yarGen icon indicating copy to clipboard operation
yarGen copied to clipboard

Published 20 hours ago verified publisher icon Neo23x0

why use imphash for elf file

Open gaohang opened this issue 1 year ago • 1 comments

imphash is an effective way to identify binary files. In yarGen, I see imphash generated for pe file. But, why do generate imphash for elf files? how to generate imphash for elf files by python?

gaohang avatar May 10 '23 07:05 gaohang

I am afraid that it is impossible to generate imphash (which has exactly the same definition of PE) for ELF since associating the imported functions with the corresponding libraries is non-trivial for ELF.

But there are some alternatives which have the similar effect (e.g., telfhash [1] and ImpELF [2]).

[1] https://github.com/trendmicro/telfhash [2] https://github.com/signalblur/impelf

seekamoon avatar Dec 24 '23 09:12 seekamoon