Class: Rex::ElfParsey::Elf

Inherits:
ElfBase
  • Object
show all
Defined in:
lib/rex/elfparsey/elf.rb

Constant Summary

Constants inherited from ElfBase

Rex::ElfParsey::ElfBase::EI_CLASS, Rex::ElfParsey::ElfBase::EI_DATA, Rex::ElfParsey::ElfBase::EI_MAG0, Rex::ElfParsey::ElfBase::EI_MAG1, Rex::ElfParsey::ElfBase::EI_MAG2, Rex::ElfParsey::ElfBase::EI_MAG3, Rex::ElfParsey::ElfBase::EI_NIDENT, Rex::ElfParsey::ElfBase::EI_PAD, Rex::ElfParsey::ElfBase::EI_VERSION, Rex::ElfParsey::ElfBase::ELF32_EHDR_LSB, Rex::ElfParsey::ElfBase::ELF32_EHDR_MSB, Rex::ElfParsey::ElfBase::ELF32_PHDR_LSB, Rex::ElfParsey::ElfBase::ELF32_PHDR_MSB, Rex::ElfParsey::ElfBase::ELFCLASS32, Rex::ElfParsey::ElfBase::ELFCLASS64, Rex::ElfParsey::ElfBase::ELFCLASSNONE, Rex::ElfParsey::ElfBase::ELFDATA2LSB, Rex::ElfParsey::ElfBase::ELFDATA2MSB, Rex::ElfParsey::ElfBase::ELFDATANONE, Rex::ElfParsey::ElfBase::ELFMAG, Rex::ElfParsey::ElfBase::ELFMAG0, Rex::ElfParsey::ElfBase::ELFMAG1, Rex::ElfParsey::ElfBase::ELFMAG2, Rex::ElfParsey::ElfBase::ELFMAG3, Rex::ElfParsey::ElfBase::ELF_HEADER_SIZE, Rex::ElfParsey::ElfBase::EM_386, Rex::ElfParsey::ElfBase::EM_68K, Rex::ElfParsey::ElfBase::EM_860, Rex::ElfParsey::ElfBase::EM_88K, Rex::ElfParsey::ElfBase::EM_M32, Rex::ElfParsey::ElfBase::EM_MIPS, Rex::ElfParsey::ElfBase::EM_MIPS_RS4_BE, Rex::ElfParsey::ElfBase::EM_SPARC, Rex::ElfParsey::ElfBase::ET_CORE, Rex::ElfParsey::ElfBase::ET_DYN, Rex::ElfParsey::ElfBase::ET_EXEC, Rex::ElfParsey::ElfBase::ET_HIPROC, Rex::ElfParsey::ElfBase::ET_LOPROC, Rex::ElfParsey::ElfBase::ET_NONE, Rex::ElfParsey::ElfBase::ET_REL, Rex::ElfParsey::ElfBase::EV_CURRENT, Rex::ElfParsey::ElfBase::EV_NONE, Rex::ElfParsey::ElfBase::PROGRAM_HEADER_SIZE, Rex::ElfParsey::ElfBase::PT_DYNAMIC, Rex::ElfParsey::ElfBase::PT_HIPROC, Rex::ElfParsey::ElfBase::PT_INTERP, Rex::ElfParsey::ElfBase::PT_LOAD, Rex::ElfParsey::ElfBase::PT_LOPROC, Rex::ElfParsey::ElfBase::PT_NOTE, Rex::ElfParsey::ElfBase::PT_NULL, Rex::ElfParsey::ElfBase::PT_PHDR, Rex::ElfParsey::ElfBase::PT_SHLIB

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(isource) ⇒ Elf

Returns a new instance of Elf


13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# File 'lib/rex/elfparsey/elf.rb', line 13

def initialize(isource)
  offset = 0
  base_addr = 0

  # ELF Header
  elf_header = ElfHeader.new(isource.read(offset, ELF_HEADER_SIZE))

  # Data encoding
  ei_data = elf_header.e_ident[EI_DATA,1].unpack("C")[0]

  e_phoff = elf_header.e_phoff
  e_phentsize = elf_header.e_phentsize
  e_phnum = elf_header.e_phnum

