From e39c053f76156c4fb7fe207c4b624a43abb84d84 Mon Sep 17 00:00:00 2001 From: Ramon de C Valle Date: Wed, 13 Feb 2008 02:43:56 +0000 Subject: [PATCH] Updated ELF stuff git-svn-id: file:///home/svn/framework3/trunk@5413 4d416f70-5f16-0410-b530-b9f4589650da --- lib/rex/elfparsey.rb | 1 - lib/rex/elfparsey/elf.rb | 41 ++++++++++++++++++++++----------- lib/rex/elfparsey/elfbase.rb | 28 +++++++++++----------- lib/rex/elfparsey/exceptions.rb | 3 +-- lib/rex/elfscan/scanner.rb | 2 +- lib/rex/elfscan/search.rb | 2 +- lib/rex/image_source.rb | 11 ++++++--- lib/rex/peparsey.rb | 11 +++++++-- lib/rex/peparsey/pe.rb | 6 ++--- lib/rex/peparsey/pe_memdump.rb | 6 ++--- lib/rex/peparsey/section.rb | 2 +- lib/rex/pescan.rb | 7 ++++-- 12 files changed, 75 insertions(+), 45 deletions(-) diff --git a/lib/rex/elfparsey.rb b/lib/rex/elfparsey.rb index 1577866868..70368758b1 100644 --- a/lib/rex/elfparsey.rb +++ b/lib/rex/elfparsey.rb @@ -8,5 +8,4 @@ module ElfParsey end end -require 'rex/elfparsey/exceptions' require 'rex/elfparsey/elf' \ No newline at end of file diff --git a/lib/rex/elfparsey/elf.rb b/lib/rex/elfparsey/elf.rb index d12694434e..ff52e74afc 100644 --- a/lib/rex/elfparsey/elf.rb +++ b/lib/rex/elfparsey/elf.rb @@ -19,7 +19,9 @@ class Elf < ElfBase # ELF Header elf_header = ElfHeader.new(isource.read(offset, ELF_HEADER_SIZE)) + # Data encoding ei_data = elf_header.e_ident[EI_DATA] + e_phoff = elf_header.e_phoff e_phentsize = elf_header.e_phentsize e_phnum = elf_header.e_phnum @@ -46,8 +48,6 @@ class Elf < ElfBase self.isource = isource end - # Stolen from lib/rex/peparsey/pebase.rb - def self.new_from_file(filename, disk_backed = false) file = ::File.new(filename) @@ -62,21 +62,36 @@ class Elf < ElfBase end end - # Stolen from lib/rex/peparsey/pebase.rb - def self.new_from_string(data) return self.new(ImageSource::Memory.new(data)) end - # Stolen from lib/rex/peparsey/pe.rb + # + # Returns true if this binary is for a 64-bit architecture. + # + def ptr_64? + unless [ ELFCLASS32, ELFCLASS64 ].include?( + elf_header.e_ident[EI_CLASS]) + raise ElfHeaderError, 'Invalid class', caller + end + + elf_header.e_ident[EI_CLASS] == ELFCLASS64 + end + + # + # Returns true if this binary is for a 32-bit architecture. + # This check does not take into account 16-bit binaries at the moment. + # + def ptr_32? + ptr_64? == false + end # # Converts a virtual address to a string representation based on the # underlying architecture. # - def ptr_s(va) - #(ptr_32?) ? ("0x%.8x" % va) : ("0x%.16x" % va) - "0x%.8x" % va + def ptr_s(rva) + (ptr_32?) ? ("0x%.8x" % rva) : ("0x%.16x" % rva) end def offset_to_rva(offset) @@ -95,14 +110,14 @@ class Elf < ElfBase isource.read(rva_to_offset(rva), len) end - def close - isource.close - end - def index(*args) isource.index(*args) end + def close + isource.close + end + end end -end +end \ No newline at end of file diff --git a/lib/rex/elfparsey/elfbase.rb b/lib/rex/elfparsey/elfbase.rb index 30e9a0d4e7..6223a0535c 100644 --- a/lib/rex/elfparsey/elfbase.rb +++ b/lib/rex/elfparsey/elfbase.rb @@ -99,9 +99,11 @@ class ElfBase # ELFMAG0 = 0x7f # e_ident[EI_MAG0] - ELFMAG1 = 'E' # e_ident[EI_MAG1] - ELFMAG2 = 'L' # e_ident[EI_MAG2] - ELFMAG3 = 'F' # e_ident[EI_MAG3] + ELFMAG1 = ?E # e_ident[EI_MAG1] + ELFMAG2 = ?L # e_ident[EI_MAG2] + ELFMAG3 = ?F # e_ident[EI_MAG3] + + ELFMAG = ELFMAG0.chr + ELFMAG1.chr + ELFMAG2.chr + ELFMAG3.chr # EI_CLASS Identifies the file's class, or capacity @@ -118,8 +120,6 @@ class ElfBase ELFDATA2LSB = 1 # Least significant byte first ELFDATA2MSB = 2 # Most significant byte first - # Stolen from lib/rex/peparsey/pebase.rb - class GenericStruct attr_accessor :struct def initialize(_struct) @@ -154,6 +154,8 @@ class ElfBase class ElfHeader < GenericHeader def initialize(rawdata) + + # Identify the data encoding and parse ELF Header elf_header = ELF32_EHDR_LSB.make_struct if !elf_header.from_s(rawdata) @@ -168,16 +170,14 @@ class ElfBase end end - unless elf_header.v['e_ident'][EI_DATA] == ELFDATA2LSB || - elf_header.v['e_ident'][EI_DATA] == ELFDATA2MSB + unless [ ELFDATA2LSB, ELFDATA2MSB ].include?