`elf` – ELF file parsing¶

This module contains a parser for, and methods to extract information from ELF files.

class pwnypack.elf.ELF(f=None)[source]¶

Bases: pwnypack.target.Target

A parser for ELF files. Upon parsing the ELF headers, it will not only fill the ELF specific fields but will also populate the inherited arch, bits and endian properties based on the values it encounters.

Parameters:	f (str, file or `None`) – The (path to) the ELF file to parse.

Example

>>> from pwny import *
>>> e = ELF('my-executable')
>>> print(e.machine)
>>> print(e.program_headers)
>>> print(e.section_headers)
>>> print(e.symbols)

class DynamicSectionEntry(type_id, value)[source]¶

Bases: object

Contains information about the entry in the .dynamic section.

Parameters:	type_id (int) – The type id of the .dynamic section entry. value (int) – The value of the .dynamic section entry.

class Flags[source]¶

Bases: enum.IntEnum

Flags when type is flags.

bind_now = 8¶: Non-lazy binding required.

origin = 1¶: $ORIGIN processing is required.

static_tls = 16¶: Object uses static thread local storage.

symbolic = 2¶: Symbol resolution is required.

textrel = 4¶: Text relocations exist.

class Flags_1[source]¶

Bases: enum.IntEnum

Flags when type is flags_1.

confalt = 4096¶: Object is a configuration alternative.

direct = 256¶: Direct bindings are enabled.

dispreldne = 16384¶: Displacement relocation has been completed.

disprelpnd = 32768¶: Displacement relocation is pending.

edited = 1048576¶: Object has been modified since it was built.

endfiltee = 8192¶: Filtee terminates filter’s search.

global_ = 2¶: Unused.

globaudit = 8388608¶: Global auditing is enabled.

group = 4¶: Object is a member of a group.

ignmuldef = 131072¶: Reserved for internal use.

initfirst = 32¶: Objects’ initialization occurs first.

interpose = 512¶: Object is an interposer.

loadfltr = 16¶: Make sure filtees are loaded immediately.

nodeflib = 1024¶: Ignore the default library search path.

nodelete = 8¶: Object cannot be removed from a process.

nodirect = 65536¶: Object contains non-direct bindings.

nodump = 2048¶: Object cannot be dumped.

nohdr = 524288¶: Reserved for internal use.

noksyms = 262144¶: Reserved for internal use.

noopen = 64¶: Object cannot be used with dlopen.

noreloc = 2097152¶: Reserved for internal use.

now = 1¶: Perform complete relocation processing.

origin = 128¶: $ORIGIN processing is required.

singleton = 16777216¶: Singleton symbols exist.

symintpose = 4194304¶: Individual symbol interposers exist.

class Posflags_1[source]¶

Bases: enum.IntEnum

Flags when type is ELF.DynamicSectionEntry.Type.posflags_1.

groupperm = 2¶: Identify group dependency.

lazyload = 1¶: Identify lazily loaded dependency.

class Type[source]¶

Bases: enum.IntEnum

Describes the dynamic section entry type.

audit = 1879047932¶: String table offset defining an audit library.

auxiliary = 2147483645¶: String table offset that names an auxiliary file.

bind_now = 24¶: All relocations must be performed before code is executed.

checksum = 1879047672¶: A checksum of selected sections of the object.

config = 1879047930¶: String table offset to the path of the configuration file.

debug = 21¶: Used for debugging.

depaudit = 1879047931¶: String table offset defining an audit library.

fini = 13¶: The address of the termination function.

fini_array = 26¶: Address of array of termination functions.

fini_arraysz = 28¶: The size of the termination function array.

flags = 30¶: Flags for this object.

flags_1 = 1879048187¶: Object-specific flags.

gnu_hash = 1879047925¶: Address of the GNU hash section.

hash = 4¶: Address of symbol hash table within SYMTAB.

init = 12¶: The address of the initialization function.

init_array = 25¶: Address of array of initialization functions.

init_arraysz = 27¶: The size of the initialization function array.