  # Program Header Table
  program_header = []

  e_phnum.times do |i|
    offset = e_phoff + (e_phentsize * i)

    program_header << ProgramHeader.new(
      isource.read(offset, PROGRAM_HEADER_SIZE), ei_data
    )

    if program_header[-1].p_type == PT_LOAD && base_addr == 0
      base_addr = program_header[-1].p_vaddr
    end

  end

  self.elf_header = elf_header
  self.program_header = program_header
  self.base_addr = base_addr
  self.isource = isource
end

Instance Attribute Details

#base_addrObject

Returns the value of attribute base_addr


11
12
13
# File 'lib/rex/elfparsey/elf.rb', line 11

def base_addr
  @base_addr
end

#elf_headerObject

Returns the value of attribute elf_header


11
12
13
# File 'lib/rex/elfparsey/elf.rb', line 11

def elf_header
  @elf_header
end

#isourceObject

Returns the value of attribute isource


11
12
13
# File 'lib/rex/elfparsey/elf.rb', line 11

def isource
  @isource
end

#program_headerObject

Returns the value of attribute program_header


11
12
13
# File 'lib/rex/elfparsey/elf.rb', line 11

def program_header
  @program_header
end

Class Method Details

.new_from_file(filename, disk_backed = false) ⇒ Object


49
50
51
52
53
54
55
56
57
58
59
60
61
# File 'lib/rex/elfparsey/elf.rb', line 49

def self.new_from_file(filename, disk_backed = false)

  file = ::File.new(filename)
  # file.binmode # windows... :\

  if disk_backed
    return self.new(ImageSource::Disk.new(file))
  else
    obj = new_from_string(file.read)
    file.close
    return obj
  end
end

.new_from_string(data) ⇒ Object


63
64
65
# File 'lib/rex/elfparsey/elf.rb', line 63

def self.new_from_string(data)
  return self.new(ImageSource::Memory.new(data))
end

Instance Method Details

#closeObject


115
116
117
# File 'lib/rex/elfparsey/elf.rb', line 115

def close
  isource.close
end

#index(*args) ⇒ Object


111
112
113
# File 'lib/rex/elfparsey/elf.rb', line 111

def index(*args)
  isource.index(*args)
end

#offset_to_rva(offset) ⇒ Object


95
96
97
# File 'lib/rex/elfparsey/elf.rb', line 95

def offset_to_rva(offset)
  base_addr + offset
end

#ptr_32?Boolean

Returns true if this binary is for a 32-bit architecture. This check does not take into account 16-bit binaries at the moment.

Returns:

  • (Boolean)

83
84
85
# File 'lib/rex/elfparsey/elf.rb', line 83

def ptr_32?
  ptr_64? == false
end

#ptr_64?Boolean

Returns true if this binary is for a 64-bit architecture.

Returns:

  • (Boolean)

70
71
72
73
74
75
76
77
# File 'lib/rex/elfparsey/elf.rb', line 70

def ptr_64?
  unless [ ELFCLASS32, ELFCLASS64 ].include?(
  elf_header.e_ident[EI_CLASS,1].unpack("C*")[0])
    raise ElfHeaderError, 'Invalid class', caller
  end

  elf_header.e_ident[EI_CLASS,1].unpack("C*")[0] == ELFCLASS64
end

#ptr_s(rva) ⇒ Object

Converts a virtual address to a string representation based on the underlying architecture.


91
92
93
# File 'lib/rex/elfparsey/elf.rb', line 91

def ptr_s(rva)
  (ptr_32?) ? ("0x%.8x" % rva) : ("0x%.16x" % rva)
end

#read(offset, len) ⇒ Object


103
104
105
# File 'lib/rex/elfparsey/elf.rb', line 103

def read(offset, len)
  isource.read(offset, len)
end

#read_rva(rva, len) ⇒ Object


107
108
109
# File 'lib/rex/elfparsey/elf.rb', line 107

def read_rva(rva, len)
  isource.read(rva_to_offset(rva), len)
end

#rva_to_offset(rva) ⇒ Object


99
100
101
# File 'lib/rex/elfparsey/elf.rb', line 99

def rva_to_offset(rva)
  rva - base_addr
end