ELF格式解析库之提取信息

看,宝藏就在那儿

在上一篇文章中,我们提到用按图索骥比喻库的初始化过程,那么现在有了地图,接下来的事情就是去寻找我们感兴趣的宝藏了。这个宝藏可能是一个ELF文件的程序文本段,也有可能是程序的某个不知名的代码段,这些都取决于你想要什么信息。我建议你去阅读ELF 的官方标准,那里边讲的比较清楚。

我这里只是实现了几个提取诸如:程序的大小端,能执行的CPU位数,程序的入口点,以及获得程序的所有节的编号和根据节的编号获取该节的详细信息。

提取信息:程序的大小端

   1:  long ELF_GetELFEnddian(SEF_ELFHEADER* pHandle)
   2:  {
   3:      long ret = 0;
   4:      SEF_ELFHEADER *handle = (SEF_ELFHEADER*)pHandle;
   5:      //// big_endding or litte_endding
   6:   
   7:      if(pHandle == NULL)
   8:      {
   9:          ret = -1;
  10:      }
  11:      else if(pHandle->nFlag_Data == 1)
  12:      {
  13:          ret = ELFDATA2LSB;
  14:      }
  15:      else if(pHandle->nFlag_Data == 2)
  16:      {
  17:          ret = ELFDATA2MSB;
  18:      }
  19:      else
  20:      {
  21:          ret = ELFDATANONE;
  22:      }
  23:      return ret;
  24:  }

可以看到输入之前初始化的elfheader二级数据管理句柄,返回这个elf文件的大小端信息。

提取信息:目标文件能执行的CPU位数

   1:  long ELF_GetELFMachine64(SEF_ELFHEADER_64 *pELF64Header, uint8_t *nMachine)
   2:  {
   3:      long ret=0;
   4:      *nMachine = 0;
   5:      //判断 CPU
   6:      if(pELF64Header == NULL)
   7:      {
   8:          ret = -1;
   9:      }
  10:      if(3 == pELF64Header->e_machine)
  11:      {
  12:          *nMachine = 1;
  13:          //printf("virtual program address:    %p\n",pELF64Header->e_entry);
  14:      }
  15:      else if(62 == pELF64Header->e_machine)
  16:      {
  17:          *nMachine = 2;
  18:      }
  19:      else
  20:      {
  21:          *nMachine = 3;
  22:      }
  23:      return ret;
  24:  }
  25:   
  26:  long ELF_GetELFMachine32(SEF_ELFHEADER_32 *pELF32Header, uint8_t *nMachine)
  27:  {
  28:      long ret=0;
  29:      *nMachine = 0;
  30:      if(pELF32Header == NULL)
  31:      {
  32:          ret = -1;
  33:      }
  34:      //判断 CPU
  35:      if(3 == pELF32Header->e_machine)
  36:      {
  37:          *nMachine = 1;
  38:          //printf("virtual program address:    %p\n",pELF32Header->e_entry);
  39:      }
  40:      else if(62 == pELF32Header->e_machine)
  41:      {
  42:          *nMachine = 2;
  43:      }
  44:      else
  45:      {
  46:          *nMachine = 3;
  47:      }
  48:      return ret;
  49:  }

