<a href="https://colab.research.google.com/github/ericyoc/elf-files-exe-lib-obj-info-poc/blob/main/elf_files_exe_lib_obj_info_poc.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [1]:
import struct
import prettytable

In [2]:
# ELF header structure
def create_elf_header(bits, file_type):
    if bits == 32:
        if file_type == "executable":
            return struct.pack('<16sHHIIIIIHHHHHH',
                b'\x7fELF' + bytes([1, 1, 1, 0, 0]) + b'\x00' * 7,  # e_ident (including EI_CLASS, EI_DATA, EI_VERSION, EI_OSABI, EI_ABIVERSION, and padding)
                2,               # e_type (ET_EXEC)
                3,               # e_machine (EM_386)
                1,               # e_version (EV_CURRENT)
                0x1000,          # e_entry
                52,              # e_phoff
                0,               # e_shoff
                0,               # e_flags
                52,              # e_ehsize
                32,              # e_phentsize
                1,               # e_phnum
                40,              # e_shentsize
                0,               # e_shnum
                0                # e_shstrndx
            ), b"This is a 32-bit executable ELF file."
        elif file_type == "shared":
            return struct.pack('<16sHHIIIIIHHHHHH',
                b'\x7fELF' + bytes([1, 1, 1, 0, 0]) + b'\x00' * 7,  # e_ident (including EI_CLASS, EI_DATA, EI_VERSION, EI_OSABI, EI_ABIVERSION, and padding)
                3,               # e_type (ET_DYN)
                3,               # e_machine (EM_386)
                1,               # e_version (EV_CURRENT)
                0,               # e_entry
                52,              # e_phoff
                0,               # e_shoff
                0,               # e_flags
                52,              # e_ehsize
                32,              # e_phentsize
                1,               # e_phnum
                40,              # e_shentsize
                0,               # e_shnum
                0                # e_shstrndx
            ), b"This is a 32-bit shared library ELF file."
        elif file_type == "object":
            return struct.pack('<16sHHIIIIIHHHHHH',
                b'\x7fELF' + bytes([1, 1, 1, 0, 0]) + b'\x00' * 7,  # e_ident (including EI_CLASS, EI_DATA, EI_VERSION, EI_OSABI, EI_ABIVERSION, and padding)
                1,               # e_type (ET_REL)
                3,               # e_machine (EM_386)
                1,               # e_version (EV_CURRENT)
                0,               # e_entry
                0,               # e_phoff
                0,               # e_shoff
                0,               # e_flags
                52,              # e_ehsize
                32,              # e_phentsize
                0,               # e_phnum
                40,              # e_shentsize
                0,               # e_shnum
                0                # e_shstrndx
            ), b"This is a 32-bit object ELF file."
    elif bits == 64:
        if file_type == "executable":
            return struct.pack('<16sHHIQQQIHHHHHH',
                b'\x7fELF' + bytes([2, 1, 1, 0, 0]) + b'\x00' * 7,  # e_ident (including EI_CLASS, EI_DATA, EI_VERSION, EI_OSABI, EI_ABIVERSION, and padding)
                2,               # e_type (ET_EXEC)
                62,              # e_machine (EM_X86_64)
                1,               # e_version (EV_CURRENT)
                0x1000,          # e_entry
                64,              # e_phoff
                0,               # e_shoff
                0,               # e_flags
                64,              # e_ehsize
                56,              # e_phentsize
                1,               # e_phnum
                64,              # e_shentsize
                0,               # e_shnum
                0                # e_shstrndx
            ), b"This is a 64-bit executable ELF file."
        elif file_type == "shared":
            return struct.pack('<16sHHIQQQIHHHHHH',
                b'\x7fELF' + bytes([2, 1, 1, 0, 0]) + b'\x00' * 7,  # e_ident (including EI_CLASS, EI_DATA, EI_VERSION, EI_OSABI, EI_ABIVERSION, and padding)
                3,               # e_type (ET_DYN)
                62,              # e_machine (EM_X86_64)
                1,               # e_version (EV_CURRENT)
                0,               # e_entry
                64,              # e_phoff
                0,               # e_shoff
                0,               # e_flags
                64,              # e_ehsize
                56,              # e_phentsize
                1,               # e_phnum
                64,              # e_shentsize
                0,               # e_shnum
                0                # e_shstrndx
            ), b"This is a 64-bit shared library ELF file."
        elif file_type == "object":
            return struct.pack('<16sHHIQQQIHHHHHH',
                b'\x7fELF' + bytes([2, 1, 1, 0, 0]) + b'\x00' * 7,  # e_ident (including EI_CLASS, EI_DATA, EI_VERSION, EI_OSABI, EI_ABIVERSION, and padding)
                1,               # e_type (ET_REL)
                62,              # e_machine (EM_X86_64)
                1,               # e_version (EV_CURRENT)
                0,               # e_entry
                0,               # e_phoff
                0,               # e_shoff
                0,               # e_flags
                64,              # e_ehsize
                56,              # e_phentsize
                0,               # e_phnum
                64,              # e_shentsize
                0,               # e_shnum
                0                # e_shstrndx
            ), b"This is a 64-bit object ELF file."

