ELF file analysis tool
Will Ware
wware at world.std.com
Wed Aug 9 11:34:34 EDT 2000
A couple of weeks ago I posted a script for analyzing ELF files,
the file format used by Linux and other Unices for linkable and
executable files. That tool has undergone further development,
and I have posted an updated version on alt.sources.
To see what's useful about it, here's a comparison between the
output of the nm tool:
hrothgar ~/anima> nm zbuf.o
U PyArg_ParseTuple
U PyErr_NoMemory
U PyString_FromStringAndSize
U Py_InitModule4
U _Py_NoneStruct
00000004 C band
00000004 C bandptr
U free
00000154 t half_triangle
00000004 C height
000008ac T initzbuf
U malloc
00000004 C width
000000b8 t zbuf_clear
00000070 t zbuf_deinit
00000000 t zbuf_init
00000000 d zbuf_methods
00000778 t zbuf_tostring
0000057c t zbuf_tri
versus the output of the ELF analysis script (edited for brevity):
hrothgar ~/anima> elfanal.py zbuf.o
zbuf.o
e_version: 0x1 1
e_ehsize: 0x34 52
e_shstrndx: 0xC 12
e_type: 0x1 1: ET_REL
e_ident: "\177ELF\001\001\001\000\000\000\000\000\000\000\000\000"
e_phentsize: 0x0 0
e_phnum: 0x0 0
e_machine: 0x3 3: EM_386
e_entry: 0x0 0
e_shentsize: 0x28 40
e_shnum: 0xF 15
e_phoff: 0x0 0
e_shoff: 0x6474 25716
e_flags: 0x0 0
Section 0
sh_info: 0x0 0
sh_addralign: 0x0 0
sh_offset: 0x0 0
sh_link: 0x0 0
sh_addr: 0x0 0
sh_size: 0x0 0
sh_entsize: 0x0 0
sh_flags: 0x0 0:
sh_type: 0x0 0: SHT_NULL
sh_name: 0x0 0: ""
Section 1
sh_info: 0x0 0
sh_addralign: 0x10 16
sh_offset: 0x40 64
sh_link: 0x0 0
sh_addr: 0x0 0
sh_size: 0x8C9 2249
sh_entsize: 0x0 0
sh_flags: 0x6 6: SHF_ALLOC SHF_EXECINSTR
sh_type: 0x1 1: SHT_PROGBITS
sh_name: 0x1B 27: ".text"
Section 2
sh_info: 0x1 1
sh_addralign: 0x4 4
sh_offset: 0x6980 27008
sh_link: 0xD 13
sh_addr: 0x0 0
sh_size: 0x1C0 448
sh_entsize: 0x8 8
sh_flags: 0x0 0:
sh_type: 0x9 9: SHT_REL
sh_name: 0x21 33: ".rel.text"
Rel 0
r_info: 0x1101 4353: sym=17 type=1
r_offset: 0x5 5
Rel 1
r_info: 0x1201 4609: sym=18 type=1
r_offset: 0xD 13
... etcetera ...
Section 3
sh_info: 0x0 0
sh_addralign: 0x4 4
sh_offset: 0x90C 2316
sh_link: 0x0 0
sh_addr: 0x0 0
sh_size: 0x60 96
sh_entsize: 0x0 0
sh_flags: 0x3 3: SHF_WRITE SHF_ALLOC
sh_type: 0x1 1: SHT_PROGBITS
sh_name: 0x2B 43: ".data"
0090C 0000: 37 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
0091C 0010: 30 00 00 00 70 00 00 00 01 00 00 00 00 00 00 00
0092C 0020: 2A 00 00 00 B8 00 00 00 01 00 00 00 00 00 00 00
0093C 0030: 26 00 00 00 7C 05 00 00 01 00 00 00 00 00 00 00
0094C 0040: 1D 00 00 00 78 07 00 00 01 00 00 00 00 00 00 00
0095C 0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
... etcetera ...