这里展示 的两个函数分别对应着:32位和64位。

提取信息:目标程序的入口点

   1:  long ELF_GetEntry32(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
   2:  {
   3:      long ret=0;
   4:      uint64_t ProNum=0;
   5:      long nFlag = -1;
   6:      uint64_t i = 0;
   7:      uint64_t offset = 0;
   8:      if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
   9:      {
  10:          ret = -1;
  11:          goto ELF_ENTRY32;
  12:      }    
  13:      /*deal 32bits elf file*/
  14:      SEF_ELFHEADER_32 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_32);
  15:      ProNum = pElfHeader->e_phnum;
  16:      *RVA   =  pElfHeader->e_entry;
  17:      SEF_PROHEADER_32 *pSegTabFind=NULL;
  18:      SEF_PROHEADER_32 *pSegTabUse=NULL;    
  19:      uint64_t nItemNum = *RVA;
  20:      /*find the first load segment*/
  21:      for (i=0; i<ProNum; i++)
  22:      {
  23:          pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_32[i]);
  24:          if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))
  25:          {
  26:              nFlag = i;
  27:              pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_32[nFlag]);
  28:              break;
  29:          }
  30:      }
  31:      if (pSegTabUse != NULL)
  32:      {
  33:          offset = nItemNum - pSegTabUse->p_vaddr;
  34:          *RAW = pSegTabUse->p_offset + offset;
  35:      }
  36:      else
  37:      {
  38:          ret = -2;
  39:          goto ELF_ENTRY32;
  40:      }
  41:  ELF_ENTRY32:
  42:      return ret;
  43:  }
  44:   
  45:  long ELF_GetEntry64(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
  46:  {
  47:      long ret=0;
  48:      uint64_t ProNum=0;
  49:      long nFlag = -1;
  50:      uint64_t i = 0;
  51:      uint64_t offset = 0;    
  52:      /*deal 32bits elf file*/
  53:      if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
  54:      {
  55:          ret = -1;
  56:          goto ELF_ENTRY64;
  57:      }
  58:      SEF_ELFHEADER_64 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_64);
  59:      ProNum = pElfHeader->e_phnum;
  60:      *RVA   =  pElfHeader->e_entry;
  61:      
  62:      SEF_PROHEADER_64 *pSegTabFind=NULL;
  63:      SEF_PROHEADER_64 *pSegTabUse=NULL;    
  64:      uint64_t nItemNum = *RVA;
  65:      /*find the first load segment*/
  66:      for (i=0; i<ProNum; i++)
  67:      {
  68:      pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_64[i]);
  69:      if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))
  70:          {
  71:              nFlag = i;
  72:              pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_64[nFlag]);
  73:              break;
  74:          }
  75:      }
  76:      if (pSegTabUse != NULL)
  77:      {
  78:          offset = nItemNum - pSegTabUse->p_vaddr;
  79:          *RAW = pSegTabUse->p_offset + offset;
  80:      //    printf("RAW is %d\n",*RAW);
  81:      }
  82:      else
  83:      {
  84:          ret = -2;
  85:          goto ELF_ENTRY64;
  86:      }
  87:  ELF_ENTRY64:
  88:      return ret;
  89:  }

展示的函数依然是分别对应着:32位和64位。

提取信息:获得目标程序所有节的编号

   1:  long ELF_GetSecInfo32(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
