All notable changes to this project will be documented in this file.
Before 1.0, this project does not adhere to Semantic Versioning.
Goblin is now 0.8, which means we will try our best to ease breaking changes. Tracking issue is here: #97
pe: document pe header, thanks @JohnScience: #399 pe, elf: fix doc warnings, thanks @5225225: #395 pe: document dos header, thanks @JohnScience: #393
pe: add TE (terse executable) support, big thanks @Javagedes: #397 elf: allow parsing section headers from raw bytes, thanks @lissyx: #391 mach: add support for lossy parsing, thanks @h33p: #386 elf: add convenience functions, thanks @tiann : #387
pe: read reserved dos headers, thanks @kkent030315: #405
msrv: bumped to 1.63.0 since scroll bumped as well pe: new field added to parse options: #377 pe: attribute certs now non-exhaustive: #378 goblin: hint and object enum is now non-exhaustive pe: write support introduced some breaking changes, e.g., data directories array adds a tuple of usize and data directory, DosHeader has all the fields filled out, Header struct has a dos_stub field added, symbols and strings fields is made optional in Coff struct, see: #361
elf: fix documentation, thanks @crzysdrs: #374 pe: attribute certificates non-exhaustive, thanks @RaitoBezarius: #378 pe: fix authenticode parsing, thanks @baloo: #383
strtab: len method added to return number of bytes of the strtab pe: absolutely epic pe write support PR, thanks @RaitoBezarius and @Baloo: #361 pe: add coff object file support, thanks @vadimcn, #379 pe: allow toggling parsing of attribute certs, thanks @suttonbradley: #377 mach: add new mach-o constants, thanks @keith: #372
mach: Implement LC_NOTE
, (breakage=load commands are marked non-exhaustive), thanks @messense: #342
elf: fix is_lib detection, thanks @m-hilgendorf: #366 pe: fix out of bounds access while parsing AttributeCertificate, thanks @anfedotoff: #368
pe: support basic certificates enumeration, thanks @RaitoBezarius: #354
pe: fix certificate tables parsing, thanks @baloo: #359
pe: add pe authenticode support, thanks @baloo: #362
mach: implement LC_FILESET_ENTRY
, thanks @mmaekr: #369
build: add afl fuzzing support, thanks @anfedotoff: #351
elf.section_header: additional workaround for 0-length sections, thanks @Jhynjhiruu: #347 pe.utils: file alignment check, thanks @anfedotoff: #340
elf: Add basic GNU PROPERTY note support, thanks @x64k: #352
mach: Implement LC_BUILD_VERSION
, thanks @messense: #341
macho: add support for archives in multi-arch binaries, big thanks to @nick96: #322
elf: only consider loadable segments for VM translation (this may semantically break someone, if they depended on older behavior), thanks @lumag: #329
archive: fix potential panic in bsd filenames, thanks @nathaniel-daniel: #335 archive: fix subtract with overflow, thanks @anfedotoff: #333 pe: fix oob access, thanks @anfedetoff: #330 archive: fix oob access, thanks @anfedetoff: #329
pe: add machine_to_str utility function, thanks @cgzones: #338 fuzz: add debug info for line numbers, thanks @SweetVishnya: #336
pe: fix regression in PE binary parsing, thanks @SquareMan: #321
elf: fix elf strtab parsing, thanks @tux3: #316
elf: implement plain for note headers, thanks @mkroening: #317
elf: fix arithmetic overflows in file_range()
and vm_range()
, thanks @alessandron: #306
pe: fix string table containing empty strings, thanks @track-5: #310
pe: remove check on debug directory size, thanks @lzybkr: #313
elf: expose more of programheader impl regardless of alloc feature flag, thanks @dancrossnyc: #308 mach.parse: Handle DyldExportsTrie, thanks @apalm: #303
