Skip to content

Latest commit

 

History

History
210 lines (190 loc) · 10.2 KB

README.md

File metadata and controls

210 lines (190 loc) · 10.2 KB

Codacy Badge

delf

delf is an ELF 64 dump tool.

Installation

pipx install delf

Or:

git clone https://github.com/terminaldweller/delf
cd delf
poetry install

You can then run it with poetry shell or poetry run.

Options

For a list of available options just run delf --help:

$ delf --help
usage: delf [-h] [--dbg] [--obj OBJ] [--header] [--symboltable] [--phdrs] [--shdrs] [--symbolindex] [--stentries] [--objcode] [--test] [--test2] [--listdso] [--funcs] [--objs] [--dynsym] [--dlpath] [--phdynent]
            [--section SECTION] [--dumpfunc DUMPFUNC] [--dumpfuncasm DUMPFUNCASM] [--textasm] [--dynsecents] [--reladyn] [--relaplt] [--rodata] [--disass DISASS] [--disassp DISASSP] [--got] [--gotplt]
            [--noclor]

options:
  -h, --help            show this help message and exit
  --dbg                 debug
  --obj OBJ             path to the executbale, shared object or object you want to load in bruiser
  --header              dump headers
  --symboltable         dump symbol table
  --phdrs               dump program haeders
  --shdrs               dump section haeders
  --symbolindex         dump symbol index
  --stentries           dump section table entries
  --objcode             dump objects
  --test                test switch
  --test2               test switch 2
  --listdso             list DSOs
  --funcs               dump functions
  --objs                dump objects
  --dynsym              dump dynamic symbol table
  --dlpath              dump dynamic linker path
  --phdynent            dump ph PT_DYNAMIC entries
  --section SECTION     dump a section
  --dumpfunc DUMPFUNC   dump a functions machine code
  --dumpfuncasm DUMPFUNCASM
                        dump a functions assembly code
  --textasm             disassemble the text section
  --dynsecents          dynamic section entries
  --reladyn             .rela.dyn entries
  --relaplt             .rela.plt entries
  --rodata              dump .rodata
  --disass DISASS       disassembls a section by name in section headers
  --disassp DISASSP     disassembls a section by index in program headers
  --got                 dump .got section
  --gotplt              dump .got.plt section
  --noclor              dont use color

Example usage

$ delf --obj ./main --shdrs

idx  sh_name               sh_type       sh_flags  sh_addr  sh_offset  sh_size  sh_link  sh_info  sh_addralign  sh_entsize
0    ''                    'NULL'        0         0        0          0        0        0        0             0
1    '.interp'             'PROGBITS'    2         792      792        28       0        0        1             0
2    '.note.gnu.property'  'NOTE'        2         824      824        32       0        0        8             0
3    '.note.gnu.build-id'  'NOTE'        2         856      856        36       0        0        4             0
4    '.note.ABI-tag'       'NOTE'        2         892      892        32       0        0        4             0
5    '.gnu.hash'           'GNU_HASH'    2         928      928        36       6        0        8             0
6    '.dynsym'             'DYNSYM'      2         968      968        144      7        1        8             24
7    '.dynstr'             'STRTAB'      2         1112     1112       136      0        0        1             0
8    '.gnu.version'        'VERSYM'      2         1248     1248       12       6        0        2             2
9    '.gnu.version_r'      'VERNEED'     2         1264     1264       48       7        1        8             0
10   '.rela.dyn'           'RELA'        2         1312     1312       192      6        0        8             24
11   '.init'               'PROGBITS'    6         4096     4096       23       0        0        4             0
12   '.plt'                'PROGBITS'    6         4128     4128       16       0        0        16            16
13   '.plt.got'            'PROGBITS'    6         4144     4144       8        0        0        8             8
14   '.text'               'PROGBITS'    6         4160     4160       262      0        0        16            0
15   '.fini'               'PROGBITS'    6         4424     4424       9        0        0        4             0
16   '.rodata'             'PROGBITS'    18        8192     8192       4        0        0        4             4
17   '.eh_frame_hdr'       'PROGBITS'    2         8196     8196       44       0        0        4             0
18   '.eh_frame'           'PROGBITS'    2         8240     8240       172      0        0        8             0
19   '.init_array'         'INIT_ARRAY'  3         15872    11776      8        0        0        8             8
20   '.fini_array'         'FINI_ARRAY'  3         15880    11784      8        0        0        8             8
21   '.dynamic'            'DYNAMIC'     3         15888    11792      432      7        0        8             16
22   '.got'                'PROGBITS'    3         16320    12224      40       0        0        8             8
23   '.got.plt'            'PROGBITS'    3         16360    12264      24       0        0        8             8
24   '.data'               'PROGBITS'    3         16384    12288      16       0        0        8             0
25   '.bss'                'NOBITS'      3         16400    12304      8        0        0        1             0
26   '.comment'            'PROGBITS'    48        0        12304      39       0        0        1             1
27   '.debug_aranges'      'PROGBITS'    0         0        12352      240      0        0        16            0
28   '.debug_info'         'PROGBITS'    0         0        12592      1393     0        0        1             0
29   '.debug_abbrev'       'PROGBITS'    0         0        13985      398      0        0        1             0
30   '.debug_line'         'PROGBITS'    0         0        14383      463      0        0        1             0
31   '.debug_str'          'PROGBITS'    48        0        14846      944      0        0        1             1
32   '.debug_line_str'     'PROGBITS'    48        0        15790      265      0        0        1             1
33   '.debug_rnglists'     'PROGBITS'    0         0        16055      66       0        0        1             0
34   '.symtab'             'SYMTAB'      0         0        16128      864      35       19       8             24
35   '.strtab'             'STRTAB'      0         0        16992      467      0        0        1             0
36   '.shstrtab'           'STRTAB'      0         0        17459      368      0        0        1             0
$ delf --obj ./main --phdrs

