simpleelf
v1.0.0
小精靈文件不僅是可執行的,而且是描述記憶中程序佈局的非常方便的方法。該項目的最初意圖是允許個人創建一個小精靈文件,該文件描述了用於嵌入式程序的內存映射。對於與其他分析工具一起使用,例如:IDA/GHIDRA/等,特別有用。它們可以擁有所有所需的信息,而無需僅打開一個普通的.bin文件並運行多個iDapython腳本(我討厭Load additional binary file...選項)。
拉力請求當然受到歡迎嗎?
使用pip :
python3 -m pip install simpleelf或克隆自己並建造:
git clone [email protected]:doronz88/simpleelf.git
cd simpleelf
python -m pip install -e . -U現在,您只需導入簡單的功能並開始使用它。
使用ElfStruct輕鬆解析。嘗試一下:
from simpleelf . elf_structs import ElfStructs
ElfStructs ( '<' ). Elf32 . parse ( elf32_buffer ) # outputs a constucts' container
ElfStructs ( '<' ). Elf64 . parse ( elf64_buffer ) # outputs a constucts' container 使用ElfBuilder容易建築物。嘗試一下:
from simpleelf . elf_builder import ElfBuilder
from simpleelf import elf_consts
# can also be used with ELFCLASS64 to create 64bit layouts
e = ElfBuilder ( elf_consts . ELFCLASS32 )
e . set_endianity ( '<' )
e . set_machine ( elf_consts . EM_ARM )
code = b'CODECODE'
# add a segment
text_address = 0x1234
text_buffer = b'cybercyberbitimbitim' + code
e . add_segment ( text_address , text_buffer ,
elf_consts . PF_R | elf_consts . PF_W | elf_consts . PF_X )
# add a second segment
e . add_segment ( 0x88771122 , b'data in 0x88771122' ,
elf_consts . PF_R | elf_consts . PF_W | elf_consts . PF_X )
# add a code section inside the first segment
code_address = text_address + text_buffer . find ( code ) # point at CODECODE
code_size = len ( code )
e . add_code_section ( code_address , code_size , name = '.text' )
# set entry point
e . set_entry ( code_address )
# add .bss section. not requiring a loaded segment from
# file
bss_address = 0x5678
bss_size = 0x200
e . add_empty_data_section ( bss_address , bss_size , name = '.bss' )
# get raw elf
e . build ()