jmprel = 23¶: Address of relocation entries that are only associated with the PLT.

max_postags = 34¶: Number of dynamic array tags.

moveent = 1879047674¶: Size of move table entries.

movesz = 1879047675¶: Total size of move table.

movetab = 1879047934¶: Address of the move table.

needed = 1¶: String table offset of the name of a needed dependency.

null = 0¶: Marks the end of the dynamic section.

pltgot = 3¶: Address of PLT/GOT.

pltpad = 1879047933¶: Address of the padding of the PLT.

pltpadsz = 1879047673¶: Size of padding of the PLT.

pltrel = 20¶: Type of relocation entry in the PLT table. Either rel or rela.

pltrelsz = 2¶: Total size of the relocation entries in the PLT.

posflags_1 = 1879047677¶: State flags applied to next dynamic section entry.

preinit_array = 32¶: Address of array of pre-initialization functions.

preinit_arraysz = 33¶: Size of pre-initialization function array.

rel = 17¶: Similar to rela but with implicit addends.

rela = 7¶: Address of the relocation table.

relacount = 1879048185¶: Relative relocation count.

relaent = 9¶: The size a relocation table entry.

relasz = 8¶: The size of the relocation table.

relcount = 1879048186¶: Relative relocation count.

relent = 19¶: Size of a rel relocation section entry.

relsz = 18¶: Size of the rel relocation section.

rpath = 15¶: String table offset of a library search path.

runpath = 29¶: String table offset of a library search path.

soname = 14¶: String table offset for the name of the shared object.

sparc_register = 1879048193¶: STT_SPARC_REGISTER symbol index within the symbol table.

strsz = 10¶: The size of the string table.

strtab = 5¶: Address of the string table.

sunw_auxiliary = 1610612749¶: String table offset for one or more per-symbol, auxiliary filtees.

sunw_cap = 1610612752¶: Address of the capabilities section.

sunw_capchain = 1610612762¶: Address of the array of capability family indices.

sunw_capchainent = 1610612765¶: Size of the capability family index entry size.

sunw_capchainsz = 1610612767¶: The size of the capability family index array.

sunw_capinfo = 1610612760¶: Address of capability requirement symbol association table.

sunw_filter = 1610612750¶: String table offset for one or more per-symbol, standard filtee

sunw_ldmach = 1610612763¶: Machine architecture of the link-editor that produced this binary.

sunw_rtldinf = 1610612750¶: Reserved for internal use by the runtime-linker.

sunw_sortent = 1610612755¶: Size of symbol sort entries.

sunw_strpad = 1610612761¶: Size of dynamic string table padding.

sunw_symsort = 1610612756¶: Address of symbol sort section.

sunw_symsortsz = 1610612757¶: Size of symbol sort section.

sunw_symsz = 1610612754¶: Combined size of regular and local symbol table.

sunw_symtab = 1610612753¶: Address of symbol table for local function symbols.

sunw_tlssort = 1610612758¶: Address of thread local symbol sort section.

sunw_tlssortsz = 1610612759¶: Size of thread local symbol sort section.

symbolic = 16¶: Object contains symbolic bindings.

syment = 11¶: The size of a symbol table entry.

syminent = 1879047679¶: Size of a sumbol info table entry.

syminfo = 1879047935¶: Address of the symbol info table.

syminsz = 1879047678¶: Size of the symbol info table.

symtab = 6¶: Address of the symbol table.

textrel = 22¶: One or more relocation entries resides in a read-only segement.

unknown = -1¶: Unknown dynamic section entry type, check type_id.

used = 2147483646¶: Same as needed.

verdef = 1879048188¶: Address of the version definition table.

verdefnum = 1879048189¶: Number of entries in the version definition table.

verneed = 1879048190¶: Address of the version dependency table.

verneednum = 1879048191¶: Number of entries in the version dependency table.

type = None¶: The resolved type of this entry (one of Type).

type_id = None¶: The numerical type of this entry.

value = None¶: The value of this entry.

class Machine[source]¶

Bases: enum.IntEnum

The target machine architecture.

