elf.rst

ELF module

3.2.0

The ELF module is very similar to the pe-module, but for ELF files. This module exposes most of the fields present in an ELF header. Let's see some examples:

import "elf"

rule single_section
{
    condition:
        elf.number_of_sections == 1
}

rule elf_64
{
    condition:
        elf.machine == elf.EM_X86_64
}

Reference