124 lines
2.3 KiB
Ruby
124 lines
2.3 KiB
Ruby
#!/usr/bin/env ruby
|
|
|
|
# $Id$
|
|
|
|
require 'rex/elfparsey/elfbase'
|
|
require 'rex/elfparsey/exceptions'
|
|
require 'rex/image_source'
|
|
|
|
module Rex
|
|
module ElfParsey
|
|
class Elf < ElfBase
|
|
|
|
attr_accessor :elf_header, :program_header, :base_addr, :isource
|
|
|
|
def initialize(isource)
|
|
offset = 0
|
|
base_addr = 0
|
|
|
|
# ELF Header
|
|
elf_header = ElfHeader.new(isource.read(offset, ELF_HEADER_SIZE))
|
|
|
|
# Data encoding
|
|
ei_data = elf_header.e_ident[EI_DATA,1].unpack("C")[0]
|
|
|
|
e_phoff = elf_header.e_phoff
|
|
e_phentsize = elf_header.e_phentsize
|
|
e_phnum = elf_header.e_phnum
|
|
|
|
# Program Header Table
|
|
program_header = []
|
|
|
|
e_phnum.times do |i|
|
|
offset = e_phoff + (e_phentsize * i)
|
|
|
|
program_header << ProgramHeader.new(
|
|
isource.read(offset, PROGRAM_HEADER_SIZE), ei_data
|
|
)
|
|
|
|
if program_header[-1].p_type == PT_LOAD && base_addr == 0
|
|
base_addr = program_header[-1].p_vaddr
|
|
end
|
|
|
|
end
|
|
|
|
self.elf_header = elf_header
|
|
self.program_header = program_header
|
|
self.base_addr = base_addr
|
|
self.isource = isource
|
|
end
|
|
|
|
def self.new_from_file(filename, disk_backed = false)
|
|
|
|
file = ::File.new(filename)
|
|
# file.binmode # windows... :\
|
|
|
|
if disk_backed
|
|
return self.new(ImageSource::Disk.new(file))
|
|
else
|
|
obj = new_from_string(file.read)
|
|
file.close
|
|
return obj
|
|
end
|
|
end
|
|
|
|
def self.new_from_string(data)
|
|
return self.new(ImageSource::Memory.new(data))
|
|
end
|
|
|
|
#
|
|
# Returns true if this binary is for a 64-bit architecture.
|
|
#
|
|
def ptr_64?
|
|
unless [ ELFCLASS32, ELFCLASS64 ].include?(
|
|
elf_header.e_ident[EI_CLASS,1].unpack("C*")[0])
|
|
raise ElfHeaderError, 'Invalid class', caller
|
|
end
|
|
|
|
elf_header.e_ident[EI_CLASS,1].unpack("C*")[0] == ELFCLASS64
|
|
end
|
|
|
|
#
|
|
# Returns true if this binary is for a 32-bit architecture.
|
|
# This check does not take into account 16-bit binaries at the moment.
|
|
#
|
|
def ptr_32?
|
|
ptr_64? == false
|
|
end
|
|
|
|
#
|
|
# Converts a virtual address to a string representation based on the
|
|
# underlying architecture.
|
|
#
|
|
def ptr_s(rva)
|
|
(ptr_32?) ? ("0x%.8x" % rva) : ("0x%.16x" % rva)
|
|
end
|
|
|
|
def offset_to_rva(offset)
|
|
base_addr + offset
|
|
end
|
|
|
|
def rva_to_offset(rva)
|
|
rva - base_addr
|
|
end
|
|
|
|
def read(offset, len)
|
|
isource.read(offset, len)
|
|
end
|
|
|
|
def read_rva(rva, len)
|
|
isource.read(rva_to_offset(rva), len)
|
|
end
|
|
|
|
def index(*args)
|
|
isource.index(*args)
|
|
end
|
|
|
|
def close
|
|
isource.close
|
|
end
|
|
|
|
end
|
|
end
|
|
end
|