Class: Rex::ElfParsey::Elf
Constant Summary
Constants inherited from ElfBase
Rex::ElfParsey::ElfBase::EI_CLASS, Rex::ElfParsey::ElfBase::EI_DATA, Rex::ElfParsey::ElfBase::EI_MAG0, Rex::ElfParsey::ElfBase::EI_MAG1, Rex::ElfParsey::ElfBase::EI_MAG2, Rex::ElfParsey::ElfBase::EI_MAG3, Rex::ElfParsey::ElfBase::EI_NIDENT, Rex::ElfParsey::ElfBase::EI_PAD, Rex::ElfParsey::ElfBase::EI_VERSION, Rex::ElfParsey::ElfBase::ELF32_EHDR_LSB, Rex::ElfParsey::ElfBase::ELF32_EHDR_MSB, Rex::ElfParsey::ElfBase::ELF32_PHDR_LSB, Rex::ElfParsey::ElfBase::ELF32_PHDR_MSB, Rex::ElfParsey::ElfBase::ELFCLASS32, Rex::ElfParsey::ElfBase::ELFCLASS64, Rex::ElfParsey::ElfBase::ELFCLASSNONE, Rex::ElfParsey::ElfBase::ELFDATA2LSB, Rex::ElfParsey::ElfBase::ELFDATA2MSB, Rex::ElfParsey::ElfBase::ELFDATANONE, Rex::ElfParsey::ElfBase::ELFMAG, Rex::ElfParsey::ElfBase::ELFMAG0, Rex::ElfParsey::ElfBase::ELFMAG1, Rex::ElfParsey::ElfBase::ELFMAG2, Rex::ElfParsey::ElfBase::ELFMAG3, Rex::ElfParsey::ElfBase::ELF_HEADER_SIZE, Rex::ElfParsey::ElfBase::EM_386, Rex::ElfParsey::ElfBase::EM_68K, Rex::ElfParsey::ElfBase::EM_860, Rex::ElfParsey::ElfBase::EM_88K, Rex::ElfParsey::ElfBase::EM_M32, Rex::ElfParsey::ElfBase::EM_MIPS, Rex::ElfParsey::ElfBase::EM_MIPS_RS4_BE, Rex::ElfParsey::ElfBase::EM_SPARC, Rex::ElfParsey::ElfBase::ET_CORE, Rex::ElfParsey::ElfBase::ET_DYN, Rex::ElfParsey::ElfBase::ET_EXEC, Rex::ElfParsey::ElfBase::ET_HIPROC, Rex::ElfParsey::ElfBase::ET_LOPROC, Rex::ElfParsey::ElfBase::ET_NONE, Rex::ElfParsey::ElfBase::ET_REL, Rex::ElfParsey::ElfBase::EV_CURRENT, Rex::ElfParsey::ElfBase::EV_NONE, Rex::ElfParsey::ElfBase::PF_EXEC, Rex::ElfParsey::ElfBase::PF_READ, Rex::ElfParsey::ElfBase::PF_WRITE, Rex::ElfParsey::ElfBase::PROGRAM_HEADER_SIZE, Rex::ElfParsey::ElfBase::PT_DYNAMIC, Rex::ElfParsey::ElfBase::PT_HIPROC, Rex::ElfParsey::ElfBase::PT_INTERP, Rex::ElfParsey::ElfBase::PT_LOAD, Rex::ElfParsey::ElfBase::PT_LOPROC, Rex::ElfParsey::ElfBase::PT_NOTE, Rex::ElfParsey::ElfBase::PT_NULL, Rex::ElfParsey::ElfBase::PT_PHDR, Rex::ElfParsey::ElfBase::PT_SHLIB
Instance Attribute Summary collapse
-
#base_addr ⇒ Object
Returns the value of attribute base_addr.
-
#elf_header ⇒ Object
Returns the value of attribute elf_header.
-
#isource ⇒ Object
Returns the value of attribute isource.
-
#program_header ⇒ Object
Returns the value of attribute program_header.
Class Method Summary collapse
Instance Method Summary collapse
- #close ⇒ Object
- #index(*args) ⇒ Object
-
#initialize(isource) ⇒ Elf
constructor
A new instance of Elf.
- #offset_to_rva(offset) ⇒ Object
-
#ptr_32? ⇒ Boolean
Returns true if this binary is for a 32-bit architecture.
-
#ptr_64? ⇒ Boolean
Returns true if this binary is for a 64-bit architecture.
-
#ptr_s(rva) ⇒ Object
Converts a virtual address to a string representation based on the underlying architecture.