Section 10
sh_info: 0x0 0
sh_addralign: 0x1 1
sh_offset: 0x6383 25475
sh_link: 0x0 0
sh_addr: 0x0 0
sh_size: 0x41 65
sh_entsize: 0x0 0
sh_flags: 0x2 2: SHF_ALLOC
sh_type: 0x1 1: SHT_PROGBITS
sh_name: 0x5F 95: ".rodata"
06383 0000: 69 69 00 00 7C 69 69 69 00 69 64 64 64 64 64 64
06393 0010: 64 64 64 64 64 64 64 64 64 64 64 64 00 74 6F 73
063A3 0020: 74 72 69 6E 67 00 74 72 69 00 63 6C 65 61 72 00
063B3 0030: 64 65 69 6E 69 74 00 69 6E 69 74 00 7A 62 75 66
063C3 0040: 00
Section 13
sh_info: 0x11 17
sh_addralign: 0x4 4
sh_offset: 0x66CC 26316
sh_link: 0xE 14
sh_addr: 0x0 0
sh_size: 0x1D0 464
sh_entsize: 0x10 16
sh_flags: 0x0 0:
sh_type: 0x2 2: SHT_SYMTAB
sh_name: 0x1 1: ".symtab"
Sym 0
st_name: 0x0 0: ""
st_info: 0x0 0: STB_LOCAL STT_NOTYPE
st_value: 0x0 0
st_other: 0x0 0
st_size: 0x0 0
st_shndx: 0x0 0
Sym 1
st_name: 0x1 1: "zbuf.c"
st_info: 0x4 4: STB_LOCAL STT_FILE
st_value: 0x0 0
st_other: 0x0 0
st_size: 0x0 0
st_shndx: 0xFFF1 65521
... etcetera ...
Sym 20
st_name: 0x6D 109: "PyArg_ParseTuple"
st_info: 0x10 16: STB_GLOBAL STT_NOTYPE
st_value: 0x0 0
st_other: 0x0 0
st_size: 0x0 0
st_shndx: 0x0 0
... etcetera ...
Sym 27
st_name: 0xCB 203: "initzbuf"
st_info: 0x12 18: STB_GLOBAL STT_FUNC
st_value: 0x8AC 2220
st_other: 0x0 0
st_size: 0x1D 29
st_shndx: 0x1 1
... etcetera ...
Section 14
sh_info: 0x0 0
sh_addralign: 0x1 1
sh_offset: 0x689C 26780
sh_link: 0x0 0
sh_addr: 0x0 0
sh_size: 0xE3 227
sh_entsize: 0x0 0
sh_flags: 0x0 0:
sh_type: 0x3 3: SHT_STRTAB
sh_name: 0x9 9: ".strtab"
0689C 0000: 00 z b u f . c 00 z b u f _ i n i
068AC 0010: t 00 z b u f _ d e i n i t 00 z b
068BC 0020: u f _ c l e a r 00 h a l f _ t r
068CC 0030: i a n g l e 00 z b u f _ t r i 00
068DC 0040: z b u f _ t o s t r i n g 00 z b
068EC 0050: u f _ m e t h o d s 00 b a n d 00
068FC 0060: h e i g h t 00 w i d t h 00 P y A
0690C 0070: r g _ P a r s e T u p l e 00 m a
0691C 0080: l l o c 00 P y E r r _ N o M e m
0692C 0090: o r y 00 _ P y _ N o n e S t r u
0693C 00A0: c t 00 f r e e 00 b a n d p t r 00
0694C 00B0: P y S t r i n g _ F r o m S t r
0695C 00C0: i n g A n d S i z e 00 i n i t z
0696C 00D0: b u f 00 P y _ I n i t M o d u l
0697C 00E0: e 4 00
--
- - - - - - - - - - - - - - - - - - - - - - - -
Resistance is futile. Capacitance is efficacious.
Will Ware email: wware @ world.std.com
More information about the Python-list
mailing list