   2:  {
   3:      long ret = 0;
   4:      uint16_t SecNum = 0;
   5:      uint8_t i=0;        //as temp circle num
   6:      SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
   7:      if(phandle->pS_SecHeader == NULL)
   8:      {
   9:          ret = -1;
  10:          goto getsecinfo_finish;        
  11:      }
  12:      SEF_ELFHEADER_32 *pElfHeader32=&(handle->pS_ElfHeader->S_ElfHeader_32);
  13:      SEF_SECHEADER_32 *pSecHead32=NULL;
  14:      
  15:      SecNum = pElfHeader32->e_shnum;
  16:   
  17:      if(nIndex < 0 || nIndex > SecNum)
  18:      {
  19:          printf("Your input number is illegal!!\n");
  20:          ret = -2;
  21:          goto getsecinfo_finish;        
  22:      }
  23:   
  24:      pSecHead32 = &(handle->pS_SecHeader->pS_SecHeader_32[nIndex]);
  25:   
  26:      ELF_GetSecName(handle,nIndex,pSecInfo);
  27:   
  28:      pSecInfo->nType = pSecHead32->sh_type;
  29:      pSecInfo->nAddr = pSecHead32->sh_addr;
  30:      pSecInfo->nflags = pSecHead32->sh_flags;
  31:      pSecInfo->nOffset = pSecHead32->sh_offset;
  32:      pSecInfo->nSize = pSecHead32->sh_size;
  33:      pSecInfo->nLink = pSecHead32->sh_link;
  34:      pSecInfo->nInfo = pSecHead32->sh_info;
  35:      pSecInfo->nAddralign = pSecHead32->sh_addralign;
  36:      pSecInfo->nEntsize = pSecHead32->sh_entsize;        
  37:      
  38:      //printf("nFlags is =====%p\n",pSecInfo->nflags);
  39:      //ELF_GetSecftInfo(pSecInfo);    
  40:  getsecinfo_finish:
  41:      return ret;
  42:  }
  43:   
  44:  long ELF_GetSecInfo64(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
  45:  {
  46:      long ret = 0;
  47:      uint16_t SecNum = 0;
  48:      uint8_t i=0;        //as temp circle num
  49:      SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
  50:      if(phandle->pS_SecHeader == NULL)
  51:      {
  52:          ret = -1;
  53:          goto getsecinfo_finish;        
  54:      }
  55:      SEF_ELFHEADER_64 *pElfHeader64=&(handle->pS_ElfHeader->S_ElfHeader_64);
  56:      SEF_SECHEADER_64 *pSecHead64=NULL;
  57:   
  58:      SecNum = pElfHeader64->e_shnum;
  59:   
  60:      if(nIndex < 0 || nIndex > SecNum)
  61:      {
  62:          printf("Your input number is illegal!!\n");
  63:          ret = -2;
  64:          goto getsecinfo_finish;        
  65:      }
  66:      printf("--------------------------------");
  67:      pSecHead64 = &(handle->pS_SecHeader->pS_SecHeader_64[nIndex]);
  68:          
  69:      ELF_GetSecName(handle,nIndex,pSecInfo);
  70:   
  71:      pSecInfo->nType = pSecHead64->sh_type;
  72:      pSecInfo->nAddr = pSecHead64->sh_addr;
  73:      pSecInfo->nflags = pSecHead64->sh_flags;
  74:      pSecInfo->nOffset = pSecHead64->sh_offset;
  75:      pSecInfo->nSize = pSecHead64->sh_size;
  76:      pSecInfo->nLink = pSecHead64->sh_link;
  77:      pSecInfo->nInfo = pSecHead64->sh_info;
  78:      pSecInfo->nAddralign = pSecHead64->sh_addralign;
  79:      pSecInfo->nEntsize = pSecHead64->sh_entsize;        
  80:   
  81:      //ELF_GetSecftInfo(pSecInfo);
  82:  getsecinfo_finish:
  83:      return ret;
  84:  }