In [3]:
# Program header structure
def create_program_header(bits):
    if bits == 32:
        return struct.pack('<IIIIIIII',
            1,               # type (PT_LOAD)
            0,               # offset
            0x1000,          # vaddr
            0x1000,          # paddr
            0x1000,          # filesz
            0x1000,          # memsz
            7,               # flags (PF_R | PF_W | PF_X)
            0x1000           # align
        )
    elif bits == 64:
        return struct.pack('<IIQQQQQQ',
            1,               # type (PT_LOAD)
            7,               # flags (PF_R | PF_W | PF_X)
            0,               # offset
            0x1000,          # vaddr
            0x1000,          # paddr
            0x1000,          # filesz
            0x1000,          # memsz
            0x1000           # align
        )

In [4]:
# Save ELF file
def save_elf_file(filename, elf_header, program_header, string_data):
    with open(filename, 'wb') as f:
        f.write(elf_header)
        f.write(program_header)
        f.write(string_data)
    print(f"ELF file created and saved as '{filename}'.")

In [5]:
# Open and parse ELF file
def parse_elf_file(filename, bits):
    with open(filename, 'rb') as f:
        elf_data = f.read()

        if bits == 32:
            # ELF header
            elf_header = struct.unpack('<16sHHIIIIIHHHHHH', elf_data[:52])
            # Program header
            program_header = struct.unpack('<IIIIIIII', elf_data[52:52+32])
            # String data
            string_data = elf_data[84:].decode('utf-8')
        elif bits == 64:
            # ELF header
            elf_header = struct.unpack('<16sHHIQQQIHHHHHH', elf_data[:64])
            # Program header
            program_header = struct.unpack('<IIQQQQQQ', elf_data[64:64+56])
            # String data
            string_data = elf_data[120:].decode('utf-8')

        return elf_header, program_header, string_data

In [6]:
# Print ELF header
def print_elf_header(elf_header, bits, file_type):
    e_ident = elf_header[0]
    elf_header_table = prettytable.PrettyTable()
    elf_header_table.field_names = ["Field", "Value", "Description"]
    elf_header_table.add_row(["Magic", e_ident[:4], "ELF Magic Number"])
    elf_header_table.add_row(["Class", e_ident[4], f"{1 if bits == 32 else 2}=ELF{bits}"])
    elf_header_table.add_row(["Data", e_ident[5], "1=Little Endian"])
    elf_header_table.add_row(["Version", e_ident[6], "1=Current"])
    elf_header_table.add_row(["OS/ABI", e_ident[7], "0=System V"])
    elf_header_table.add_row(["ABI Version", e_ident[8], e_ident[8]])
    elf_header_table.add_row(["Type", elf_header[1], f"{elf_header[1]}={file_type}"])
    elf_header_table.add_row(["Machine", elf_header[2], "3=386" if bits == 32 else "62=x86_64"])
    elf_header_table.add_row(["Version", hex(elf_header[3]), elf_header[3]])
    elf_header_table.add_row(["Entry point address", hex(elf_header[4]), elf_header[4]])
    elf_header_table.add_row(["Program header offset", elf_header[5] if bits == 32 else elf_header[5], elf_header[5]])
    elf_header_table.add_row(["Section header offset", elf_header[6] if bits == 32 else elf_header[6], elf_header[6]])
    elf_header_table.add_row(["Flags", elf_header[7] if bits == 32 else elf_header[7], elf_header[7]])
    elf_header_table.add_row(["Size of this header", elf_header[8] if bits == 32 else elf_header[8], elf_header[8]])
    elf_header_table.add_row(["Size of program headers", elf_header[9] if bits == 32 else elf_header[9], elf_header[9]])
    elf_header_table.add_row(["Number of program headers", elf_header[10] if bits == 32 else elf_header[10], elf_header[10]])
    elf_header_table.add_row(["Size of section headers", elf_header[11] if bits == 32 else elf_header[11], elf_header[11]])
    elf_header_table.add_row(["Number of section headers", elf_header[12] if bits == 32 else elf_header[12], elf_header[12]])
    elf_header_table.add_row(["Section header string table index", elf_header[13] if bits == 32 else elf_header[13], elf_header[13]])
    print(elf_header_table)

