staticdep is a python tool to compute the dependencies among object files of a static library (.a). It has been created for the Forensics course at EURECOM during May 2018.
Clone this repository wherever you want:
git clone https://github.com/ojroques/staticdep.gitThere are two python scripts:
- staticdep.py: analyze a static library and save the result into a JSON file
- parsejson.py: parse the JSON analysis result and print useful information
To get help, you can use the option -h:
python3 staticdep.py -hpython3 parsejson.py -h
Note that those two tools have been implemented using python 3.6 on a Linux machine. Tests show that they run fine with python 2.7 but you should favor python 3+ anyway.
To run the analysis on a static library libfoo.a (by default, the result is saved as libfoo.json where libfoo.a is located):
python3 staticdep.py libfoo.aYou can specify the output file with option -o:
python3 staticdep.py libfoo.a -o foo.jsonA summary of the dependencies is printed when option -s is set:
python3 staticdep.py libfoo.a -sBy default, parsejson.py prints object files listed in the static library that do not depend on any others. If analysis result is stored as libfoo.json:
python3 parsejson.py libfoo.jsonYou can also verify that a list of object files (in a separate txt file, one filename per line) is complete i.e. that there are no missing dependencies:
python3 parsejson.py libfoo.json -v object_listIf the static library contains any empty object files, you can print them with:
python3 parsejson.py libfoo.json -eHere is a sample of a JSON analysis result:
{
"slib_analysis": true,
"Static library": "libtest.a",
"Content": {
"file111.o": {
"Dependencies": [
"file11.o"
],
"Defined symbols": [
"printGreetings"
],
"Unresolved local symbols": [
{
"printName": "file11.o"
}
],
"Unresolved global symbols": [
"GLOBAL_OFFSET_TABLE",
"puts"
]
},
"file11.o": "EMPTY"
}
}It contains 3 main fields:
slib_analysisis there to indicate that this file is the result of an analysis fromstaticdep.pyStatic libraryholds the name of the static library that has been analyzedContentlists each object file present in the static library
Then in Content, for each object file foo.o:
- If no symbol has been found, the object file is labelled EMPTY
Dependenciesis the list of object files from whichfoo.odepends onDefined symbolsis the list of symbols defined infoo.oUnresolved local symbolslists symbols that are not defined infoo.obut are present in other object files from the static libraryUnresolved global symbolslists symbols that are not defined infoo.onor in other object files from the static library
A static library libtest.a to test the tools is provided in test/. It contains 5 object files:
file1.ohas no dependencyfile11.oandfile12.oboth depend onfile1.ofile111.odepends onfile11.ofile1X2.odepends onfile11.oandfile12.o
You can use the bash script test/runtest.sh to test all options at once. Below are some screenshots of the results.
The tools have been tested on several popular static libraries. JSON results can be found in test/results. Here is a recap chart:
| Object files | Local symbols | Independent objects | Empty objects | |
|---|---|---|---|---|
| libc.a | 1690 | 3684 | 247 (15%) | 84 (5%) |
| libcrypt.a | 9 | 40 | 4 (44%) | 0 |
| libpthread.a | 200 | 448 | 102 (51%) | 20 (10%) |
| libutil.a | 6 | 6 | 5 (83%) | 0 |
| libresolv.a | 9 | 9 | 9 (100%) | 0 |
| librt.a | 30 | 64 | 13 (43%) | 4 (12%) |
| libnsl.a | 39 | 146 | 6 (15%) | 0 |
| libdl.a | 9 | 9 | 9 (100%) | 0 |