goblin: guard all capacity allocations with bounds checks, this is breaking because we introduced a new error enum, which is now marked as non_exhaustive, thanks @Swatinem: #298 pe: support exports without an offset, thanks @dureuill: #293
mach: fix overflow panics, thanks @Swatinem: #302
pe: add signature header check, thanks @skdltmxn: #286
elf: improve parsing SHT_SYMTAB
complexity from O(N^2) to O(N), thanks @Lichsto: #297
elf: clarify documentation on strtab behavior better, and add nice doc example, thanks @n01e0: #301 elf: add rpaths and runpath to elf, thanks @messense: #294 elf: complete elf OSABI constants, thanks @messense: #295 elf: fill out more elf constants, thanks @n01e0: #296
YANKED, see 0.5.1
- elf: add initial versioned symbols support, thanks @johannst: #280
- elf: add some missing constants,
PF_MASKOS
andPF_MASKPROC
, thanks @npmccallum: #281
- strtab: preparses the string table to prevent certain class of DoS attacks, thanks @Lichtsto: #275
- elf: fix error when alloc, but not endian, thanks @dancrossnyc: #273
- elf: fix returning invalid ranges for SH_NOBIT sections, method changed to return optional range instead, thanks @Tiwalun: #253
pe: pass parse opts correctly in pe parser in lookup table, fixes some issues loading and parsing pe libraries: #268 elf: remove unnecessary unsafe blocks, thanks @nico-abram: #261 elf: replace pub type with pub use, thanks @sollyucko: #259
elf: add a lazy parse example, thanks @jesseui: #258 elf: add a new fuzzing harness + fix overflows in hash functions and note data iterator construction, thanks @Mrmaxmeier: #260
- elf: introduce "lazy" parsing of elf structure with new lazy_parse function, which allows user to fill in parts of the ELF struct they need later on; new example provided, as well as some tests, thanks @jessehui: #254
- elf: also add new
Elf::parse_header
convenience function, which allows to parse elf header from bytes without e.g., explicitly depending on scroll, etc.
- mach: fix debug print panic, thanks @messense: #251
- pe: allow pe virtual memory resolve to be optional, allowing memory/process dump parsing, thanks @ko1n (as well as patience for very long time to merge PR!): #188
- elf: overflow panic when note name is 0, thanks @glandium: #256
- mach: add rpaths, thanks @keith: #248
- elf: fix regression parsing binaries like busybox (m4b/bingrep#28), thanks @jan-auer: #249
- mach: add missing load commands, and fixup minversion enum and api, thanks @woodruffw !: #240
- elf: prevent overflow in bad section sizes, thanks @jackcmay: #243
Object::parse
no longer needsstd
! thanks @Evian-Zhang: #235- test: remove hardcoded CommandLineTools path in macos test, thanks @quake: #238
- build: Resolve clippy lints, thanks @connorkuehl: #225
- elf: add the x86-64 unwind processor specific section header type #224
- elf: Add ability to get archive members by index #225
- pe: remove unwrap on coffheader strtab parsing, thanks @ExPixel: #222
- pe: add more machine constants, thanks @ExPixel: #223
- elf: protect against out of memory when parsing, thanks @jackcmay: #219
- pe: fix panic when parsing unwind info, thanks @jan-auer: #218
- elf: add more robust debug printing to various elf data structures, thanks @connorkuehl, e.g.: #211
- elf: derive PartialEq for DynamicInfo, thanks @connorkuehl: #209
- BREAKING: Changes in
elf::gnu_hash::GnuHash
:new(*const u32, usize, &[sym::Sym]) -> Self
tofrom_raw_table(&[u8], &[Sym]) -> Result<Self, &str>
find(&self, &str, u32, &Strtab) -> Option<&Sym>
tofind(&self, &str, &Strtab) -> Option<&Sym>
.
