Updated ELF stuff

git-svn-id: file:///home/svn/framework3/trunk@5413 4d416f70-5f16-0410-b530-b9f4589650da

lib/rex/elfparsey.rb

@@ -8,5 +8,4 @@ module ElfParsey
 end
 end
 
-require 'rex/elfparsey/exceptions'
 require 'rex/elfparsey/elf'

lib/rex/elfparsey/elf.rb

@@ -19,7 +19,9 @@ class Elf < ElfBase
 		# ELF Header
 		elf_header = ElfHeader.new(isource.read(offset, ELF_HEADER_SIZE))
 
+		# Data encoding
 		ei_data = elf_header.e_ident[EI_DATA]
+
 		e_phoff = elf_header.e_phoff
 		e_phentsize = elf_header.e_phentsize
 		e_phnum = elf_header.e_phnum
@@ -46,8 +48,6 @@ class Elf < ElfBase
 		self.isource = isource
 	end
 
-	# Stolen from lib/rex/peparsey/pebase.rb
-
 	def self.new_from_file(filename, disk_backed = false)
 
 		file = ::File.new(filename)
@@ -62,21 +62,36 @@ class Elf < ElfBase
 		end
 	end
 
-	# Stolen from lib/rex/peparsey/pebase.rb
-
 	def self.new_from_string(data)
 		return self.new(ImageSource::Memory.new(data))
 	end
 
-	# Stolen from lib/rex/peparsey/pe.rb
+	#
+	# Returns true if this binary is for a 64-bit architecture.
+	#
+	def ptr_64?
+		unless [ ELFCLASS32, ELFCLASS64 ].include?(
+		elf_header.e_ident[EI_CLASS])
+			raise ElfHeaderError, 'Invalid class', caller
+		end
+
+		elf_header.e_ident[EI_CLASS] == ELFCLASS64
+	end
+
+	#
+	# Returns true if this binary is for a 32-bit architecture.
+	# This check does not take into account 16-bit binaries at the moment.
+	#
+	def ptr_32?
+		ptr_64? == false
+	end
 
 	#
 	# Converts a virtual address to a string representation based on the
 	# underlying architecture.
 	#
-	def ptr_s(va)
+	def ptr_s(rva)
-		#(ptr_32?) ? ("0x%.8x" % va) : ("0x%.16x" % va)
+		(ptr_32?) ? ("0x%.8x" % rva) : ("0x%.16x" % rva)
-		"0x%.8x" % va
 	end
 
 	def offset_to_rva(offset)
@@ -95,14 +110,14 @@ class Elf < ElfBase
 		isource.read(rva_to_offset(rva), len)
 	end
 
-	def close
-		isource.close
-	end
-
 	def index(*args)
 		isource.index(*args)
 	end
 
+	def close
+		isource.close
+	end
+
 end
 end
-end
+end

lib/rex/elfparsey/elfbase.rb

@@ -99,9 +99,11 @@ class ElfBase
 	#
 
 	ELFMAG0 = 0x7f  # e_ident[EI_MAG0]
-	ELFMAG1 = 'E'   # e_ident[EI_MAG1]
+	ELFMAG1 = ?E   # e_ident[EI_MAG1]
-	ELFMAG2 = 'L'   # e_ident[EI_MAG2]
+	ELFMAG2 = ?L   # e_ident[EI_MAG2]
-	ELFMAG3 = 'F'   # e_ident[EI_MAG3]
+	ELFMAG3 = ?F   # e_ident[EI_MAG3]
+
+	ELFMAG = ELFMAG0.chr + ELFMAG1.chr + ELFMAG2.chr + ELFMAG3.chr
 
 	# EI_CLASS  Identifies the file's class, or capacity
 
@@ -118,8 +120,6 @@ class ElfBase
 	ELFDATA2LSB = 1  # Least significant byte first
 	ELFDATA2MSB = 2  # Most significant byte first
 
-	# Stolen from lib/rex/peparsey/pebase.rb
-
 	class GenericStruct
 		attr_accessor :struct
 		def initialize(_struct)
@@ -154,6 +154,8 @@ class ElfBase
 
 	class ElfHeader < GenericHeader
 		def initialize(rawdata)
+
+			# Identify the data encoding and parse ELF Header
 			elf_header = ELF32_EHDR_LSB.make_struct
 
 			if !elf_header.from_s(rawdata)
@@ -168,16 +170,14 @@ class ElfBase
 				end
 			end
 
-			unless elf_header.v['e_ident'][EI_DATA] == ELFDATA2LSB ||
+			unless [ ELFDATA2LSB, ELFDATA2MSB ].include?(
-			elf_header.v['e_ident'][EI_DATA] == ELFDATA2MSB
+			elf_header.v['e_ident'][EI_DATA])
 				raise ElfHeaderError, 'Invalid data encoding', caller
 			end
 
-			unless elf_header.v['e_ident'][EI_MAG0].to_i == ELFMAG0 &&
+			# Identify the file as an ELF object file
-				elf_header.v['e_ident'][EI_MAG1] == ELFMAG1 &&
+			unless elf_header.v['e_ident'][EI_MAG0, 4] == ELFMAG
-				elf_header.v['e_ident'][EI_MAG2] == ELFMAG2 &&
+				raise ElfHeaderError, 'Invalid magic number', caller
-				elf_header.v['e_ident'][EI_MAG3] == ELFMAG3
-				#raise ElfHeaderError, 'Invalid magic number', caller
 			end
 
 			self.struct = elf_header
@@ -237,6 +237,8 @@ class ElfBase
 
 	class ProgramHeader < GenericHeader
 		def initialize(rawdata, ei_data)
+
+			# Identify the data encoding and parse Program Header
 			if ei_data == ELFDATA2LSB
 				program_header = ELF32_PHDR_LSB.make_struct
 			elsif ei_data == ELFDATA2MSB
@@ -256,4 +258,4 @@ class ElfBase
 
 end
 end
-end
+end

lib/rex/elfparsey/exceptions.rb

@@ -24,5 +24,4 @@ class WtfError < ElfError
 end
 
 end
-end
+end
-

lib/rex/elfscan/scanner.rb

@@ -204,4 +204,4 @@ end
 	
 end
 end
-end
+end

lib/rex/elfscan/search.rb

@@ -43,4 +43,4 @@ module Search
 	end	
 end
 end
-end
+end

lib/rex/image_source.rb

@@ -2,6 +2,11 @@
 
 # $Id$
 
-require 'rex/image_source/image_source.rb'
+module Rex
-require 'rex/image_source/memory.rb'
+module ImageSource
-require 'rex/image_source/disk.rb'
+
+end
+end
+
+require 'rex/image_source/disk'
+require 'rex/image_source/memory'

lib/rex/peparsey.rb

@@ -1,5 +1,12 @@
 #!/usr/bin/env ruby
 
-require 'rex/peparsey/exceptions'
+# $Id$
+
+module Rex
+module PeParsey
+
+end
+end
+
 require 'rex/peparsey/pe'
-require 'rex/peparsey/pe_memdump'
+require 'rex/peparsey/pe_memdump'

lib/rex/peparsey/pe.rb

@@ -2,10 +2,10 @@
 
 # $Id$
 
-require 'rex/peparsey/pebase'
-require 'rex/peparsey/exceptions'
-require 'rex/peparsey/section'
 require 'rex/image_source'
+require 'rex/peparsey/exceptions'
+require 'rex/peparsey/pebase'
+require 'rex/peparsey/section'
 require 'rex/struct2'
 
 module Rex

lib/rex/peparsey/pe_memdump.rb

@@ -2,10 +2,10 @@
 
 # $Id$
 
-require 'rex/peparsey/pebase'
-require 'rex/peparsey/exceptions'
-require 'rex/peparsey/section'
 require 'rex/image_source'
+require 'rex/peparsey/exceptions'
+require 'rex/peparsey/pebase'
+require 'rex/peparsey/section'
 require 'rex/struct2'
 
 #

lib/rex/peparsey/section.rb

@@ -2,8 +2,8 @@
 
 # $Id$
 
-require 'rex/peparsey/pebase'
 require 'rex/peparsey/exceptions'
+require 'rex/peparsey/pebase'
 require 'rex/struct2'
 
 module Rex

lib/rex/pescan.rb

@@ -1,3 +1,6 @@
+#!/usr/bin/env ruby
+
+# $Id$
 
 module Rex
 module PeScan
@@ -5,6 +8,6 @@ module PeScan
 end
 end
 
-require 'rex/pescan/scanner'
-require 'rex/pescan/search'
 require 'rex/pescan/analyze'
+require 'rex/pescan/scanner'
+require 'rex/pescan/search'