backed = false) ⇒ Object



49
50
51
52
53
54
55
56
57
58
59
60
61
# File 'lib/rex/elfparsey/elf.rb', line 49

def self.new_from_file(filename, disk_backed = false)

  file = ::File.new(filename)
  # file.binmode # windows... :\

  if disk_backed
    return self.new(ImageSource::Disk.new(file))
  else
    obj = new_from_string(file.read)
    file.close
    return obj
  end
end

.new_from_string(data) ⇒ Object



63
64
65
# File 'lib/rex/elfparsey/elf.rb', line 63

def self.new_from_string(data)
  return self.new(ImageSource::Memory.new(data))
end

Instance Method Details

#closeObject



115
116
117
# File 'lib/rex/elfparsey/elf.rb', line 115

def close
  isource.close
end

#index(*args) ⇒ Object



111
112
113
# File 'lib/rex/elfparsey/elf.rb', line 111

def index(*args)
  isource.index(*args)
end

#offset_to_rva(offset) ⇒ Object



95
96
97
# File 'lib/rex/elfparsey/elf.rb', line 95

def offset_to_rva(offset)
  base_addr + offset
end

#ptr_32?Boolean

Returns true if this binary is for a 32-bit architecture. This check does not take into account 16-bit binaries at the moment.

Returns:

  • (Boolean)


83
84
85
# File 'lib/rex/elfparsey/elf.rb', line 83

def ptr_32?
  ptr_64? == false
end

#ptr_64?Boolean

Returns true if this binary is for a 64-bit architecture.

Returns:

  • (Boolean)


70
71
72
73
74
75
76
77
# File 'lib/rex/elfparsey/elf.rb', line 70

def ptr_64?
  unless [ ELFCLASS32, ELFCLASS64 ].include?(
  elf_header.e_ident[EI_CLASS,1].unpack("C*")[0])
    raise ElfHeaderError, 'Invalid class', caller
  end

  elf_header.e_ident[EI_CLASS,1].unpack("C*")[0] == ELFCLASS64
end

#ptr_s(rva) ⇒ Object

Converts a virtual address to a string representation based on the underlying architecture.



91
92
93
# File 'lib/rex/elfparsey/elf.rb', line 91

def ptr_s(rva)
  (ptr_32?) ? ("0x%.8x" % rva) : ("0x%.16x" % rva)
end

#read(offset, len) ⇒ Object



103
104
105
# File 'lib/rex/elfparsey/elf.rb', line 103

def read(offset, len)
  isource.read(offset, len)
end

#read_rva(rva, len) ⇒ Object



107
108
109
# File 'lib/rex/elfparsey/elf.rb', line 107

def read_rva(rva, len)
  isource.read(rva_to_offset(rva), len)
end

#rva_to_offset(rva) ⇒ Object



99
100
101
# File 'lib/rex/elfparsey/elf.rb', line 99

def rva_to_offset(rva)
  rva - base_addr
end