看,宝藏就在那儿
在上一篇文章中,我们提到用按图索骥比喻库的初始化过程,那么现在有了地图,接下来的事情就是去寻找我们感兴趣的宝藏了。这个宝藏可能是一个ELF文件的程序文本段,也有可能是程序的某个不知名的代码段,这些都取决于你想要什么信息。我建议你去阅读ELF 的官方标准,那里边讲的比较清楚。
我这里只是实现了几个提取诸如:程序的大小端,能执行的CPU位数,程序的入口点,以及获得程序的所有节的编号和根据节的编号获取该节的详细信息。
提取信息:程序的大小端
1: long ELF_GetELFEnddian(SEF_ELFHEADER* pHandle)
2: {
3: long ret = 0;
4: SEF_ELFHEADER *handle = (SEF_ELFHEADER*)pHandle;
5: //// big_endding or litte_endding
6:
7: if(pHandle == NULL)
8: {
9: ret = -1;
10: }
11: else if(pHandle->nFlag_Data == 1)
12: {
13: ret = ELFDATA2LSB;
14: }
15: else if(pHandle->nFlag_Data == 2)
16: {
17: ret = ELFDATA2MSB;
18: }
19: else
20: {
21: ret = ELFDATANONE;
22: }
23: return ret;
24: }
可以看到输入之前初始化的elfheader二级数据管理句柄,返回这个elf文件的大小端信息。
提取信息:目标文件能执行的CPU位数
1: long ELF_GetELFMachine64(SEF_ELFHEADER_64 *pELF64Header, uint8_t *nMachine)
2: {
3: long ret=0;
4: *nMachine = 0;
5: //判断 CPU
6: if(pELF64Header == NULL)
7: {
8: ret = -1;
9: }
10: if(3 == pELF64Header->e_machine)
11: {
12: *nMachine = 1;
13: //printf("virtual program address: %p\n",pELF64Header->e_entry);
14: }
15: else if(62 == pELF64Header->e_machine)
16: {
17: *nMachine = 2;
18: }
19: else
20: {
21: *nMachine = 3;
22: }
23: return ret;
24: }
25:
26: long ELF_GetELFMachine32(SEF_ELFHEADER_32 *pELF32Header, uint8_t *nMachine)
27: {
28: long ret=0;
29: *nMachine = 0;
30: if(pELF32Header == NULL)
31: {
32: ret = -1;
33: }
34: //判断 CPU
35: if(3 == pELF32Header->e_machine)
36: {
37: *nMachine = 1;
38: //printf("virtual program address: %p\n",pELF32Header->e_entry);
39: }
40: else if(62 == pELF32Header->e_machine)
41: {
42: *nMachine = 2;
43: }
44: else
45: {
46: *nMachine = 3;
47: }
48: return ret;
49: }
这里展示 的两个函数分别对应着:32位和64位。
提取信息:目标程序的入口点
1: long ELF_GetEntry32(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
2: {
3: long ret=0;
4: uint64_t ProNum=0;
5: long nFlag = -1;
6: uint64_t i = 0;
7: uint64_t offset = 0;
8: if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
9: {
10: ret = -1;
11: goto ELF_ENTRY32;
12: }
13: /*deal 32bits elf file*/
14: SEF_ELFHEADER_32 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_32);
15: ProNum = pElfHeader->e_phnum;
16: *RVA = pElfHeader->e_entry;
17: SEF_PROHEADER_32 *pSegTabFind=NULL;
18: SEF_PROHEADER_32 *pSegTabUse=NULL;
19: uint64_t nItemNum = *RVA;
20: /*find the first load segment*/
21: for (i=0; i<ProNum; i++)
22: {
23: pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_32[i]);
24: if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))
25: {
26: nFlag = i;
27: pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_32[nFlag]);
28: break;
29: }
30: }
31: if (pSegTabUse != NULL)
32: {
33: offset = nItemNum - pSegTabUse->p_vaddr;
34: *RAW = pSegTabUse->p_offset + offset;
35: }
36: else
37: {
38: ret = -2;
39: goto ELF_ENTRY32;
40: }
41: ELF_ENTRY32:
42: return ret;
43: }
44:
45: long ELF_GetEntry64(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
46: {
47: long ret=0;
48: uint64_t ProNum=0;
49: long nFlag = -1;
50: uint64_t i = 0;
51: uint64_t offset = 0;
52: /*deal 32bits elf file*/
53: if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
54: {
55: ret = -1;
56: goto ELF_ENTRY64;
57: }
58: SEF_ELFHEADER_64 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_64);
59: ProNum = pElfHeader->e_phnum;
60: *RVA = pElfHeader->e_entry;
61:
62: SEF_PROHEADER_64 *pSegTabFind=NULL;
63: SEF_PROHEADER_64 *pSegTabUse=NULL;