( + elf_header.v['e_ident'][EI_DATA]) raise ElfHeaderError, 'Invalid data encoding', caller end - unless elf_header.v['e_ident'][EI_MAG0].to_i == ELFMAG0 && - elf_header.v['e_ident'][EI_MAG1] == ELFMAG1 && - elf_header.v['e_ident'][EI_MAG2] == ELFMAG2 && - elf_header.v['e_ident'][EI_MAG3] == ELFMAG3 - #raise ElfHeaderError, 'Invalid magic number', caller + # Identify the file as an ELF object file + unless elf_header.v['e_ident'][EI_MAG0, 4] == ELFMAG + raise ElfHeaderError, 'Invalid magic number', caller end self.struct = elf_header @@ -237,6 +237,8 @@ class ElfBase class ProgramHeader < GenericHeader def initialize(rawdata, ei_data) + + # Identify the data encoding and parse Program Header if ei_data == ELFDATA2LSB program_header = ELF32_PHDR_LSB.make_struct elsif ei_data == ELFDATA2MSB @@ -256,4 +258,4 @@ class ElfBase end end -end +end \ No newline at end of file diff --git a/lib/rex/elfparsey/exceptions.rb b/lib/rex/elfparsey/exceptions.rb index 9b656d008f..497cbe0c17 100644 --- a/lib/rex/elfparsey/exceptions.rb +++ b/lib/rex/elfparsey/exceptions.rb @@ -24,5 +24,4 @@ class WtfError < ElfError end end -end - +end \ No newline at end of file diff --git a/lib/rex/elfscan/scanner.rb b/lib/rex/elfscan/scanner.rb index 7782f21918..35043b9759 100644 --- a/lib/rex/elfscan/scanner.rb +++ b/lib/rex/elfscan/scanner.rb @@ -204,4 +204,4 @@ end end end -end +end \ No newline at end of file diff --git a/lib/rex/elfscan/search.rb b/lib/rex/elfscan/search.rb index ea43b668b4..07709e776d 100644 --- a/lib/rex/elfscan/search.rb +++ b/lib/rex/elfscan/search.rb @@ -43,4 +43,4 @@ module Search end end end -end +end \ No newline at end of file diff --git a/lib/rex/image_source.rb b/lib/rex/image_source.rb index 35217e768f..167ab3dca6 100644 --- a/lib/rex/image_source.rb +++ b/lib/rex/image_source.rb @@ -2,6 +2,11 @@ # $Id$ -require 'rex/image_source/image_source.rb' -require 'rex/image_source/memory.rb' -require 'rex/image_source/disk.rb' +module Rex +module ImageSource + +end +end + +require 'rex/image_source/disk' +require 'rex/image_source/memory' \ No newline at end of file diff --git a/lib/rex/peparsey.rb b/lib/rex/peparsey.rb index 6b4660ee79..1a58ff8f99 100644 --- a/lib/rex/peparsey.rb +++ b/lib/rex/peparsey.rb @@ -1,5 +1,12 @@ #!/usr/bin/env ruby -require 'rex/peparsey/exceptions' +# $Id$ + +module Rex +module PeParsey + +end +end + require 'rex/peparsey/pe' -require 'rex/peparsey/pe_memdump' +require 'rex/peparsey/pe_memdump' \ No newline at end of file diff --git a/lib/rex/peparsey/pe.rb b/lib/rex/peparsey/pe.rb index 8904fff4d4..11554b55a7 100644 --- a/lib/rex/peparsey/pe.rb +++ b/lib/rex/peparsey/pe.rb @@ -2,10 +2,10 @@ # $Id$ -require 'rex/peparsey/pebase' -require 'rex/peparsey/exceptions' -require 'rex/peparsey/section' require 'rex/image_source' +require 'rex/peparsey/exceptions' +require 'rex/peparsey/pebase' +require 'rex/peparsey/section' require 'rex/struct2' module Rex diff --git a/lib/rex/peparsey/pe_memdump.rb b/lib/rex/peparsey/pe_memdump.rb index 58f444884a..351387f9ff 100644 --- a/lib/rex/peparsey/pe_memdump.rb +++ b/lib/rex/peparsey/pe_memdump.rb @@ -2,10 +2,10 @@ # $Id$ -require 'rex/peparsey/pebase' -require 'rex/peparsey/exceptions' -require 'rex/peparsey/section' require 'rex/image_source' +require 'rex/peparsey/exceptions' +require 'rex/peparsey/pebase' +require 'rex/peparsey/section' require 'rex/struct2' # diff --git a/lib/rex/peparsey/section.rb b/lib/rex/peparsey/section.rb index 07ff807dc1..c9d4dc83df 100644 --- a/lib/rex/peparsey/section.rb +++ b/lib/rex/peparsey/section.rb @@ -2,8 +2,8 @@ # $Id$ -require 'rex/peparsey/pebase' require 'rex/peparsey/exceptions' +require 'rex/peparsey/pebase' require 'rex/struct2' module Rex diff --git a/lib/rex/pescan.rb b/lib/rex/pescan.rb index 12b5814210..e143cbb6a6 100644 --- a/lib/rex/pescan.rb +++ b/lib/rex/pescan.rb @@ -1,3 +1,6 @@ +#!/usr/bin/env ruby + +# $Id$ module Rex module PeScan @@ -5,6 +8,6 @@ module PeScan end end -require 'rex/pescan/scanner' -require 'rex/pescan/search' require 'rex/pescan/analyze' +require 'rex/pescan/scanner' +require 'rex/pescan/search' \ No newline at end of file