elf-parser
elf-parser copied to clipboard
TheCodeArtist
Feature request: Listing texts in given sections
Hello,
Is it possible to add listing texts in some given sections for example .rodata or .strtab.
A function which reads a section would be very useful. Something like readelf -x .rodata <binary>
Something like readelf -x .rodata
Sounds like a great idea!
Would you like to take a stab at it?... (let me know if you get any doubts)
Thank you! Unfortunately I have very limited knowledge about ELF format, I can help if you redirect me. I don't know the theory.
Hello, I have changed print_symbols function to print some other types too, but I see segmentation fault when it runs. Why it cannot print other types?
void print_symbols(int32_t fd, Elf32_Ehdr eh, Elf32_Shdr sh_table[])
{
uint32_t i;
for(i=0; i<eh.e_shnum; i++) {
if ((sh_table[i].sh_type==SHT_SYMTAB)
|| (sh_table[i].sh_type==SHT_STRTAB)
|| (sh_table[i].sh_type==SHT_DYNSYM)
|| (sh_table[i].sh_type==SHT_PROGBITS)
|| (sh_table[i].sh_type==SHT_NOTE)
)
{
printf("\n[Section %03d]", i);
printf("\n[Type %d]", sh_table[i].sh_type);
print_symbol_table(fd, eh, sh_table, i);
}
}
}
Thank you! Unfortunately I have very limited knowledge about ELF format, I can help if you redirect me. I don't know the theory.
Think of ELF as a pretty simple (but large) data-structure.
Check this out for a quick intro...
https://en.wikipedia.org/wiki/Executable_and_Linkable_Format#File_layout
...and a detailed reference http://www.skyfree.org/linux/references/ELF_Format.pdf
I have changed print_symbols function to print some other types too, but I see segmentation fault when it runs.
Why it cannot print other types?
The segmentation fault is the updated print_symbols() in the above comment is seen within
print_symbol_table(fd, eh, sh_table, i);
This is because print_symbol_table() attempts to interpret the contents of the section as a symbol-table
wheres these other sections (SHT_STRTAB, SHT_PROGBITS, SHT_NOTE) do not contain symbol tables.
Reference: Page 16(of 60) of ELF_format.pdf
How about this -
- Call
print_strings(fd, eh, sh_tbl);frommain() - Implement
print_strings()such that it reads a section that is a string-table
and prints either the string Table or all the individual strings in it.
Look for SHT_STRTAB and the chapter 1.4 String Table in ELF_format.pdf.
Second option looks better and easier to me. I guess currently print_strings() function prints only string-table, how the other sections hold individual strings? With null terminate character?
Does the strings <file> command read elf sections or it has other method? I need the equivalent behavior of strings command.
in my previous comment i meant that as step1 and step2.
Basically implement a new function print_strings() and call it from main()
Look for SHT_STRTAB and the chapter 1.4 String Table in ELF_format.pdf.
Please :-) search and do read the above to understand the byte format of the string table in an ELF file.
Then its a matter of writing C code to:
- determine the start offset of a string table
- go over the each byte and print it on screen
- stop once we reach the end of a string table (how to identify we have reached the end of a string table?)
Does the strings
command read elf sections or it has other method? I need the equivalent behavior of strings command.
Not sure how strings does it.
Based on the results it shows,
i would guess it simply looks for sequences of bytes with values in the printable ASCII range.