实际上设计两个函数式为了保持目标文件的兼容性。

提取信息:根据节的编号获取该节的详细信息

   1:  long ELF_GetSecName(void *handle,int num,ELF_SECINFO *pElfInfo)
   2:  {
   3:      SEF_HEADSET * phandle = (SEF_HEADSET *)handle;
   4:      int ret = 0;
   5:      if((phandle==NULL) || (phandle->pS_ElfHeader == NULL) || (phandle->pS_SecHeader==NULL))
   6:      {
   7:          ret = -1;
   8:          goto GetOut;
   9:      }
  10:      
  11:      SEF_ELFHEADER * pElfHeaderTemp = phandle->pS_ElfHeader;
  12:      SEF_SECHEADER * pSecHeaderTemp = phandle->pS_SecHeader;
  13:      int Index = 0;
  14:      
  15:      //deal 32bits elf file
  16:      if(pElfHeaderTemp->nFlag_Bits == ELFCLASS32)
  17:      {
  18:          Index = pElfHeaderTemp->S_ElfHeader_32.e_shstrndx;    
  19:          
  20:          //shstrname is the start address of the section name string section
  21:          char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_32[Index].sh_offset;
  22:          pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_32[num].sh_name;
  23:   
  24:              
  25:      }
  26:      //deal 64bits elf file
  27:      if(pElfHeaderTemp->nFlag_Bits == ELFCLASS64)
  28:      {
  29:          Index = pElfHeaderTemp->S_ElfHeader_64.e_shstrndx;    
  30:          
  31:          //shstrname is the start address of the section name string section
  32:          char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_64[Index].sh_offset;
  33:          pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_64[num].sh_name;
  34:      }
  35:  GetOut:
  36:      return ret;
  37:  }

把整个源码文件也贴出来:

   1:  #include<stdio.h>
   2:  #include<string.h>
   3:  #include<stdlib.h>
   4:  #include"elf_GetElfInfo.h"
   5:  #include"elf_interface.h"
   6:  #include"../../include/adt.h"
   7:   
   8:  long ELF_GetELFEnddian(SEF_ELFHEADER* pHandle)
   9:  {
  10:      long ret = 0;
  11:      SEF_ELFHEADER *handle = (SEF_ELFHEADER*)pHandle;
  12:      //// big_endding or litte_endding
  13:   
  14:      if(pHandle == NULL)
  15:      {
  16:          ret = -1;
  17:      }
  18:      else if(pHandle->nFlag_Data == 1)
  19:      {
  20:          ret = ELFDATA2LSB;
  21:      }
  22:      else if(pHandle->nFlag_Data == 2)
  23:      {
  24:          ret = ELFDATA2MSB;
  25:      }
  26:      else
  27:      {
  28:          ret = ELFDATANONE;
  29:      }
  30:      return ret;
  31:  }
  32:   
  33:  long ELF_GetELFMachine64(SEF_ELFHEADER_64 *pELF64Header, uint8_t *nMachine)
  34:  {
  35:      long ret=0;
  36:      *nMachine = 0;
  37:      //判断 CPU
  38:      if(pELF64Header == NULL)
  39:      {
  40:          ret = -1;
  41:      }
  42:      if(3 == pELF64Header->e_machine)
  43:      {
  44:          *nMachine = 1;
  45:          //printf("virtual program address:    %p\n",pELF64Header->e_entry);
  46:      }
  47:      else if(62 == pELF64Header->e_machine)
  48:      {
  49:          *nMachine = 2;
  50:      }
  51:      else
  52:      {
  53:          *nMachine = 3;
  54:      }
  55:      return ret;
  56:  }
  57:   
  58:  long ELF_GetELFMachine32(SEF_ELFHEADER_32 *pELF32Header, uint8_t *nMachine)
  59:  {
  60:      long ret=0;
  61:      *nMachine = 0;
  62:      if(pELF32Header == NULL)
  63:      {
  64:          ret = -1;
  65:      }
  66:      //判断 CPU
  67:      if(3 == pELF32Header->e_machine)
  68:      {
  69:          *nMachine = 1;
  70:          //printf("virtual program address:    %p\n",pELF32Header->e_entry);
  71:      }
  72:      else if(62 == pELF32Header->e_machine)
  73:      {
  74:          *nMachine = 2;
  75:      }
  76:      else
  77:      {
  78:          *nMachine = 3;
  79:      }
  80:      return ret;
  81:  }
  82:   
  83:  long ELF_GetEntry32(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
  84:  {
  85:      long ret=0;
  86:      uint64_t ProNum=0;
  87:      long nFlag = -1;
  88:      uint64_t i = 0;
  89:      uint64_t offset = 0;
  90:      if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
  91:      {
  92:          ret = -1;
  93:          goto ELF_ENTRY32;
  94:      }    
  95:      /*deal 32bits elf file*/
  96:      SEF_ELFHEADER_32 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_32);
  97:      ProNum = pElfHeader->e_phnum;
  98:      *RVA   =  pElfHeader->e_entry;
  99:      SEF_PROHEADER_32 *pSegTabFind=NULL;
 100:      SEF_PROHEADER_32 *pSegTabUse=NULL;    
 101:      uint64_t nItemNum = *RVA;
 102:      /*find the first load segment*/
 103:      for (i=0; i<ProNum; i++)
 104:      {
 105:          pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_32[i]);
 106:          if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))
 107:          {
 108:              nFlag = i;
 109:              pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_32[nFlag]);
 110:              break;
 111:          }
 112:      }
 113:      if (pSegTabUse != NULL)
 114:      {
 115:          offset = nItemNum - pSegTabUse->p_vaddr;
 116:          *RAW = pSegTabUse->p_offset + offset;
 117:      }
 118:      else
 119:      {
 120:          ret = -2;
 121:          goto ELF_ENTRY32;
 122:      }
 123:  ELF_ENTRY32:
 124:      return ret;
 125:  }
 126:   
 127:  long ELF_GetEntry64(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
 128:  {
 129:      long ret=0;
 130:      uint64_t ProNum=0;
 131:      long nFlag = -1;
 132:      uint64_t i = 0;
 133:      uint64_t offset = 0;    
 134:      /*deal 32bits elf file*/
 135:      if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
 136:      {
 137:          ret = -1;
 138:          goto ELF_ENTRY64;
 139:      }
 140:      SEF_ELFHEADER_64 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_64);
 141:      ProNum = pElfHeader->e_phnum;
 142:      *RVA   =  pElfHeader->e_entry;
 143:      
 144:      SEF_PROHEADER_64 *pSegTabFind=NULL;
 145:      SEF_PROHEADER_64 *pSegTabUse=NULL;    
 146:      uint64_t nItemNum = *RVA;
 147:      /*find the first load segment*/
 148:      for (i=0; i<ProNum; i++)
 149:      {
 150:      pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_64[i]);
 151:      if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))
 152:          {
 153:              nFlag = i;
 154:              pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_64[nFlag]);
 155:              break;
 156:          }
 157:      }
 158:      if (pSegTabUse != NULL)
 159:      {
 160:          offset = nItemNum - pSegTabUse->p_vaddr;
 161:          *RAW = pSegTabUse->p_offset + offset;
 162:      //    printf("RAW is %d\n",*RAW);
