-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstandard_disas.py
67 lines (66 loc) · 3.3 KB
/
standard_disas.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
import sys
from elftools.elf.elffile import ELFFile
from elftools.elf.relocation import RelocationSection
from elftools.elf.descriptions import describe_reloc_type
from capstone import *
#from __future__ import print_function
sys.path[0:0] =['.','..']
def process_file(filename):
print('Processing file:', filename)
with open(filename, 'rb') as f:
elffile = ELFFile(f)
code_section = '.text'
for section in elffile.iter_sections():
print (section.name)
print("__________________________________end__________________________________")
for section in elffile.iter_sections():
if section.name.startswith('.debug'):
print(' ' + section.name)
else:
print("No debug sections available")
break
print("__________________________________end__________________________________")
for section in elffile.iter_sections():
print hex(section['sh_addr']), section.name, section['sh_size']
print("__________________________________end__________________________________")
code = elffile.get_section_by_name('.text')
opcodes = code.data()
addr = code['sh_addr']
print 'Entry Point:', hex(elffile.header['e_entry'])
print("__________________________________end__________________________________")
print "<<.TEXT Disassembly>>"
md = Cs(CS_ARCH_X86, CS_MODE_64)
for i in md.disasm(opcodes, addr):
print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))
print("__________________________________end__________________________________")
code = elffile.get_section_by_name('.got.plt')
opcodes = code.data()
addr = code['sh_addr']
print "<<.GOT.PLT Disassembly>>"
#print 'Entry Point:', hex(elffile.header['e_entry'])
md = Cs(CS_ARCH_X86, CS_MODE_64)
for i in md.disasm(opcodes, addr):
print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))
print("__________________________________end__________________________________")
code = elffile.get_section_by_name('.plt')
opcodes = code.data()
addr = code['sh_addr']
print "<<.PLT Disassembly>>"
#print 'Entry Point:', hex(elffile.header['e_entry'])
md = Cs(CS_ARCH_X86, CS_MODE_64)
for i in md.disasm(opcodes, addr):
print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))
print("__________________________________end__________________________________")
for section in elffile.iter_sections():
if not isinstance(section, RelocationSection):
continue
symtable = elffile.get_section(section['sh_link'])
print(' %s section with %s relocations' % (section.name, section.num_relocations()))
for reloc in section.iter_relocations():
symbol = symtable.get_symbol(reloc['r_info_sym'])
print ' Relocation (%s)' % 'RELA' if reloc.is_RELA() else 'REL'
print ' offset = %s' % hex(reloc['r_offset'])
print symbol.name, 'type:', describe_reloc_type(reloc['r_info_type'], elffile), 'load at: ', hex(reloc['r_offset'])
if __name__ == '__main__':
if len(sys.argv) == 2:
process_file(sys.argv[1])