aarch64 = 183¶: 64-bit Advanced RISC Machines ARM

alpha = 41¶: Digital Alpha

arc = 45¶: Argonaut RISC Core, Argonaut Technologies Inc.

arc_a5 = 93¶: ARC Cores Tangent-A5

arca = 109¶: Arca RISC Microprocessor

arm = 40¶: Advanced RISC Machines ARM

avr = 83¶: Atmel AVR 8-bit microcontroller

blackfin = 106¶: Analog Devices Blackfin (DSP) processor

coldfire = 52¶: Motorola ColdFire

cr = 103¶: National Semiconductor CompactRISC microprocessor

cris = 76¶: Axis Communications 32-bit embedded processor

d10v = 85¶: Mitsubishi D10V

d30v = 86¶: Mitsubishi D30V

f2mc16 = 104¶: Fujitsu F2MC16

firepath = 78¶: Element 14 64-bit DSP Processor

fr20 = 37¶: Fujitsu FR20

fr30 = 84¶: Fujitsu FR30

fx66 = 66¶: Siemens FX66 microcontroller

h8_300 = 46¶: Hitachi H8/300

h8_300h = 47¶: Hitachi H8/300H

h8_500 = 49¶: Hitachi H8/500

h8s = 48¶: Hitachi H8S

huany = 81¶: Harvard University machine-independent object files

i386 = 3¶: Intel 80386

i860 = 7¶: Intel 80860

i960 = 19¶: Intel 80960

ia64 = 50¶: Intel IA-64 processor architecture

ip2k = 101¶: Ubicom IP2xxx microcontroller family

javelin = 77¶: Infineon Technologies 32-bit embedded processor

m32 = 1¶: AT&T WE 32100

m32r = 88¶: Mitsubishi M32R

m68hc05 = 72¶: Motorola MC68HC05 Microcontroller

m68hc08 = 71¶: Motorola MC68HC08 Microcontroller

m68hc11 = 70¶: Motorola MC68HC11 Microcontroller

m68hc12 = 53¶: Motorola M68HC12

m68hc16 = 69¶: Motorola MC68HC16 Microcontroller

m68k = 4¶: Motorola 68000

m88k = 5¶: Motorola 88000

max = 102¶: MAX Processor

me16 = 59¶: Toyota ME16 processor

mips = 8¶: MIPS I Architecture

mips_rs3_le = 10¶: MIPS RS3000 Little-endian

mipsx = 51¶: Stanford MIPS-X

mma = 54¶: Fujitsu MMA Multimedia Accelerator

mmix = 80¶: Donald Knuth’s educational 64-bit processor

mn10200 = 90¶: Matsushita MN10200

mn10300 = 89¶: Matsushita MN10300

msp430 = 105¶: Texas Instruments embedded microcontroller msp430

ncpu = 56¶: Sony nCPU embedded RISC processor

ndr1 = 57¶: Denso NDR1 microprocessor

none = 0¶: No machine

ns32k = 97¶: National Semiconductor 32000 series

openrisc = 92¶: OpenRISC 32-bit embedded processor

parisc = 15¶: Hewlett-Packard PA-RISC

pcp = 55¶: Siemens PCP

pdp10 = 64¶: Digital Equipment Corp. PDP-10

pdp11 = 65¶: Digital Equipment Corp. PDP-11

pdsp = 63¶: Sony DSP Processor

pj = 91¶: picoJava

ppc = 20¶: PowerPC

ppc64 = 21¶: 64-bit PowerPC

prism = 82¶: SiTera Prism

rce = 39¶: Motorola RCE

rh32 = 38¶: TRW RH-32

s370 = 9¶: IBM System/370 Processor

s390 = 22¶: IBM System/390 Processor

se_c33 = 107¶: S1C33 Family of Seiko Epson processors

sep = 108¶: Sharp embedded microprocessor

snp1k = 99¶: Trebia SNP 1000 processor

sparc = 2¶: SPARC

sparc32plus = 18¶: Enhanced instruction set SPARC

sparcv9 = 43¶: SPARC Version 9

st100 = 60¶: STMicroelectronics ST100 processor

st19 = 74¶: STMicroelectronics ST19 8-bit microcontroller

st200 = 100¶: STMicroelectronics ST200 microcontroller

st7 = 68¶: STMicroelectronics ST7 8-bit microcontroller

st9plus = 67¶: STMicroelectronics ST9+ 8/16 bit microcontroller

starcore = 58¶: Motorola Star*Core processor

superh = 42¶: Hitachi SuperH

svx = 73¶: Silicon Graphics SVx

tinyj = 61¶: Advanced Logic Corp. TinyJ embedded processor family

tmm_gpp = 96¶: Thompson Multimedia General Purpose Processor

tpc = 98¶: Tenor Network TPC processor

tricore = 44¶: Siemens TriCore embedded processor

unicore = 110¶: Microprocessor series from PKU-Unity Ltd. and MPRC of Peking University

unknown = -1¶: Unknown architecture

v800 = 36¶: NEC V800

v850 = 87¶: NEC v850

vax = 75¶: Digital VAX

videocore = 95¶: Alphamosaic VideoCore processor

vpp550 = 17¶: Fujitsu VPP500

x86_64 = 62¶: AMD x86-64 architecture

xtensa = 94¶: Tensilica Xtensa Architecture

zsp = 79¶: LSI Logic 16-bit DSP Processor

class OSABI[source]¶

Bases: enum.IntEnum

Describes the OS- or ABI-specific ELF extensions used by this file.

aix = 7¶: AIX ABI

arch = 64¶: Architecture specific ABI

arm = 97¶: ARM ABI

aros = 15¶: Amiga Research OS

freebsd = 9¶: FreeBSD ABI

hp_ux = 1¶: HP-UX ABI

irix = 8¶: IRIX ABI

linux = 3¶: Linux ABI

modesto = 11¶: Novell Modesto

netbsd = 2¶: NetBSD ABI

nsk = 14¶: Hewlett-Packard Non-Stop Kernel

openbsd = 12¶: OpenBSD ABI

openvms = 13¶: OpenVMS ABI

solaris = 6¶: Solaris ABI

system_v = 0¶: SystemV ABI / No extensions

tru64 = 10¶: Compaq TRU64 Unix

unknown = -1¶: Unknown ABI

class ProgramHeader(elf, data)[source]¶

Bases: object

Describes how the loader will load a part of a file. Called by the ELF class.

Parameters:	elf (ELF) – The ELF instance owning this program header. data – The content of the program header entry.

class Flags[source]¶

Bases: enum.IntEnum

The individual flags that make up ELF.ProgramHeader.flags.

r = 4¶: Segment is readable

w = 2¶: Segment is writable

x = 1¶: Segment is executable

class Type[source]¶

Bases: enum.IntEnum

The segment type.

dynamic = 2¶: The element contains dynamic linking information

gnu_eh_frame = 1685382480¶: This element contains the exception handler unwind information

gnu_relro = 1685382482¶: This element contains the readonly relocations

gnu_stack = 1685382481¶: This element describes the access right of the stack

interp = 3¶: The element contains the path of the interpreter

load = 1¶: The element contains a loadable segment

note = 4¶: The element contains auxiliary information

null = 0¶: The element is unused

phdr = 6¶: This element contains the program header table itself

shlib = 5¶: This element type is reserved

unknown = -1¶: Unknown type, check type_id for exact type

align = None¶: The alignment of the segment.

filesz = None¶: The size of the segment in the file.

flags = None¶: The flags for the segment (OR’ed values of Flags).

memsz = None¶: The size of the segment in memory.

offset = None¶: Where in the file the segment is located.

paddr = None¶: The physical address at which the segment is loaded.

type = None¶: The type of the segment (Type).

type_id = None¶: The numerical type describing the segment.

vaddr = None¶: The virtual address at which the segment is loaded.

class SectionHeader(elf, data)[source]¶

Bases: object

Describes a section of an ELF file. Called by the ELF class.

Parameters:	elf (ELF) – The ELF instance owning this section header. data – The content of the section header entry.

class Flags[source]¶

Bases: enum.IntEnum

An enumeration.

alloc = 2¶: Section occupies memory during execution

exclude = 2147483648¶: Exclude section from linking

execinstr = 4¶: Section contains executable code

group = 512¶: Section is member of a group

info_link = 64¶: Section’s info field contains SHT index

link_order = 128¶: Preserve section order after combining

maskos = 267386880¶: Mask for OS specific flags

maskproc = 4026531840¶: Mask for processor specific flags

merge = 16¶: Section might be merged

ordered = 1073741824¶: Treat sh_link, sh_info specially

os_nonconforming = 256¶: Non-standard OS-specific handling required

strings = 32¶: Section contains NUL terminated strings

tls = 1024¶: Section holds thread-local data

write = 1¶: Section is writable

class Type[source]¶

Bases: enum.IntEnum

Describes the section’s type

checksum = 1879048184¶: Checksum for DSO content

dynamic = 6¶: Dynamic linking information

dynsym = 11¶: Minimal symbol table for dynamic linking

fini_array = 15¶: Array of termination functions

gnu_attributes = 1879048181¶: GNU extension – Object attributes

gnu_hash = 1879048182¶: GNU extension – GNU-style hash section

gnu_liblist = 1879048183¶: GNU extension – Pre-link library list

gnu_object_only = 1879048184¶: GNU extension

gnu_verdef = 1879048189¶: GNU extension – Version definition section

gnu_verneed = 1879048190¶: GNU extension – Version requirements section

gnu_versym = 1879048191¶: GNU extension – Version symbol table

group = 17¶: Section group

hash = 5¶: Symbol hash table

init_array = 14¶: Array of initialisation functions

nobits = 8¶: Occupies no file space, initialised to 0

note = 7¶: Vendor or system specific notes

null = 0¶: Inactive section header

num = 19¶: Number of defined types

preinit_array = 16¶: Array of initialisation functions

progbits = 1¶: Program defined information

rel = 9¶: Relocation entries without explicit addends

rela = 4¶: Relocation entries with explicit addends

strtab = 3¶: String table

sunw_comdat = 1879048187¶: SUN extension

sunw_move = 1879048186¶: SUN extension – Additional information for partially initialized data.

sunw_syminfo = 1879048188¶: SUN extension – Extra symbol information.

symtab = 2¶: Full symbol table

symtab_shndx = 18¶: Extended symbol section mapping table

unknown = -1¶: Unknown section type

addr = None¶: The memory address at which this section will be loaded

addralign = None¶: Address alignment constraint

content¶: The contents of this section.

elf = None¶: The instance of ELF this symbol belongs to

entsize = None¶: Size of the entries in this section

flags = None¶: The flags for this section, see Flags

info = None¶: Holds section type dependant extra information

link = None¶: Holds a section type dependant section header table index link

name = None¶: The name of this section

name_index = None¶: The index into the string table for this section’s name

offset = None¶: The offset in the file where this section resides

size = None¶: The size of this section in the file

type = None¶: The type of this section (one of Type

type_id = None¶: The numeric identifier of the section type

class Symbol(elf, data, strs)[source]¶

Bases: object

Contains information about symbols. Called by the ELF class.

Parameters:	elf (ELF) – The ELF instance owning this symbol. data – The content of the symbol definition. strs – The content of the string section associated with the symbol table.

class Binding[source]¶

Bases: enum.IntEnum

Describes a symbol’s binding.

global_ = 1¶: Global symbol

local = 0¶: Local symbol

weak = 2¶: Weak symbol

class SpecialSection[source]¶

Bases: enum.IntEnum

Special section types.

abs = 65521¶: Symbol has an absolute value that will not change because of relocation

common = 65522¶: Symbol labels a common block that has not yet been allocated.

undef = 0¶: Symbol is undefined and will be resolved by the runtime linker

class Type[source]¶

Bases: enum.IntEnum

Describes the symbol’s type.

common = 5¶: The symbol labels an uninitialized common block

file = 4¶: Contains the name of the source file

func = 2¶: Symbol is a function or contains other executable code

notype = 0¶: Symbol has no type

object = 1¶: Symbol is an object

section = 3¶: Symbol is associated with a section

tls = 6¶: The symbol specifies a Thread-Local Storage entity

unknown = -1¶: Symbol has an unknown type

class Visibility[source]¶

Bases: enum.IntEnum

Describes the symbol’s visibility.

default = 0¶: Global and weak symbols are visible, local symbols are hidden

hidden = 2¶: Symbol is invisible to other components

internal = 1¶: Symbol is an internal symbol

protected = 3¶: Symbol is visible but not preemptable

content¶

The contents of a symbol.

Raises:	`TypeError` – If the symbol isn’t defined until runtime.

elf = None¶: The instance of ELF this symbol belongs to

info = None¶: Describes the symbol’s type and binding (see type and

name = None¶: The resolved name of this symbol

name_index = None¶: The index of the symbol’s name in the string table

other = None¶: Specifies the symbol’s visibility

shndx = None¶: The section in which this symbol is defined (or one of the SpecialSection types)

size = None¶: The size of the symbol

type = None¶: The resolved type of this symbol (one of Type)

type_id = None¶: The numerical type of this symbol

value = None¶: The value of the symbol (type dependent)

visibility = None¶: The visibility of this symbol (one of Visibility)

class Type[source]¶

Bases: enum.IntEnum

Describes the object type.

core = 4¶: Core file

executable = 2¶: Executable file

none = 0¶: No file type

os = 65024¶: OS specific

proc = 65280¶: Processor specific

relocatable = 1¶: Relocatable file

shared = 3¶: Shared object file

unknown = -1¶: Unknown object type

abi_version = None¶: The specific ABI version of the OS / ABI.

dynamic_section_entries¶: A list of entries in the .dynamic section.

entry = None¶: The entry point address.

f = None¶: The ELF file.

flags = None¶: The flags. Currently, no flags are defined.

get_dynamic_section_entry(index)[source]¶

Get a specific .dynamic section entry by index.

Parameters:	symbol (int) – The index of the .dynamic section entry to return.
Returns:	The .dynamic section entry.
Return type:	ELF.DynamicSectionEntry
Raises:	`KeyError` – The requested entry does not exist.

get_program_header(index)[source]¶

Return a specific program header by its index.

Parameters:	index (int) – The program header index.
Returns:	The program header.
Return type:	`ProgramHeader`
Raises:	`KeyError` – The specified index does not exist.

get_section_header(section)[source]¶

Get a specific section header by index or name.

Parameters:	section (int or str) – The index or name of the section header to return.
Returns:	The section header.
Return type:	`SectionHeader`
Raises:	`KeyError` – The requested section header does not exist.

get_symbol(symbol)[source]¶

Get a specific symbol by index or name.

Parameters:	symbol (int or str) – The index or name of the symbol to return.
Returns:	The symbol.
Return type:	ELF.Symbol
Raises:	`KeyError` – The requested symbol does not exist.

hsize = None¶: The size of the header.

machine = None¶: The machine architecture (one of ELF.Machine).

osabi = None¶: The OSABI (one of ELF.OSABI).

parse_file(f)[source]¶

Parse an ELF file and fill the class’ properties.

Parameters:	f (file or str) – The (path to) the ELF file to read.

phentsize = None¶: The size of a program header.

phnum = None¶: The number of program headers.

phoff = None¶: The offset of the first program header in the file.

program_headers¶: A list of all program headers.

section_headers¶: Return the list of section headers.

shentsize = None¶: The size of a section header.

shnum = None¶: The number of section headers.

shoff = None¶: The offset of the first section header in the file.

shstrndx = None¶: The index of the section containing the section names.

symbols¶: Return a list of all symbols.

type = None¶: The object type (one of ELF.Type).

elf – ELF file parsing¶

`elf` – ELF file parsing¶