- BREAKING: mach: fix generic relocation constants, @philipc: https://github.com/m4b/goblin/pull/204/files
- elf: add more elf note values, thanks @xcoldhandsx: #201
- Finally rustfmt'd entire repo :D
- alloc feature, stabilized in 1.36 @philipc #196
elf: support empty PT_DYNAMIC references, @jan-auer #193 elf: move various elf::Sym impls out of alloc gate, @lzutao #198
elf: parsing 0 section header had regression introduced in 779d0ce, fixed by @philipc #200
mach: don't return data for zerofill sections, @philipc #195
elf: Don't fail entire elf parse when interpreter is malformed string, @jsgf #192
- update to scroll 0.10 api
- BREAKING: rename export to lib in Reexport::DLLOrdinal from @lzybkr
- pe: only parse ExceptionData for machine X86_64, thanks @wyxloading
pe: Fix resolution of redirect unwind info, thanks @jan-auer #183 pe: fix reexport dll and ordinal, thanks @lzybkr: d62889f469846af0cceb789b415f1e14f5f9e402
- archive: new public enum type to determine which kind of archive was parsed
- archive: thanks @raindev
- pe: add write support for COFF object files!!! This is huge; we now support at a basic level writing out all major binary object formats, thanks @philipc: #159
- elf: add more e_ident constants
- mach: add segment protection constants
- elf: add risc-v relocation constants
- elf: add constants for arm64_32 (ILP32 ABI on 64-bit arm)
- pe: coff relocations and other auxiliary symbol records
- mach: fix 0 length data sections in mach-o segments, seen in some object files, thanks @raindev: #172
- build: alloc build was fixed: #170
- pe: fix
set_name_offset
compilation for 32-bit: #163
- Beautify debugging by using
debug_struct
inDebug
implementation of many structs. - PE: fix rva mask, thanks @wickawacka: #152
- PE: add PE exception tables, thanks @jan-auer: #136
- Bump lowest Rust version to 1.31.1 and transition project to Rust 2018 edition.
- BREAKING: Rename module
goblin::elf::dyn
togoblin::elf::dynamic
due todyn
become a keyword in Rust 2018 edition. - BREAKING: Rename
mach::exports::SymbolKind::to_str(kind: SymbolKind)
->to_str(&self)
. - BREAKING: Rename
strtab::Strtab::to_vec(self)
->to_vec(&self).
- BREAKING:
goblin::error::Error::description
would be removed. Useto_string()
method instead.
- elf: handle some invalid sizes, thanks @philipc: #121
- elf: add symbol visibility. thanks @pchickey: #119
- elf: parse section header relocs even when not an object file. thanks @Techno-Coder: #118
- pe: make utils public, add better examples for data directory usage. thanks @Pzixel: #116
- elf: fix regression when parsing dynamic symbols from some binaries, thanks @philipc: #111
- BREAKING: updated required compiler to 1.20 (due to scroll 1.20 requirement)
- BREAKING: elf: removed bias field, as it was misleading/useless/incorrect
- BREAKING: elf: add lazy relocation iterators: Thanks @ibabushkin #102
- BREAKING: mach: remove repr(packed) from dylib and fvmlib (this should not affect anyone): #105
- elf: use gnu/sysv hash table to compute sizeof dynsyms more accurately: again huge thanks to @philipc #109
- elf: handle multiple load biases: huge thanks @philipc: #107
- mach: add arm64e constants: Thanks @mitsuhiko #103
- PE: calculate read bytes using alignment: Thanks @tathanhdinh #101
- PE: get proper names for PE sections: Thanks @roblabla #100
- BREAKING: updated required compiler to 1.19 (technically only required for tests, but assume this is required for building as well)
- fixed nightly alloc api issues: #94
- BREAKING: pe.export: name is now optional to reflect realities of PE parsing, and add more robustness to parser. many thanks to @tathanhdinh! #88
- elf.note: treat alignment similar to other tools, e.g., readelf. Thanks @xcoldhandsx: #91
- elf: more inline annotations on various methods, thanks@amanieu: #87
- BREAKING: elf.reloc: u64/i64 used for r_offset/r_addend, and addend is now proper optional, thanks @amanieu! #86