64: uint64_t nItemNum = *RVA;
65: /*find the first load segment*/
66: for (i=0; i<ProNum; i++)
67: {
68: pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_64[i]);
69: if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))
70: {
71: nFlag = i;
72: pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_64[nFlag]);
73: break;
74: }
75: }
76: if (pSegTabUse != NULL)
77: {
78: offset = nItemNum - pSegTabUse->p_vaddr;
79: *RAW = pSegTabUse->p_offset + offset;
80: // printf("RAW is %d\n",*RAW);
81: }
82: else
83: {
84: ret = -2;
85: goto ELF_ENTRY64;
86: }
87: ELF_ENTRY64:
88: return ret;
89: }
展示的函数依然是分别对应着:32位和64位。
提取信息:获得目标程序所有节的编号
1: long ELF_GetSecInfo32(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
2: {
3: long ret = 0;
4: uint16_t SecNum = 0;
5: uint8_t i=0; //as temp circle num
6: SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
7: if(phandle->pS_SecHeader == NULL)
8: {
9: ret = -1;
10: goto getsecinfo_finish;
11: }
12: SEF_ELFHEADER_32 *pElfHeader32=&(handle->pS_ElfHeader->S_ElfHeader_32);
13: SEF_SECHEADER_32 *pSecHead32=NULL;
14:
15: SecNum = pElfHeader32->e_shnum;
16:
17: if(nIndex < 0 || nIndex > SecNum)
18: {
19: printf("Your input number is illegal!!\n");
20: ret = -2;
21: goto getsecinfo_finish;
22: }
23:
24: pSecHead32 = &(handle->pS_SecHeader->pS_SecHeader_32[nIndex]);
25:
26: ELF_GetSecName(handle,nIndex,pSecInfo);
27:
28: pSecInfo->nType = pSecHead32->sh_type;
29: pSecInfo->nAddr = pSecHead32->sh_addr;
30: pSecInfo->nflags = pSecHead32->sh_flags;
31: pSecInfo->nOffset = pSecHead32->sh_offset;
32: pSecInfo->nSize = pSecHead32->sh_size;
33: pSecInfo->nLink = pSecHead32->sh_link;
34: pSecInfo->nInfo = pSecHead32->sh_info;
35: pSecInfo->nAddralign = pSecHead32->sh_addralign;
36: pSecInfo->nEntsize = pSecHead32->sh_entsize;
37:
38: //printf("nFlags is =====%p\n",pSecInfo->nflags);
39: //ELF_GetSecftInfo(pSecInfo);
40: getsecinfo_finish:
41: return ret;
42: }
43:
44: long ELF_GetSecInfo64(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
45: {
46: long ret = 0;
47: uint16_t SecNum = 0;
48: uint8_t i=0; //as temp circle num
49: SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
50: if(phandle->pS_SecHeader == NULL)
51: {
52: ret = -1;
53: goto getsecinfo_finish;
54: }
55: SEF_ELFHEADER_64 *pElfHeader64=&(handle->pS_ElfHeader->S_ElfHeader_64);
56: SEF_SECHEADER_64 *pSecHead64=NULL;
57:
58: SecNum = pElfHeader64->e_shnum;
59:
60: if(nIndex < 0 || nIndex > SecNum)
61: {
62: printf("Your input number is illegal!!\n");
63: ret = -2;
64: goto getsecinfo_finish;
65: }
66: printf("--------------------------------");
67: pSecHead64 = &(handle->pS_SecHeader->pS_SecHeader_64[nIndex]);
68:
69: ELF_GetSecName(handle,nIndex,pSecInfo);
70:
71: pSecInfo->nType = pSecHead64->sh_type;
72: pSecInfo->nAddr = pSecHead64->sh_addr;
73: pSecInfo->nflags = pSecHead64->sh_flags;
74: pSecInfo->nOffset = pSecHead64->sh_offset;
75: pSecInfo->nSize = pSecHead64->sh_size;
76: pSecInfo->nLink = pSecHead64->sh_link;
77: pSecInfo->nInfo = pSecHead64->sh_info;
78: pSecInfo->nAddralign = pSecHead64->sh_addralign;
79: pSecInfo->nEntsize = pSecHead64->sh_entsize;
80:
81: //ELF_GetSecftInfo(pSecInfo);
82: getsecinfo_finish:
83: return ret;
84: }
实际上设计两个函数式为了保持目标文件的兼容性。
提取信息:根据节的编号获取该节的详细信息
1: long ELF_GetSecName(void *handle,int num,ELF_SECINFO *pElfInfo)
2: {
