Abstract Binary Format Manipulation - ELF, PE and Mach-O format
Python
Permalink
Failed to load latest commit information.
abf #3 - capstone arch interoperability Aug 20, 2015
binaries first commit Nov 23, 2014
helpers first commit Nov 23, 2014
.gitignore first commit Nov 23, 2014
README.md Fix readme Nov 25, 2014
setup.cfg Add elf flags Nov 23, 2014
setup.py first commit Nov 23, 2014

README.md

Abstract Binary Format

Manage your ELF, PE or Mach-O format as an abstraction or more specifically.

Install

$ sudo ./setup.py install

Example

Via the abstraction :

>>> from abf.abstract import *                                                                                                                                            
>>> binary = Abstract('/usr/bin/id')                                                                                                                                      

>>> binary.getFormat()
'ELF'
>>> hex(binary.getEntryPoint())
'0x4022bcL'

>>> binary = Abstract('./binaries/pe-Windows-x86-cmd')                                                                                                                    
>>> binary.getFormat()
'PE'
>>> hex(binary.getEntryPoint())
'0x4ad060dcL'

>>> binary = Abstract('./binaries/MachO-OSX-x86-ls')                                                                                                                      
>>> binary.getFormat()
'Mach-O'
>>> hex(binary.getEntryPoint())
'0x1708L'

>>> sectionsExec = binary.getExecSections()
>>> len(sectionsExec)
3
>>> for sect in sectionsExec:                                                                                                                                             
...     print hex(sect['vaddr'])                                                                                                                                          
... 
0x1708L
0x557cL
0x5750L

Or more specifically :

>>> binary = Abstract('/usr/bin/id')                                                                                                                                      
>>> elf = binary.getBinary()

>>> elf
<abf.elf.ELF instance at 0x7ff55c24c290>

>>> hex(elf.header.e_entry)
'0x4022bcL'

>>> shdrs = elf.shdrs
>>> for shdr in shdrs:                                                                                                                                                    
...     print hex(shdr.sh_addr)
... 
0x0L
0x400270L
0x40028cL
0x4002b0L
0x400570L
0x4005d0L
0x400c18L
0x400ebeL
0x400f48L
0x400f98L
0x401028L
0x4015b0L
0x4015d0L
0x401990L
0x40536cL
0x405380L
0x40648cL
0x4066f8L
0x607df8L
0x607e00L
0x607e08L
0x607e10L
0x607ff0L
0x608000L
0x608200L
0x6082a0L
0x0L

>>> binary = Abstract('./binaries/MachO-OSX-x86-ls')                                                                                                                      
>>> macho = binary.getBinary()
>>> macho
<abf.macho.MACHO instance at 0x7ff55c27bef0>
>>> macho.header.cpusubtype                                                                                                                                               
3L
>>> hex(macho.header.flags)                                                                                                                                               
'0x1200085L'
>>> 

Special thanks

  • Wannes Rombouts (wapiflapi) for python3 compatible.