- update to scroll 0.9
- pe32+: parse better, thanks @kjempelodott, #82
- mach: add constants for
n_types
whenN_STAB
field is being used, thanks @jrmuizel! #85 - elf: implement support for compressed headers, thanks @rocallahan! #83
- new nightly "alloc" feature: allows compiling the goblin parser on nightly with extern crate + no_std, thanks @philipc! #77
- mach.segments: do not panic on bad internal data bounds: #74
- mach: correctly add weak dylibs to import libs: #73
- BREAKING: elf:
iter_notes
renamed toiter_note_headers
- BREAKING: mach: remove
is_little_endian()
,ctx()
, andcontainer()
methods from header, as they were completely invalid for big-endian architectures since the header was parsed according to the endianness of the binary correctly into memory, and hence would always reportMH_MAGIC
orMH_MAGIC64
as the magic value. - elf: courtesy of @jan-auer, note iterator now properly iterates over multiple PH_NOTEs
- mach: added hotly requested feature - goblin now has new functionality to parse big-endian, powerpc 32-bit mach-o binaries correctly
- mach: new function to correctly extract the parsing context for a mach-o binary,
parse_magic_and_ctx
- elf: note iterator has new
iter_note_sections
method
- BREAKING: remove deprecated goblin::parse method
- BREAKING: ELF
to_range
removed on program and section headers; usevm_range
andfile_range
for respective ranges - Technically BREAKING: @philipc added Symtab and symbol iterator to ELF, but is basically the same, unless you were explicitly relying on the backing vector
- use scroll 0.8.0 and us scroll_derive via scroll
- fix notes including \0 terminator (causes breakage because tools like grep treat resulting output as a binary output...)
- pe: add PE characteristics constants courtesy @philipc
- mach: SizeWith for RelocationInfo
- mach: IOWrite and Pwrite impls for Nlist
- fix proper std feature flag to log; this was an oversight in last version
- proper cputype and cpusubtype constants to mach, along with mappings, courtesy of @mitsuhiko
- new osx and ios version constants
- all mach load commands now implement IOread and IOwrite from scroll
- add new elf::note module and associated structs + constants, and
iter_notes
method to Elf object - remove all unused muts; this will make nightly and future stables no longer warn
- fix macho nstab treatment, thanks @philipc !
- mach header cpusubtype bug fixed, thanks @mitsuhiko !
- goblin::Object::parse; add deprecation to goblin::parse
- MAJOR archive now parses bsd style archives AND is zero-copy by @willglynn
- MAJOR macho import parser bug fixed by @willglynn
- added writer impls for Section and Segment
- add get_unsafe to strtab for Option<&str> returns
- relocations method on mach
- more elf relocations
- mach relocations
- convenience functions for many elf structures that elf writer will appreciate
- mach relocation iteration
- update to scroll 0.7
- add cread/ioread impls for various structs
- BREAKING: sections() and section iterator now return (Section, &[u8])
- Segment, Section, RelocationIterator are now in segment module
- removed lifetime from section, removed data and raw data, and embedded ctx
- all scroll::Error have been removed from public API ref #33
- better mach symbol iteration
- better mach section iteration
- remove wow_so_meta_doge due to linker issues
- Strtab.get now returns a Option, when index is bad
- elf.soname is &str
- elf.libraries is now Vec<&str>
- New goblin::Object for enum containing the parsed binary container, or convenience goblin::parse(&[u8) for parsing bytes into respective container format
- All binaries formats now have lifetimes
- Elf has a lifetime
- Strtab.new now requires a &'a[u8]
- Strtab.get now returns a scroll::Result<&'a str> (use strtab[index] if you want old behavior and don't care about panics); returning scroll::Error is a bug, fixed in next release
- Archive has a lifetime
- Mach has a lifetime