elf_disassembler/app.py at master · rwils83/elf_disassembler · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/usr/bin/env python3

# sections.py
from elftools.elf.elffile import ELFFile
from elftools.elf.relocation import RelocationSection
from capstone import *
import argparse
import sys

description="An elf based disassembler"


class MyParser(argparse.ArgumentParser):
    def error(self, message):
        sys.stderr.write('error: %s\n' % message)
        self.print_help()
        sys.exit()


def sections(file):
    with open(file, 'rb') as f:
        e = ELFFile(f)
        for section in e.iter_sections():
            print(hex(section['sh_addr']), section.name)


def disassemble(file):
    with open(file, 'rb') as f:
        elf = ELFFile(f)
        code = elf.get_section_by_name('.text')
        ops = code.data()
        addr = code['sh_addr']
        md = Cs(CS_ARCH_X86, CS_MODE_64)
        for i in md.disasm(ops, addr):
            print(f'0x{i.address:x}:\t{i.mnemonic}\t{i.op_str}')


def relocations(file):
    with open(file, 'rb') as f:
        e = ELFFile(f)
        for section in e.iter_sections():
            if isinstance(section, RelocationSection):
                print(f'{section.name}:')
                symbol_table = e.get_section(section['sh_link'])
                for relocation in section.iter_relocations():
                    symbol = symbol_table.get_symbol(relocation['r_info_sym'])
                    addr = hex(relocation['r_offset'])
                    print(f'{symbol.name} {addr}')


def parse_args():
    description = "A python based ELF disassembler."
    parser =MyParser()
    parser.add_argument("-s", "--sections",action="store",help="Show sections of selected file. Usage: /.app.py -s/--sections [FILENAME]")
    parser.add_argument("-d", "--disassemble",action="store", help="Disassemble selected file. Due to large volume of output, pipe to less! Usage: /.app.py -d [FILENAME]|less")
    parser.add_argument("-r", "--relocations",action="store", help="Show relocations of selected file. Usage: /.app.py -r/--relocations [FILENAME]")
    args= parser.parse_args()
    return args


if __name__ == "__main__":
    args = parse_args()

    if args.sections:
        sections(args.sections)

    if args.disassemble:
        disassemble(args.disassemble)

    if args.relocations:
        relocations(args.relocations)