3: SEF_HEADSET * phandle = (SEF_HEADSET *)handle;
4: int ret = 0;
5: if((phandle==NULL) || (phandle->pS_ElfHeader == NULL) || (phandle->pS_SecHeader==NULL))
6: {
7: ret = -1;
8: goto GetOut;
9: }
10:
11: SEF_ELFHEADER * pElfHeaderTemp = phandle->pS_ElfHeader;
12: SEF_SECHEADER * pSecHeaderTemp = phandle->pS_SecHeader;
13: int Index = 0;
14:
15: //deal 32bits elf file
16: if(pElfHeaderTemp->nFlag_Bits == ELFCLASS32)
17: {
18: Index = pElfHeaderTemp->S_ElfHeader_32.e_shstrndx;
19:
20: //shstrname is the start address of the section name string section
21: char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_32[Index].sh_offset;
22: pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_32[num].sh_name;
23:
24:
25: }
26: //deal 64bits elf file
27: if(pElfHeaderTemp->nFlag_Bits == ELFCLASS64)
28: {
29: Index = pElfHeaderTemp->S_ElfHeader_64.e_shstrndx;
30:
31: //shstrname is the start address of the section name string section
32: char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_64[Index].sh_offset;
33: pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_64[num].sh_name;
34: }
35: GetOut:
36: return ret;
37: }
把整个源码文件也贴出来:
1: #include<stdio.h>
2: #include<string.h>
3: #include<stdlib.h>
4: #include"elf_GetElfInfo.h"
5: #include"elf_interface.h"
6: #include"../../include/adt.h"
7:
8: long ELF_GetELFEnddian(SEF_ELFHEADER* pHandle)
9: {
10: long ret = 0;
11: SEF_ELFHEADER *handle = (SEF_ELFHEADER*)pHandle;
12: //// big_endding or litte_endding
13:
14: if(pHandle == NULL)
15: {
16: ret = -1;
17: }
18: else if(pHandle->nFlag_Data == 1)
19: {
20: ret = ELFDATA2LSB;
21: }
22: else if(pHandle->nFlag_Data == 2)
23: {
24: ret = ELFDATA2MSB;
25: }
26: else
27: {
28: ret = ELFDATANONE;
29: }
30: return ret;
31: }
32:
33: long ELF_GetELFMachine64(SEF_ELFHEADER_64 *pELF64Header, uint8_t *nMachine)
34: {
35: long ret=0;
36: *nMachine = 0;
37: //判断 CPU
38: if(pELF64Header == NULL)
39: {
40: ret = -1;
41: }
42: if(3 == pELF64Header->e_machine)
43: {
44: *nMachine = 1;
45: //printf("virtual program address: %p\n",pELF64Header->e_entry);
46: }
47: else if(62 == pELF64Header->e_machine)
48: {
49: *nMachine = 2;
50: }
51: else
52: {
53: *nMachine = 3;
54: }
55: return ret;
56: }
57:
58: long ELF_GetELFMachine32(SEF_ELFHEADER_32 *pELF32Header, uint8_t *nMachine)
59: {
60: long ret=0;
61: *nMachine = 0;
62: if(pELF32Header == NULL)
63: {
64: ret = -1;
65: }
66: //判断 CPU
67: if(3 == pELF32Header->e_machine)
68: {
69: *nMachine = 1;
70: //printf("virtual program address: %p\n",pELF32Header->e_entry);
71: }
72: else if(62 == pELF32Header->e_machine)
73: {
74: *nMachine = 2;
75: }
76: else
77: {
78: *nMachine = 3;
79: }
80: return ret;
81: }
82:
83: long ELF_GetEntry32(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
84: {
85: long ret=0;
86: uint64_t ProNum=0;
87: long nFlag = -1;
88: uint64_t i = 0;
89: uint64_t offset = 0;
90: if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
91: {
92: ret = -1;
93: goto ELF_ENTRY32;
94: }
95: /*deal 32bits elf file*/
96: SEF_ELFHEADER_32 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_32);
97: ProNum = pElfHeader->e_phnum;
98: *RVA = pElfHeader->e_entry;
99: SEF_PROHEADER_32 *pSegTabFind=NULL;
100: SEF_PROHEADER_32 *pSegTabUse=NULL;
101: uint64_t nItemNum = *RVA;
102: /*find the first load segment*/
103: for (i=0; i<ProNum; i++)
104: {