 163:      }
 164:      else
 165:      {
 166:          ret = -2;
 167:          goto ELF_ENTRY64;
 168:      }
 169:  ELF_ENTRY64:
 170:      return ret;
 171:  }
 172:   
 173:  long ELF_GetSecInfo32(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
 174:  {
 175:      long ret = 0;
 176:      uint16_t SecNum = 0;
 177:      uint8_t i=0;        //as temp circle num
 178:      SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
 179:      if(phandle->pS_SecHeader == NULL)
 180:      {
 181:          ret = -1;
 182:          goto getsecinfo_finish;        
 183:      }
 184:      SEF_ELFHEADER_32 *pElfHeader32=&(handle->pS_ElfHeader->S_ElfHeader_32);
 185:      SEF_SECHEADER_32 *pSecHead32=NULL;
 186:      
 187:      SecNum = pElfHeader32->e_shnum;
 188:   
 189:      if(nIndex < 0 || nIndex > SecNum)
 190:      {
 191:          printf("Your input number is illegal!!\n");
 192:          ret = -2;
 193:          goto getsecinfo_finish;        
 194:      }
 195:   
 196:      pSecHead32 = &(handle->pS_SecHeader->pS_SecHeader_32[nIndex]);
 197:   
 198:      ELF_GetSecName(handle,nIndex,pSecInfo);
 199:   
 200:      pSecInfo->nType = pSecHead32->sh_type;
 201:      pSecInfo->nAddr = pSecHead32->sh_addr;
 202:      pSecInfo->nflags = pSecHead32->sh_flags;
 203:      pSecInfo->nOffset = pSecHead32->sh_offset;
 204:      pSecInfo->nSize = pSecHead32->sh_size;
 205:      pSecInfo->nLink = pSecHead32->sh_link;
 206:      pSecInfo->nInfo = pSecHead32->sh_info;
 207:      pSecInfo->nAddralign = pSecHead32->sh_addralign;
 208:      pSecInfo->nEntsize = pSecHead32->sh_entsize;        
 209:      
 210:      //printf("nFlags is =====%p\n",pSecInfo->nflags);
 211:      //ELF_GetSecftInfo(pSecInfo);    
 212:  getsecinfo_finish:
 213:      return ret;
 214:  }
 215:   
 216:  long ELF_GetSecInfo64(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
 217:  {
 218:      long ret = 0;
 219:      uint16_t SecNum = 0;
 220:      uint8_t i=0;        //as temp circle num
 221:      SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
 222:      if(phandle->pS_SecHeader == NULL)
 223:      {
 224:          ret = -1;
 225:          goto getsecinfo_finish;        
 226:      }
 227:      SEF_ELFHEADER_64 *pElfHeader64=&(handle->pS_ElfHeader->S_ElfHeader_64);
 228:      SEF_SECHEADER_64 *pSecHead64=NULL;
 229:   
 230:      SecNum = pElfHeader64->e_shnum;
 231:   
 232:      if(nIndex < 0 || nIndex > SecNum)
 233:      {
 234:          printf("Your input number is illegal!!\n");
 235:          ret = -2;
 236:          goto getsecinfo_finish;        
 237:      }
 238:      printf("--------------------------------");
 239:      pSecHead64 = &(handle->pS_SecHeader->pS_SecHeader_64[nIndex]);
 240:          
 241:      ELF_GetSecName(handle,nIndex,pSecInfo);
 242:   
 243:      pSecInfo->nType = pSecHead64->sh_type;
 244:      pSecInfo->nAddr = pSecHead64->sh_addr;
 245:      pSecInfo->nflags = pSecHead64->sh_flags;
 246:      pSecInfo->nOffset = pSecHead64->sh_offset;
 247:      pSecInfo->nSize = pSecHead64->sh_size;
 248:      pSecInfo->nLink = pSecHead64->sh_link;
 249:      pSecInfo->nInfo = pSecHead64->sh_info;
 250:      pSecInfo->nAddralign = pSecHead64->sh_addralign;
 251:      pSecInfo->nEntsize = pSecHead64->sh_entsize;        
 252:   
 253:      //ELF_GetSecftInfo(pSecInfo);
 254:  getsecinfo_finish:
 255:      return ret;
 256:  }
 257:   
 258:  long ELF_GetSecName(void *handle,int num,ELF_SECINFO *pElfInfo)
 259:  {
 260:      SEF_HEADSET * phandle = (SEF_HEADSET *)handle;
 261:      int ret = 0;
 262:      if((phandle==NULL) || (phandle->pS_ElfHeader == NULL) || (phandle->pS_SecHeader==NULL))
 263:      {
 264:          ret = -1;
 265:          goto GetOut;
 266:      }
 267:      
 268:      SEF_ELFHEADER * pElfHeaderTemp = phandle->pS_ElfHeader;
 269:      SEF_SECHEADER * pSecHeaderTemp = phandle->pS_SecHeader;
 270:      int Index = 0;
 271:      
 272:      //deal 32bits elf file
 273:      if(pElfHeaderTemp->nFlag_Bits == ELFCLASS32)
 274:      {
 275:          Index = pElfHeaderTemp->S_ElfHeader_32.e_shstrndx;    
 276:          
 277:          //shstrname is the start address of the section name string section
 278:          char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_32[Index].sh_offset;
 279:          pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_32[num].sh_name;
 280:   
 281:              
 282:      }
 283:      //deal 64bits elf file
 284:      if(pElfHeaderTemp->nFlag_Bits == ELFCLASS64)
 285:      {
 286:          Index = pElfHeaderTemp->S_ElfHeader_64.e_shstrndx;    
 287:          
 288:          //shstrname is the start address of the section name string section
 289:          char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_64[Index].sh_offset;
 290:          pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_64[num].sh_name;
 291:      }
 292:  GetOut:
 293:      return ret;
 294:  }
 

