ELF file analysis tool

[Will Ware]

A couple of weeks ago I posted a script for analyzing ELF files,
the file format used by Linux and other Unices for linkable and
executable files. That tool has undergone further development,
and I have posted an updated version on alt.sources.

To see what's useful about it, here's a comparison between the
output of the nm tool:

hrothgar ~/anima> nm zbuf.o
         U PyArg_ParseTuple
         U PyErr_NoMemory
         U PyString_FromStringAndSize
         U Py_InitModule4
         U _Py_NoneStruct
00000004 C band
00000004 C bandptr
         U free
00000154 t half_triangle
00000004 C height
000008ac T initzbuf
         U malloc
00000004 C width
000000b8 t zbuf_clear
00000070 t zbuf_deinit
00000000 t zbuf_init
00000000 d zbuf_methods
00000778 t zbuf_tostring
0000057c t zbuf_tri

versus the output of the ELF analysis script (edited for brevity):

hrothgar ~/anima> elfanal.py zbuf.o
zbuf.o
  e_version: 0x1 1
  e_ehsize: 0x34 52
  e_shstrndx: 0xC 12
  e_type: 0x1 1: ET_REL
  e_ident: "\177ELF\001\001\001\000\000\000\000\000\000\000\000\000"
  e_phentsize: 0x0 0
  e_phnum: 0x0 0
  e_machine: 0x3 3: EM_386
  e_entry: 0x0 0
  e_shentsize: 0x28 40
  e_shnum: 0xF 15
  e_phoff: 0x0 0
  e_shoff: 0x6474 25716
  e_flags: 0x0 0
  Section 0
    sh_info: 0x0 0
    sh_addralign: 0x0 0
    sh_offset: 0x0 0
    sh_link: 0x0 0
    sh_addr: 0x0 0
    sh_size: 0x0 0
    sh_entsize: 0x0 0
    sh_flags: 0x0 0: 
    sh_type: 0x0 0: SHT_NULL
    sh_name: 0x0 0: ""
  Section 1
    sh_info: 0x0 0
    sh_addralign: 0x10 16
    sh_offset: 0x40 64
    sh_link: 0x0 0
    sh_addr: 0x0 0
    sh_size: 0x8C9 2249
    sh_entsize: 0x0 0
    sh_flags: 0x6 6: SHF_ALLOC SHF_EXECINSTR
    sh_type: 0x1 1: SHT_PROGBITS
    sh_name: 0x1B 27: ".text"
  Section 2
    sh_info: 0x1 1
    sh_addralign: 0x4 4
    sh_offset: 0x6980 27008
    sh_link: 0xD 13
    sh_addr: 0x0 0
    sh_size: 0x1C0 448
    sh_entsize: 0x8 8
    sh_flags: 0x0 0: 
    sh_type: 0x9 9: SHT_REL
    sh_name: 0x21 33: ".rel.text"
      Rel 0
        r_info: 0x1101 4353: sym=17 type=1
        r_offset: 0x5 5
      Rel 1
        r_info: 0x1201 4609: sym=18 type=1
        r_offset: 0xD 13
      ... etcetera ...
  Section 3
    sh_info: 0x0 0
    sh_addralign: 0x4 4
    sh_offset: 0x90C 2316
    sh_link: 0x0 0
    sh_addr: 0x0 0
    sh_size: 0x60 96
    sh_entsize: 0x0 0
    sh_flags: 0x3 3: SHF_WRITE SHF_ALLOC
    sh_type: 0x1 1: SHT_PROGBITS
    sh_name: 0x2B 43: ".data"
0090C 0000: 37 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
0091C 0010: 30 00 00 00 70 00 00 00 01 00 00 00 00 00 00 00
0092C 0020: 2A 00 00 00 B8 00 00 00 01 00 00 00 00 00 00 00
0093C 0030: 26 00 00 00 7C 05 00 00 01 00 00 00 00 00 00 00
0094C 0040: 1D 00 00 00 78 07 00 00 01 00 00 00 00 00 00 00
0095C 0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  ... etcetera ...
  Section 10
    sh_info: 0x0 0
    sh_addralign: 0x1 1
    sh_offset: 0x6383 25475
    sh_link: 0x0 0
    sh_addr: 0x0 0
    sh_size: 0x41 65
    sh_entsize: 0x0 0
    sh_flags: 0x2 2: SHF_ALLOC
    sh_type: 0x1 1: SHT_PROGBITS
    sh_name: 0x5F 95: ".rodata"
06383 0000: 69 69 00 00 7C 69 69 69 00 69 64 64 64 64 64 64
06393 0010: 64 64 64 64 64 64 64 64 64 64 64 64 00 74 6F 73
063A3 0020: 74 72 69 6E 67 00 74 72 69 00 63 6C 65 61 72 00
063B3 0030: 64 65 69 6E 69 74 00 69 6E 69 74 00 7A 62 75 66
063C3 0040: 00
  Section 13
    sh_info: 0x11 17
    sh_addralign: 0x4 4
    sh_offset: 0x66CC 26316
    sh_link: 0xE 14
    sh_addr: 0x0 0
    sh_size: 0x1D0 464
    sh_entsize: 0x10 16
    sh_flags: 0x0 0: 
    sh_type: 0x2 2: SHT_SYMTAB
    sh_name: 0x1 1: ".symtab"
      Sym 0
        st_name: 0x0 0: ""
        st_info: 0x0 0: STB_LOCAL STT_NOTYPE
        st_value: 0x0 0
        st_other: 0x0 0
        st_size: 0x0 0
        st_shndx: 0x0 0
      Sym 1
        st_name: 0x1 1: "zbuf.c"
        st_info: 0x4 4: STB_LOCAL STT_FILE
        st_value: 0x0 0
        st_other: 0x0 0
        st_size: 0x0 0
        st_shndx: 0xFFF1 65521
      ... etcetera ...
      Sym 20
        st_name: 0x6D 109: "PyArg_ParseTuple"
        st_info: 0x10 16: STB_GLOBAL STT_NOTYPE
        st_value: 0x0 0
        st_other: 0x0 0
        st_size: 0x0 0
        st_shndx: 0x0 0
      ... etcetera ...
      Sym 27
        st_name: 0xCB 203: "initzbuf"
        st_info: 0x12 18: STB_GLOBAL STT_FUNC
        st_value: 0x8AC 2220
        st_other: 0x0 0
        st_size: 0x1D 29
        st_shndx: 0x1 1
      ... etcetera ...
  Section 14
    sh_info: 0x0 0
    sh_addralign: 0x1 1
    sh_offset: 0x689C 26780
    sh_link: 0x0 0
    sh_addr: 0x0 0
    sh_size: 0xE3 227
    sh_entsize: 0x0 0
    sh_flags: 0x0 0: 
    sh_type: 0x3 3: SHT_STRTAB
    sh_name: 0x9 9: ".strtab"
0689C 0000: 00 z  b  u  f  .  c  00 z  b  u  f  _  i  n  i 
068AC 0010: t  00 z  b  u  f  _  d  e  i  n  i  t  00 z  b 
068BC 0020: u  f  _  c  l  e  a  r  00 h  a  l  f  _  t  r 
068CC 0030: i  a  n  g  l  e  00 z  b  u  f  _  t  r  i  00
068DC 0040: z  b  u  f  _  t  o  s  t  r  i  n  g  00 z  b 
068EC 0050: u  f  _  m  e  t  h  o  d  s  00 b  a  n  d  00
068FC 0060: h  e  i  g  h  t  00 w  i  d  t  h  00 P  y  A 
0690C 0070: r  g  _  P  a  r  s  e  T  u  p  l  e  00 m  a 
0691C 0080: l  l  o  c  00 P  y  E  r  r  _  N  o  M  e  m 
0692C 0090: o  r  y  00 _  P  y  _  N  o  n  e  S  t  r  u 
0693C 00A0: c  t  00 f  r  e  e  00 b  a  n  d  p  t  r  00
0694C 00B0: P  y  S  t  r  i  n  g  _  F  r  o  m  S  t  r 
0695C 00C0: i  n  g  A  n  d  S  i  z  e  00 i  n  i  t  z 
0696C 00D0: b  u  f  00 P  y  _  I  n  i  t  M  o  d  u  l 
0697C 00E0: e  4  00

-- 
 - - - - - - - - - - - - - - - - - - - - - - - -
Resistance is futile. Capacitance is efficacious.
Will Ware	email:    wware @ world.std.com