Skip to content

aroulin/binary-analysis

BranchesTags

Repository files navigation

binary-analysis

binary analysis tools - from Practical Binary Analysis book by Denis Andriesse

loader.h

The load_binary function takes a binary file as input and gets you a Binary object. The Binary object contains information such as the binary type, entry point, CPU ISA, the list of Sections and the list of Symbols. The loader uses the libbfd (Binary File Descriptor library) underneath.

  • Sections are either code or data sections. You can get the start address and size as well as the raw content.

  • Symbols are either function or objects symbols. In libbfd terminology, object symbols are synonyms of data symbols (e.g., string labels)

See loader_demo.cc for an example of a tool using the loader.

Usage:
./loader_demo <binary>
	List sections and symbols from <binary>
./loader_demo <binary> <section>
	Hexdump of <section> from <binary>
Examples
./loader_demo /usr/bin/ls
loaded binary '/bin/ls'
elf64-x86-64/i386:x86-64 (64 bits)
entry@0x0000000000005ae0

   virtual_address size     name                 type
 0x0000000000004000 27       .init                CODE
 0x0000000000004020 77187    .text                CODE
 0x0000000000016da4 13       .fini                CODE
 0x0000000000017000 20937    .rodata              DATA
 0x000000000001c1cc 2244     .eh_frame_hdr        DATA
...

 scanned symbol tables: 
 name                                        virtual_address type     link     scope    weak
 _obstack_begin_1                         0x00000000000162c0 FUNC     DYNAMIC  GLOBAL           
 program_invocation_name                  0x00000000000222a0 OBJECT   DYNAMIC  UNK      WEAK    
 obstack_alloc_failed_handler             0x0000000000022260 OBJECT   DYNAMIC  GLOBAL           
 optarg                                   0x0000000000022298 OBJECT   DYNAMIC  GLOBAL           
 stdout                                   0x0000000000022288 OBJECT   DYNAMIC  GLOBAL           
 __progname                               0x0000000000022280 OBJECT   DYNAMIC  GLOBAL           
 _obstack_begin                           0x00000000000162a0 FUNC     DYNAMIC  GLOBAL           
 _obstack_free                            0x0000000000016420 FUNC     DYNAMIC  GLOBAL           
 program_invocation_short_name            0x0000000000022280 OBJECT   DYNAMIC  UNK      WEAK 
...
./loader_demo /usr/bin/ls .text
loaded binary '/bin/ls'
elf64-x86-64/i386:x86-64 (64 bits)
entry@0x0000000000005ae0

Section .text, start 0x0000000000004020, size 77187, type CODE

0x00004020:     ff1582dc 0100ff15 7cdc0100 ff1576dc ........|.....v.
0x00004030:     0100ff15 70dc0100 ff156adc 0100ff15 ....p.....j.....
0x00004040:     64dc0100 ff155edc 0100ff15 58dc0100 d.....^.....X...
0x00004050:     ff1552dc 0100ff15 4cdc0100 0f1f4000 ..R.....L.....@.
0x00004060:     41574156 41554154 5589fd53 4889f348 AWAVAUATU..SH..H
0x00004070:     83ec5848 8b3e6448 8b042528 00000048 ..XH.>dH..%(...H
0x00004080:     89442448 31c067e8 04eb0000 488d35ae .D$H1.g.....H.5.
...

About

binary analysis tools

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages