Menu
Recently I've been interested in ELF File Structure. Searching on web, I found an awesome script named pyelftools. But in fact I didn't know the way to save the modified ELF; ELFFile class doesn't have any method to do.
First of all, I did like below:
header = self.elf.header
self._emitline("%s" % header['e_shnum'])
header['e_shnum'] = 30
self._emitline("%s" % header['e_shnum'])
Yeah, that's poor way. But sadly I have no idea getting an offset of e_shnum in the ELF file. Is there anybody able to teach me?
Regards,
Rex.
407
You can use any hexeditor to do that, if you know precisely which part of ELF you need to modify. If you want to parse ELFs and do more complex logic you should write some code which will open file or better, mmap it.
An elf file contains the bin information but it is surrounded by lots of other information, possible debug info, symbols, can distinguish code from data within the binary.
you can use readelf and objdump to read parts of an elf file. You can also use 'hexdump filename' to get a hexdump of the contents of a binary file (this is likely only useful if you like reading machine code or you are writing an assembler).
ELF is the standard binary format on operating systems such as Linux. Some of the capabilities of ELF are dynamic linking, dynamic loading, imposing run-time control on a program, and an improved method for creating shared libraries.
According to the author @eli-bendersky, pyelftools is a module for parsing and analyzing ELF/DWARF files and it has no direct way of modifying them. I had a look at the module source files and could not find any methods to edit/save either.
On the introductory post, within comments author acknowledges that pyelftools has no API-level support to do this but some tinkering around can help achieve what you need.
If pyelftools is not a hard dependency, here's an example on how to do the same using elffile:
import elffile
eo = elffile.open(name="/bin/ls")
eo.fileHeader.shnum = 30
with open('./ls.bin', 'wb') as f: f.write(eo.pack())
Using readelf, you can verify that changes were saved correctly:
readelf -h ls.bin
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x804be34
Start of program headers: 105068 (bytes into file)
Start of section headers: 103948 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 9
Size of section headers: 40 (bytes)
Number of section headers: 30
Section header string table index: 27
readelf: Error: Unable to read in 0x708 bytes of section headers
There's not much documentation on elffile but you can have a look at the source and figure out ways to replicate pyelftools-specific functionality. If that doesn't work, you can try using both pyelftools for reading/analyzing tasks and elffile to edit sections and write changes.
174
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