- #read(offset, len) ⇒ Object
- #read_rva(rva, len) ⇒ Object
- #rva_to_offset(rva) ⇒ Object
Constructor Details
#initialize(isource) ⇒ Elf
Returns a new instance of Elf.
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/rex/elfparsey/elf.rb', line 13 def initialize(isource) offset = 0 base_addr = 0 # ELF Header elf_header = ElfHeader.new(isource.read(offset, ELF_HEADER_SIZE)) # Data encoding ei_data = elf_header.e_ident[EI_DATA,1].unpack("C")[0] e_phoff = elf_header.e_phoff e_phentsize = elf_header.e_phentsize e_phnum = elf_header.e_phnum # Program Header Table program_header = [] e_phnum.times do |i| offset = e_phoff + (e_phentsize * i) program_header << ProgramHeader.new( isource.read(offset, PROGRAM_HEADER_SIZE), ei_data ) if program_header[-1].p_type == PT_LOAD && program_header[-1].p_flags & PF_EXEC > 0 base_addr = program_header[-1].p_vaddr end end self.elf_header = elf_header self.program_header = program_header self.base_addr = base_addr self.isource = isource end |
Instance Attribute Details
#base_addr ⇒ Object
Returns the value of attribute base_addr.
11 12 13 |
# File 'lib/rex/elfparsey/elf.rb', line 11 def base_addr @base_addr end |
#elf_header ⇒ Object
Returns the value of attribute elf_header.
11 12 13 |
# File 'lib/rex/elfparsey/elf.rb', line 11 def elf_header @elf_header end |
#isource ⇒ Object
Returns the value of attribute isource.
11 12 13 |
# File 'lib/rex/elfparsey/elf.rb', line 11 def isource @isource end |
#program_header ⇒ Object
Returns the value of attribute program_header.
11 12 13 |
# File 'lib/rex/elfparsey/elf.rb', line 11 def program_header @program_header end |
Class Method Details
.new_from_file(filename, disk_backed = false) ⇒ Object
49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/rex/elfparsey/elf.rb', line 49 def self.new_from_file(filename, disk_backed = false) file = ::File.new(filename) # file.binmode # windows... :\ if disk_backed return self.new(ImageSource::Disk.new(file)) else obj = new_from_string(file.read) file.close return obj end end |
.new_from_string(data) ⇒ Object
63 64 65 |
# File 'lib/rex/elfparsey/elf.rb', line 63 def self.new_from_string(data) return self.new(ImageSource::Memory.new(data)) end |
Instance Method Details
#close ⇒ Object
115 116 117 |
# File 'lib/rex/elfparsey/elf.rb', line 115 def close isource.close end |
#index(*args) ⇒ Object
111 112 113 |
# File 'lib/rex/elfparsey/elf.rb', line 111 def index(*args) isource.index(*args) end |
#offset_to_rva(offset) ⇒ Object
95 96 97 |
# File 'lib/rex/elfparsey/elf.rb', line 95 def offset_to_rva(offset) base_addr + offset end |
#ptr_32? ⇒ Boolean
Returns true if this binary is for a 32-bit architecture. This check does not take into account 16-bit binaries at the moment.
83 84 85 |
# File 'lib/rex/elfparsey/elf.rb', line 83 def ptr_32? ptr_64? == false end |
#ptr_64? ⇒ Boolean
Returns true if this binary is for a 64-bit architecture.
70 71 72 73 74 75 76 77 |
# File 'lib/rex/elfparsey/elf.rb', line 70 def ptr_64? unless [ ELFCLASS32, ELFCLASS64 ].include?( elf_header.e_ident[EI_CLASS,1].unpack("C*")[0]) raise ElfHeaderError, 'Invalid class', caller end elf_header.e_ident[EI_CLASS,1].unpack("C*")[0] == ELFCLASS64 end |
#ptr_s(rva) ⇒ Object
Converts a virtual address to a string representation based on the underlying architecture.
91 92 93 |
# File 'lib/rex/elfparsey/elf.rb', line 91 def ptr_s(rva) (ptr_32?) ? ("0x%.8x" % rva) : ("0x%.16x" % rva) end |
#read(offset, len) ⇒ Object
103 104 105 |
# File 'lib/rex/elfparsey/elf.rb', line 103 def read(offset, len) isource.read(offset, len) end |
#read_rva(rva, len) ⇒ Object
107 108 109 |
# File 'lib/rex/elfparsey/elf.rb', line 107 def read_rva(rva, len) isource.read(rva_to_offset(rva), len) end |
#rva_to_offset(rva) ⇒ Object
99 100 101 |
# File 'lib/rex/elfparsey/elf.rb', line 99 def rva_to_offset(rva) rva - base_addr end |