105: pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_32[i]);
106: if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))
107: {
108: nFlag = i;
109: pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_32[nFlag]);
110: break;
111: }
112: }
113: if (pSegTabUse != NULL)
114: {
115: offset = nItemNum - pSegTabUse->p_vaddr;
116: *RAW = pSegTabUse->p_offset + offset;
117: }
118: else
119: {
120: ret = -2;
121: goto ELF_ENTRY32;
122: }
123: ELF_ENTRY32:
124: return ret;
125: }
126:
127: long ELF_GetEntry64(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
128: {
129: long ret=0;
130: uint64_t ProNum=0;
131: long nFlag = -1;
132: uint64_t i = 0;
133: uint64_t offset = 0;
134: /*deal 32bits elf file*/
135: if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
136: {
137: ret = -1;
138: goto ELF_ENTRY64;
139: }
140: SEF_ELFHEADER_64 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_64);
141: ProNum = pElfHeader->e_phnum;
142: *RVA = pElfHeader->e_entry;
143:
144: SEF_PROHEADER_64 *pSegTabFind=NULL;
145: SEF_PROHEADER_64 *pSegTabUse=NULL;
146: uint64_t nItemNum = *RVA;
147: /*find the first load segment*/
148: for (i=0; i<ProNum; i++)
149: {
150: pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_64[i]);
151: if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))
152: {
153: nFlag = i;
154: pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_64[nFlag]);
155: break;
156: }
157: }
158: if (pSegTabUse != NULL)
159: {
160: offset = nItemNum - pSegTabUse->p_vaddr;
161: *RAW = pSegTabUse->p_offset + offset;
162: // printf("RAW is %d\n",*RAW);
163: }
164: else
165: {
166: ret = -2;
167: goto ELF_ENTRY64;
168: }
169: ELF_ENTRY64:
170: return ret;
171: }
172:
173: long ELF_GetSecInfo32(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
174: {
175: long ret = 0;
176: uint16_t SecNum = 0;
177: uint8_t i=0; //as temp circle num
178: SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
179: if(phandle->pS_SecHeader == NULL)
180: {
181: ret = -1;
182: goto getsecinfo_finish;
183: }
184: SEF_ELFHEADER_32 *pElfHeader32=&(handle->pS_ElfHeader->S_ElfHeader_32);
185: SEF_SECHEADER_32 *pSecHead32=NULL;
186:
187: SecNum = pElfHeader32->e_shnum;
188:
189: if(nIndex < 0 || nIndex > SecNum)
190: {
191: printf("Your input number is illegal!!\n");
192: ret = -2;
193: goto getsecinfo_finish;
194: }
195:
196: pSecHead32 = &(handle->pS_SecHeader->pS_SecHeader_32[nIndex]);
197:
198: ELF_GetSecName(handle,nIndex,pSecInfo);
199:
200: pSecInfo->nType = pSecHead32->sh_type;
201: pSecInfo->nAddr = pSecHead32->sh_addr;
202: pSecInfo->nflags = pSecHead32->sh_flags;
203: pSecInfo->nOffset = pSecHead32->sh_offset;
204: pSecInfo->nSize = pSecHead32->sh_size;
205: pSecInfo->nLink = pSecHead32->sh_link;
206: pSecInfo->nInfo = pSecHead32->sh_info;
207: pSecInfo->nAddralign = pSecHead32->sh_addralign;
208: pSecInfo->nEntsize = pSecHead32->sh_entsize;
209:
210: //printf("nFlags is =====%p\n",pSecInfo->nflags);
211: //ELF_GetSecftInfo(pSecInfo);
212: getsecinfo_finish:
213: return ret;
214: }
215:
216: long ELF_GetSecInfo64(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
217: {
218: long ret = 0;
219: uint16_t SecNum = 0;
220: uint8_t i=0; //as temp circle num
221: SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
222: if(phandle->pS_SecHeader == NULL)
223: {
224: ret = -1;
225: goto getsecinfo_finish;
226: }