In [7]:
# Print program header
def print_program_header(program_header, bits):
    program_header_table = prettytable.PrettyTable()
    program_header_table.field_names = ["Field", "Value (Hex)", "Value (Decimal)", "Description"]
    if bits == 32:
        program_header_table.add_row(["Type", hex(program_header[0]), program_header[0], "Type of segment"])
        program_header_table.add_row(["Offset", hex(program_header[1]), program_header[1], "Offset in the file"])
        program_header_table.add_row(["Virtual Address", hex(program_header[2]), program_header[2], "Virtual address in memory"])
        program_header_table.add_row(["Physical Address", hex(program_header[3]), program_header[3], "Physical address in memory"])
        program_header_table.add_row(["File Size", hex(program_header[4]), program_header[4], "Size of the segment in the file"])
        program_header_table.add_row(["Memory Size", hex(program_header[5]), program_header[5], "Size of the segment in memory"])
        program_header_table.add_row(["Flags", hex(program_header[6]), program_header[6], "Segment flags (permissions)"])
        program_header_table.add_row(["Alignment", hex(program_header[7]), program_header[7], "Alignment of the segment"])
    elif bits == 64:
        program_header_table.add_row(["Type", hex(program_header[0]), program_header[0], "Type of segment"])
        program_header_table.add_row(["Flags", hex(program_header[1]), program_header[1], "Segment flags (permissions)"])
        program_header_table.add_row(["Offset", hex(program_header[2]), program_header[2], "Offset in the file"])
        program_header_table.add_row(["Virtual Address", hex(program_header[3]), program_header[3], "Virtual address in memory"])
        program_header_table.add_row(["Physical Address", hex(program_header[4]), program_header[4], "Physical address in memory"])
        program_header_table.add_row(["File Size", hex(program_header[5]), program_header[5], "Size of the segment in the file"])
        program_header_table.add_row(["Memory Size", hex(program_header[6]), program_header[6], "Size of the segment in memory"])
        program_header_table.add_row(["Alignment", hex(program_header[7]), program_header[7], "Alignment of the segment"])
    print(program_header_table)

In [8]:
# Print string data
def print_string_data(string_data):
    print(f"\nString Data:")
    print(string_data)

In [9]:
def main():
    # Create and save ELF files
    for bits in [32, 64]:
        for file_type in ["executable", "shared", "object"]:
            elf_header, description = create_elf_header(bits, file_type)
            program_header = create_program_header(bits)
            filename = f"{file_type}_{bits}.bin"
            save_elf_file(filename, elf_header, program_header, description)

    # Open and parse ELF files
    for bits in [32, 64]:
        for file_type in ["executable", "shared", "object"]:
            filename = f"{file_type}_{bits}.bin"
            elf_header, program_header, string_data = parse_elf_file(filename, bits)
            print(f"\nParsed ELF Header for {filename}:")
            print_elf_header(elf_header, bits, file_type)
            print(f"\nParsed Program Header for {filename}:")
            print_program_header(program_header, bits)
            print(f"\nString Data for {filename}:\n{string_data}")

In [10]:
if __name__ == '__main__':
    main()

ELF file created and saved as 'executable_32.bin'.
ELF file created and saved as 'shared_32.bin'.
ELF file created and saved as 'object_32.bin'.
ELF file created and saved as 'executable_64.bin'.
ELF file created and saved as 'shared_64.bin'.
ELF file created and saved as 'object_64.bin'.

Parsed ELF Header for executable_32.bin:
+-----------------------------------+------------+------------------+
|               Field               |   Value    |   Description    |
+-----------------------------------+------------+------------------+
|               Magic               | b'\x7fELF' | ELF Magic Number |
|               Class               |     1      |     1=ELF32      |
|                Data               |     1      | 1=Little Endian  |
|              Version              |     1      |    1=Current     |
|               OS/ABI              |     0      |    0=System V    |
|            ABI Version            |     0      |        0         |
|                Type               | 