idx  p_type          p_flags  p_offset  p_vaddr  p_paddr  p_filesz  p_memsz  p_flags2  p_align
0    'PHDR'          'WR'     64        64       64       728       728      0         '0x8'
1    'INTERP'        'XW'     792       792      792      28        28       0         '0x1'
2    'LOAD'          'X'      0         0        0        1504      1504     0         '0x1000'
3    'LOAD'          'X'      4096      4096     4096     337       337      0         '0x1000'
4    'LOAD'          'X'      8192      8192     8192     220       220      0         '0x1000'
5    'LOAD'          'X'      11776     15872    15872    528       536      0         '0x1000'
6    'DYNAMIC'       'W'      11792     15888    15888    432       432      0         '0x8'
7    'NOTE'          'R'      824       824      824      32        32       0         '0x8'
8    'NOTE'          'R'      856       856      856      68        68       0         '0x4'
9    None            'XW'     824       824      824      32        32       0         '0x8'
10   'GNU_EH_FRAME'  ''       8196      8196     8196     44        44       0         '0x4'
11   'GNU_STACK'     'X'      0         0        0        0         0        0         '0x10'
12   'GNU_RELRO'     'W'      11776     15872    15872    512       512      0         '0x1'
$ delf --obj ./main --section .interp

000000 : 2f 6c 69 62 36 34 2f 6c 64 2d 6c 69 6e 75 78 2d /lib64/ld-linux-
000010 : 78 38 36 2d 36 34 2e 73 6f 2e 32 00             x86-64.so.2
$ delf --obj ./main --disass .text

0x0     xor     ebp, ebp
0x2     mov     r9, rdx
0x5     pop     rsi
0x6     mov     rdx, rsp
0x9     and     rsp, 0xfffffffffffffff0
0xd     push    rax
0xe     push    rsp
0xf     xor     r8d, r8d
0x12    xor     ecx, ecx
0x14    lea     rdi, [rip + 0xd5]
0x1b    call    qword ptr [rip + 0x2f5f]
0x21    hlt
0x22    nop     word ptr cs:[rax + rax]
0x2c    nop     dword ptr [rax]
0x30    lea     rdi, [rip + 0x2f99]
0x37    lea     rax, [rip + 0x2f92]
0x3e    cmp     rax, rdi
0x41    je      0x58
0x43    mov     rax, qword ptr [rip + 0x2f3e]
0x4a    test    rax, rax
0x4d    je      0x58
0x4f    jmp     rax
0x51    nop     dword ptr [rax]
0x58    ret
0x59    nop     dword ptr [rax]
0x60    lea     rdi, [rip + 0x2f69]
0x67    lea     rsi, [rip + 0x2f62]
0x6e    sub     rsi, rdi
0x71    mov     rax, rsi
0x74    shr     rsi, 0x3f
0x78    sar     rax, 3
0x7c    add     rsi, rax
0x7f    sar     rsi, 1
0x82    je      0x98
0x84    mov     rax, qword ptr [rip + 0x2f0d]
0x8b    test    rax, rax
0x8e    je      0x98
0x90    jmp     rax
0x92    nop     word ptr [rax + rax]
0x98    ret
0x99    nop     dword ptr [rax]
0xa0    endbr64
0xa4    cmp     byte ptr [rip + 0x2f25], 0
0xab    jne     0xd8
0xad    push    rbp
0xae    cmp     qword ptr [rip + 0x2eea], 0
0xb6    mov     rbp, rsp
0xb9    je      0xc7
0xbb    mov     rdi, qword ptr [rip + 0x2f06]
0xc2    call    0xfffffffffffffff0
0xc7    call    0x30
0xcc    mov     byte ptr [rip + 0x2efd], 1
0xd3    pop     rbp
0xd4    ret
0xd5    nop     dword ptr [rax]
0xd8    ret
0xd9    nop     dword ptr [rax]
0xe0    endbr64
0xe4    jmp     0x60
0xe9    nop     dword ptr [rax]
0xf0    push    rbp
0xf1    mov     rbp, rsp
0xf4    mov     dword ptr [rbp - 4], 0
0xfb    mov     dword ptr [rbp - 8], edi
0xfe    mov     qword ptr [rbp - 0x10], rsi
0x102   xor     eax, eax
0x104   pop     rbp
0x105   ret