227: SEF_ELFHEADER_64 *pElfHeader64=&(handle->pS_ElfHeader->S_ElfHeader_64);
228: SEF_SECHEADER_64 *pSecHead64=NULL;
229:
230: SecNum = pElfHeader64->e_shnum;
231:
232: if(nIndex < 0 || nIndex > SecNum)
233: {
234: printf("Your input number is illegal!!\n");
235: ret = -2;
236: goto getsecinfo_finish;
237: }
238: printf("--------------------------------");
239: pSecHead64 = &(handle->pS_SecHeader->pS_SecHeader_64[nIndex]);
240:
241: ELF_GetSecName(handle,nIndex,pSecInfo);
242:
243: pSecInfo->nType = pSecHead64->sh_type;
244: pSecInfo->nAddr = pSecHead64->sh_addr;
245: pSecInfo->nflags = pSecHead64->sh_flags;
246: pSecInfo->nOffset = pSecHead64->sh_offset;
247: pSecInfo->nSize = pSecHead64->sh_size;
248: pSecInfo->nLink = pSecHead64->sh_link;
249: pSecInfo->nInfo = pSecHead64->sh_info;
250: pSecInfo->nAddralign = pSecHead64->sh_addralign;
251: pSecInfo->nEntsize = pSecHead64->sh_entsize;
252:
253: //ELF_GetSecftInfo(pSecInfo);
254: getsecinfo_finish:
255: return ret;
256: }
257:
258: long ELF_GetSecName(void *handle,int num,ELF_SECINFO *pElfInfo)
259: {
260: SEF_HEADSET * phandle = (SEF_HEADSET *)handle;
261: int ret = 0;
262: if((phandle==NULL) || (phandle->pS_ElfHeader == NULL) || (phandle->pS_SecHeader==NULL))
263: {
264: ret = -1;
265: goto GetOut;
266: }
267:
268: SEF_ELFHEADER * pElfHeaderTemp = phandle->pS_ElfHeader;
269: SEF_SECHEADER * pSecHeaderTemp = phandle->pS_SecHeader;
270: int Index = 0;
271:
272: //deal 32bits elf file
273: if(pElfHeaderTemp->nFlag_Bits == ELFCLASS32)
274: {
275: Index = pElfHeaderTemp->S_ElfHeader_32.e_shstrndx;
276:
277: //shstrname is the start address of the section name string section
278: char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_32[Index].sh_offset;
279: pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_32[num].sh_name;
280:
281:
282: }
283: //deal 64bits elf file
284: if(pElfHeaderTemp->nFlag_Bits == ELFCLASS64)
285: {
286: Index = pElfHeaderTemp->S_ElfHeader_64.e_shstrndx;
287:
288: //shstrname is the start address of the section name string section
289: char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_64[Index].sh_offset;
290: pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_64[num].sh_name;
291: }
292: GetOut:
293: return ret;
294: }
最后给出.h头文件:
1: #include"../../include/elf_type.h"
2: #include "elf_interface.h"
3: #include"../../include/adt.h"
4:
5: #define ELF_FLAG_WRITE 0X1
6: #define ELF_FLAG_ALLOC 0X2
7: #define ELF_FLAG_EXECINSTR 0X4
8: #define ELF_FLAG_MERGE 0X10
9: #define ELF_FLAG_STRINGS 0X20
10: #define ELF_FLAG_LINK 0X40
11: #define ELF_FLAG_ORDER 0X80
12: #define ELF_FLAG_NONCONFORMING 0X100
13: #define ELF_FLAG_CROUP 0X200
14: #define ELF_FLAG_MASKOS 0X0ff00000
15: #define ELF_FLAG_MASKPROC 0Xf0000000
16:
17:
18: ///////////////////////////////////Get ELF‘s Enddian ///////////////////////////////////////////
19: /*
20: function : get ELF‘s enddian
21: input : [in point] pHandle is Call InitElf will return handle
22: result : ret ;
23: -1 input point is NULL
24: 0 ELFDATANONE can‘t decide which enddian
25: 1 ELFDATA2LSB little enddian
26: 2 ELFDATA2MSB big enddian
27: */
28: long ELF_GetELFEnddian(SEF_ELFHEADER *pHandle);
29:
30:
31:
32:
33: //////////////////////////////////////Get ELF‘s Machine/////////////////////////////////////////
34: /*
35: funtinon: decide ELF‘s Machine when class is 64_class
36: input:
37: result: 0 success
38: -5 can not decide which Machine it is
39: readme: nEndding: 1 liteld+ending ; 2 big-edding
40: nMachine: 1 Intel 0x386 CPU ,2 AMD 64 CPU
41: nELFType: 1 ET_REL ; 2 ET_EXEC ; 3 ET_DYN ; 0 it‘s not ELF type
42: */
43: long ELF_GetELFMachine64(SEF_ELFHEADER_64 *pELF64Header, uint8_t *nMachine);
44:
45: /*
46: funtinon: decide ELF‘s Machine when class is 32_class
47: input:
48: result: 0 success
49: -5 can not decide which Machine it is
50: readme: nEndding: 1 little_endding ; 2 big_endding
51: nMachine: 1 Intel 0x386 CPU , 2 AMD 64 CPU
52: nELFType: 1 ET_REL ; 2 ET_EXEC ;3 ET_DYN ; 0 it‘s not ELF type
53: */
54: long ELF_GetELFMachine32(SEF_ELFHEADER_32 *pELF32Header, uint8_t *nMachine);
55:
56: /////////////////////////////////////Get ELF‘s Entry////////////////////////////////////////////
57: /*
58: function: Get know Program exev begin point ‘s virtual Address --- RVA and Physics Offset---RAW
59: input: [int point] Common struct include pS_ElfHeader Struct and Program Struct
60: [int/out point] RAW
61: result: ret = 0; success
62: ret = -1; input point is NULL
63: ret = -2 can‘t find which program table has the first command
64: readme:
65: */
66: long ELF_GetEntry32(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA);
67:
68: /*
69: function: Get know Program exev begin point ‘s virtual Address --- RVA and Physics Offset---RAW
70: input: [int point] Common struct include pS_ElfHeader Struct and Program Struct
71: [int/out point] RAW
72: result: ret = 0; success
73: ret = -1; input point is NULL
74: ret = -2 can‘t find which program table has the first command
75: readme:
76: */
77: long ELF_GetEntry64(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA);
78:
79: long ELF_GetSecInfo32(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo);
80:
81: long ELF_GetSecInfo64(SEF_HEADSET*phandle,uint32_t nIndex,ELF_SECINFO *pElfSecInfo);
82:
83:
84: /*
85: *function : Get know Program exec begin point‘s virtual Address ---RVA and Physics Offset---RAW
86: *input ; [int point] pHandle is CAll InitELF will return handle ,pAddressHandle from InitAddressELF
87: [in/out point] RAW and RVA
88: *result ; ret==0; success
89: ret==-1; input point is illegal
90: ret==-2; can‘t find which Program table has the first command
91: `readme :
92: *
93: * */
94: //long ELF_GetEntry(void *handle, uint64_t *RAW, uint64_t *RVA);
95:
96: //////////////////////////////////////Get ELF‘s ALL Information////////////////////////////////////////
97: /*
98: funtinon: Get ELF bit, machine, bigendding
99: input: [in point] pHandle is Call InitELF will return handle
100: [in/out poing] ELFInfo struct point, recfrese Buf.h
101: result: 0 success
102: -1 input point is null
103: -2 length is too short or it‘s firt four bits don‘t fit ELF style so it‘s not ELF style
104:
105: readme: InitElF , handle Call InitELF()
106: output bIsElfStyle TURE elf文件 ;FALSE 非elf文件
107: nEndding: 1 little_endding ; 2 big_endding ;3 can‘t decide which enddian
108: nClass : 1 32_class ; 2 64_class ;3 can‘t decide which class
109: nMachine: 1 Intel 0x386 CPU ;2 AMD 64 CPU;3 can‘t decide which class
110: */
111: //long ELF_GetElfHeaderInfo(void *pHandle,ELF_HEADERINFO *pElfInfo);
112:
113:
114:
115: long ELF_GetSecName(void *handle,int num,ELF_SECINFO *pSecInfo);
116:
ELF格式解析库之提取信息
时间: 2024-11-10 00:19:47