Small utility that can parse 64bit ELF binaries. Created while reading the fantastic book "Learning Linux Binary Analysis" written by elfmaster.
Usage: elftool [opts] <file>
Opts: -h display this help
-a display the Elf Header, Program Header Table and Section Header Table
-e display the ELF Header
-p display the Program Header Table
-s display the Section Header Table
So, for example we can learn about the section header table of /bin/ls:
cyrill@0x00 ~/elftool > cargo run -- -s /bin/ls
Finished dev [unoptimized + debuginfo] target(s) in 0.01s
Running `target/debug/main -s /bin/ls`
Section Header Table of /bin/ls with 25 entires
Offset Size Link Flags Type
Address Entsize Info Align Name
0x0000000000000000 0x0000000000000000 0x0000000000000000 --------------- Section header table entry unused
0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x00000000000002a8 0x000000000000001c 0x0000000000000000 -a------------- Program data
0x00000000000002a8 0x0000000000000000 0x0000000000000000 0x0000000000000001 .interp
0x00000000000002c4 0x0000000000000020 0x0000000000000000 -a------------- Notes
0x00000000000002c4 0x0000000000000000 0x0000000000000000 0x0000000000000004 .note.ABI-tag
0x00000000000002e4 0x0000000000000024 0x0000000000000000 -a------------- Notes
0x00000000000002e4 0x0000000000000000 0x0000000000000000 0x0000000000000004 .note.gnu.build-id
0x0000000000000308 0x00000000000000c8 0x0000000000000005 -a------------- GNU-style hash table.
0x0000000000000308 0x0000000000000000 0x0000000000000000 0x0000000000000008 .gnu.hash
0x00000000000003d0 0x0000000000000c48 0x0000000000000006 -a------------- Dynamic linker symbol table
0x00000000000003d0 0x0000000000000018 0x0000000000000001 0x0000000000000008 .dynsym
0x0000000000001018 0x00000000000005ca 0x0000000000000000 -a------------- String table
0x0000000000001018 0x0000000000000000 0x0000000000000000 0x0000000000000001 .dynstr
0x00000000000015e2 0x0000000000000106 0x0000000000000005 -a------------- End OS-specific type
0x00000000000015e2 0x0000000000000002 0x0000000000000000 0x0000000000000002 .gnu.version
0x00000000000016e8 0x0000000000000070 0x0000000000000006 -a------------- Version needs section.
0x00000000000016e8 0x0000000000000000 0x0000000000000001 0x0000000000000008 .gnu.version_r
0x0000000000001758 0x0000000000001d28 0x0000000000000005 -a------------- Relocation entries with addends
0x0000000000001758 0x0000000000000018 0x0000000000000000 0x0000000000000008 .rela.dyn
0x0000000000004000 0x000000000000001b 0x0000000000000000 -ax------------ Program data
0x0000000000004000 0x0000000000000000 0x0000000000000000 0x0000000000000004 .init
0x0000000000004020 0x0000000000012763 0x0000000000000000 -ax------------ Program data
0x0000000000004020 0x0000000000000000 0x0000000000000000 0x0000000000000010 .text
0x0000000000016784 0x000000000000000d 0x0000000000000000 -ax------------ Program data
0x0000000000016784 0x0000000000000000 0x0000000000000000 0x0000000000000004 .fini
0x0000000000017000 0x0000000000005109 0x0000000000000000 -a------------- Program data
0x0000000000017000 0x0000000000000000 0x0000000000000000 0x0000000000000020 .rodata
0x000000000001c10c 0x00000000000008c4 0x0000000000000000 -a------------- Program data
0x000000000001c10c 0x0000000000000000 0x0000000000000000 0x0000000000000004 .eh_frame_hdr
0x000000000001c9d0 0x0000000000002df0 0x0000000000000000 -a------------- Program data
0x000000000001c9d0 0x0000000000000000 0x0000000000000000 0x0000000000000008 .eh_frame
0x0000000000020050 0x0000000000000008 0x0000000000000000 wa------------- Array of constructors
0x0000000000021050 0x0000000000000008 0x0000000000000000 0x0000000000000008 .init_array
0x0000000000020058 0x0000000000000008 0x0000000000000000 wa------------- Array of destructors
0x0000000000021058 0x0000000000000008 0x0000000000000000 0x0000000000000008 .fini_array
0x0000000000020060 0x0000000000000a38 0x0000000000000000 wa------------- Program data
0x0000000000021060 0x0000000000000000 0x0000000000000000 0x0000000000000020 .data.rel.ro
0x0000000000020a98 0x00000000000001c0 0x0000000000000006 wa------------- Dynamic linking information
0x0000000000021a98 0x0000000000000010 0x0000000000000000 0x0000000000000008 .dynamic
0x0000000000020c58 0x0000000000000398 0x0000000000000000 wa------------- Program data
0x0000000000021c58 0x0000000000000008 0x0000000000000000 0x0000000000000008 .got
0x0000000000021000 0x0000000000000268 0x0000000000000000 wa------------- Program data
0x0000000000022000 0x0000000000000000 0x0000000000000000 0x0000000000000020 .data
0x0000000000021268 0x00000000000012d8 0x0000000000000000 wa------------- Program space with no data (bss)
0x0000000000022280 0x0000000000000000 0x0000000000000000 0x0000000000000020 .bss
0x0000000000021268 0x0000000000000011 0x0000000000000000 ---ms---------- Program data
0x0000000000000000 0x0000000000000001 0x0000000000000000 0x0000000000000001 .comment
0x0000000000021279 0x00000000000000ed 0x0000000000000000 --------------- String table
0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000001 .shstrtab
Flags:
w SHF_WRITE Writable
a SHF_ALLOC Occupies memory during execution
x SHF_EXECINSTR Executable
m SHF_MERGE Might be merged
s SHF_STRINGS Contains nul-terminated strings
i SHF_INFO_LINK sh_info' contains SHT index
l SHF_LINK_ORDER Preserve order after combining
n SHF_OS_NONCONFORMING Non-standard OS specific handling
g SHF_GROUP Section is member of a group.
t SHF_TLS Section hold thread-local data.
c SHF_COMPRESSED Section with compressed data.
O SHF_MASKOS OS-specific.
P SHF_MASKPROC Processor-specific
o SHF_ORDERED Special ordering requirement
e SHF_EXCLUDE Section is excluded unless