最后给出.h头文件:

   1:  #include"../../include/elf_type.h"
   2:  #include "elf_interface.h"
   3:  #include"../../include/adt.h"
   4:   
   5:  #define ELF_FLAG_WRITE 0X1
   6:  #define ELF_FLAG_ALLOC 0X2
   7:  #define ELF_FLAG_EXECINSTR 0X4
   8:  #define ELF_FLAG_MERGE 0X10
   9:  #define ELF_FLAG_STRINGS 0X20
  10:  #define ELF_FLAG_LINK 0X40
  11:  #define ELF_FLAG_ORDER 0X80
  12:  #define ELF_FLAG_NONCONFORMING 0X100
  13:  #define ELF_FLAG_CROUP 0X200
  14:  #define ELF_FLAG_MASKOS 0X0ff00000
  15:  #define ELF_FLAG_MASKPROC 0Xf0000000
  16:   
  17:   
  18:  ///////////////////////////////////Get ELF‘s Enddian ///////////////////////////////////////////
  19:  /*
  20:    function : get ELF‘s enddian 
  21:    input    : [in point] pHandle is Call InitElf will return handle
  22:    result   : ret ;
  23:              -1 input point is NULL
  24:               0 ELFDATANONE  can‘t decide  which enddian
  25:               1 ELFDATA2LSB  little enddian
  26:               2 ELFDATA2MSB  big enddian
  27:   */
  28:  long ELF_GetELFEnddian(SEF_ELFHEADER *pHandle);
  29:   
  30:   
  31:   
  32:   
  33:  //////////////////////////////////////Get ELF‘s Machine/////////////////////////////////////////
  34:  /*
  35:      funtinon: decide ELF‘s Machine when class is 64_class
  36:      input:  
  37:      result:  0 success
  38:              -5 can not decide which Machine it is 
  39:      readme: nEndding:   1 liteld+ending ; 2 big-edding
  40:              nMachine:   1 Intel 0x386 CPU ,2 AMD 64 CPU
  41:              nELFType:   1 ET_REL ; 2 ET_EXEC ; 3 ET_DYN ; 0 it‘s not ELF type
  42:  */
  43:  long ELF_GetELFMachine64(SEF_ELFHEADER_64 *pELF64Header, uint8_t *nMachine);
  44:   
  45:  /*
  46:      funtinon: decide ELF‘s Machine when class is 32_class
  47:      input:  
  48:      result:  0 success
  49:      -5 can not decide which Machine it is 
  50:      readme: nEndding:   1 little_endding ; 2 big_endding
  51:              nMachine:   1 Intel 0x386 CPU , 2 AMD 64 CPU
  52:              nELFType:   1 ET_REL ; 2 ET_EXEC ;3 ET_DYN ; 0 it‘s not ELF type
  53:  */
  54:  long ELF_GetELFMachine32(SEF_ELFHEADER_32 *pELF32Header, uint8_t *nMachine);
  55:   
  56:  /////////////////////////////////////Get ELF‘s  Entry////////////////////////////////////////////
  57:  /*
  58:    function: Get know Program exev begin point ‘s virtual Address --- RVA and Physics Offset---RAW
  59:    input:    [int point] Common struct include pS_ElfHeader Struct and Program Struct
  60:                [int/out point] RAW
  61:    result:   ret = 0;    success
  62:              ret = -1;    input point is NULL
  63:              ret = -2    can‘t find which program table has the first command
  64:    readme:
  65:  */
  66:  long ELF_GetEntry32(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA);
  67:   
  68:  /*
  69:    function: Get know Program exev begin point ‘s virtual Address --- RVA and Physics Offset---RAW
  70:    input:    [int point] Common struct include pS_ElfHeader Struct and Program Struct
  71:                [int/out point] RAW
  72:    result:   ret = 0;    success
  73:              ret = -1;    input point is NULL
  74:              ret = -2    can‘t find which program table has the first command
  75:    readme:
  76:  */
  77:  long ELF_GetEntry64(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA);
  78:   
  79:  long ELF_GetSecInfo32(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo);
  80:   
  81:  long ELF_GetSecInfo64(SEF_HEADSET*phandle,uint32_t nIndex,ELF_SECINFO *pElfSecInfo);
  82:   
  83:   
  84:  /*
  85:   *function :        Get know Program exec begin point‘s virtual Address ---RVA and Physics Offset---RAW 
  86:   *input    ;        [int point] pHandle is CAll InitELF will return handle  ,pAddressHandle from InitAddressELF 
  87:                      [in/out point] RAW and RVA   
  88:   *result   ;        ret==0;        success
  89:                      ret==-1;    input point is illegal 
  90:                      ret==-2;    can‘t find which Program table has the first command 
  91:  `readme       :
  92:   * 
  93:   * */
  94:  //long ELF_GetEntry(void *handle, uint64_t *RAW, uint64_t *RVA);
  95:   
  96:  //////////////////////////////////////Get ELF‘s ALL Information////////////////////////////////////////
  97:  /* 
  98:      funtinon: Get ELF bit, machine, bigendding  
  99:      input:  [in point]     pHandle is Call InitELF will return handle 
 100:              [in/out poing] ELFInfo struct point, recfrese Buf.h
 101:      result:  0 success
 102:              -1 input point is null
 103:              -2 length is too short or it‘s firt four bits don‘t fit ELF style so it‘s not ELF style
 104:  
 105:      readme: InitElF , handle Call InitELF()
 106:              output    bIsElfStyle TURE elf文件 ;FALSE 非elf文件
 107:                      nEndding:   1 little_endding ; 2 big_endding ;3 can‘t decide which enddian
 108:                      nClass  :   1 32_class ; 2 64_class ;3 can‘t decide which class
 109:                      nMachine:   1  Intel 0x386 CPU ;2 AMD 64 CPU;3 can‘t decide which class
 110:  */
 111:  //long ELF_GetElfHeaderInfo(void *pHandle,ELF_HEADERINFO *pElfInfo);
 112:   
 113:   
 114:
 115:  long ELF_GetSecName(void *handle,int num,ELF_SECINFO *pSecInfo);
 116:   

ELF格式解析库之提取信息

时间: 2024-11-10 00:19:47

ELF格式解析库之提取信息的相关文章

ELF格式解析库之初始化

寻宝要先设计路线图 对一个ELF文件来说,它里边装个一个程序的所有信息.我们想要拿的程序信息就在这个ELF文件的某个地址处.可是我们根本就不知道这个具体的地址是哪个,怎么办?举个较形象的例子来描述我们将要的做的事情.峨眉山的山道上放着一大箱金子,我们想搞到这箱黄金.所以在动手之前,我们应该先搞清楚这箱黄金具体位置在哪条山路上,然后设计出几条可行的路线图,接着才是沿着先前设计好的路线去找宝藏.只不过,在这里我们要找的黄金变成了程序某个部分的信息,而那座峨眉山则变成了一个ELF文件. 所以,寻宝要先

ELF格式解析库之基本数据类型

ELF格式简介 ELF是现代linux/unix流行的程序可执行链接格式,它有官方定义文档,具体的资料在Tool Interface Standard Executable and Linking Format Specification version 1.2 有其对应的详细描述.我在这里不会讲述关于这个格式详细描述,如果我叙述的有什么不对的地方,欢迎指正出来.当然一切都以官方的参考文档为标准,建议您在阅读本文的时候,手边最好有一份官方定义文档参考. ELF由三个头表描述:ELF header

ELF格式解析库之抽象数据类型

抽象?抽谁的象? ELF是一种链接执行格式,它规定了对于一个ELF文件的基本数据类型是什么样的.可是,要解析一个ELF文件,而这个ELF文件或者是32Bits 或者是 64Bits,反正字长是未定的,怎么办?难道我们要定义两套解析的接口,以对应不同的字长的ELF文件吗?如果要这样做,不是不可以,只是那样做为接口的设计增加了太大的负担.这里我们采用"抽象"的方式,将已有的两套基础数据结构封装成一个兼容的数据结构.这样,我们设计解析接口时,可以做到尽量的简化,大大的减轻了工作量. 因此,这

检查打开的文件是不是ELF格式的文件,提取“特别”的节中的信息

//检查打开的文件是不是ELF格式的文件 //检验ELF头 //获得节头表的地址 //遍历节头表,依次查看一个节的属性,从节头字符串表中找到其名称,如果名称和"特别"的section名匹配,则找到此节的地址 //提取"特别"的节中的信息 //显示上面提取的信息 #include<stdio.h> #include<elf.h> #include<stdlib.h> #include<string.h> int main

ELF格式文件符号表全解析及readelf命令使用方法

http://blog.csdn.net/edonlii/article/details/8779075 1. 读取ELF文件头: $ readelf -h signELF Header:  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00  Class:                                                  ELF64  Data:                            

Linux下的ELF可执行文件的格式解析 (转)

LInux命令只是和Kernel一起被编译进操作系统的存在于FS的ELF格式二进制文件,或者权限足够的脚本,或者一个软链 ELF(Executable and Linking Format)是一种对象文件的格式,用于定义不同类型的对象文件(Object files)中都放了什么东西.以及都以什么样的格式去放这些东西.它自最早在 System V 系统上出现后,被 xNIX 世界所广泛接受,作为缺省的二进制文件格式来使用.可以说,ELF是构成众多xNIX系统的基础之一,所以作为嵌入式Linux系统

第一个lucene程序,把一个信息写入到索引库中、根据关键词把对象从索引库中提取出来、lucene读写过程分析

新建一个Java Project :LunceneTest 准备lucene的jar包,要加入的jar包至少有: 1)lucene-core-3.1.0.jar     (核心包) 2) lucene-analyzers-3.1.0.jar    (分词器) 3) lucene-highlighter-3.1.0.jar    (高亮器) 4) lucene-memory-3.1.0.jar       (高亮器) 新建实体类:Article, 属性:id,title,content; gett

数据的查找和提取[2]——xpath解析库的使用

xpath解析库的使用 在上一节,我们介绍了正则表达式的使用,但是当我们提取数据的限制条件增多的时候,正则表达式会变的十分的复杂,出一丁点错就提取不出来东西了.但python已经为我们提供了许多用于解析数据的库,接下来几篇博客就给大家简单介绍一下xpath.beautiful soup以及pyquery的使用.今天首先进入xpath的学习. 1.1实例 在引入实例之前,我们先编写一个html,如下所示: <div><url><li class="item-0&quo

用python库openpyxl操作excel,从源excel表中提取信息复制到目标excel表中

现代生活中,我们很难不与excel表打交道,excel表有着易学易用的优点,只是当表中数据量很大,我们又需要从其他表册中复制粘贴一些数据(比如身份证号)的时候,我们会越来越倦怠,毕竟我们不是机器,没法长时间做某种重复性的枯燥操作.想象这样一个场景,我们有个几千行的表要填,需要根据姓名输入其对应的身份证号,但之前我们已经做过一个类似的表,同样的一些人的姓名跟身份证号是完整的,那么我们就需要通过一个个查找姓名,然后把身份证号码复制到我们当前要做的表里去. 当我日复一日重复着这些操作的时候,我都很想有