看,宝藏就在那儿
在上一篇文章中,我们提到用按图索骥比喻库的初始化过程,那么现在有了地图,接下来的事情就是去寻找我们感兴趣的宝藏了。这个宝藏可能是一个ELF文件的程序文本段,也有可能是程序的某个不知名的代码段,这些都取决于你想要什么信息。我建议你去阅读ELF 的官方标准,那里边讲的比较清楚。
我这里只是实现了几个提取诸如:程序的大小端,能执行的CPU位数,程序的入口点,以及获得程序的所有节的编号和根据节的编号获取该节的详细信息。
提取信息:程序的大小端
1: long ELF_GetELFEnddian(SEF_ELFHEADER* pHandle)
2: {
3: long ret = 0;
4: SEF_ELFHEADER *handle = (SEF_ELFHEADER*)pHandle;
5: big_endding or litte_endding
6:
7: if(pHandle == NULL)
8: {
9: ret = -1;
10: }
11: else if(pHandle->nFlag_Data == 1)
12: {
13: ret = ELFDATA2LSB;
14: }
15: else if(pHandle->nFlag_Data == 2)
16: {
17: ret = ELFDATA2MSB;
18: }
19: else
20: {
21: ret = ELFDATANONE;
22: }
23: return ret;
24: }
可以看到输入之前初始化的elfheader二级数据管理句柄,返回这个elf文件的大小端信息。
提取信息:目标文件能执行的CPU位数
1: long ELF_GetELFMachine64(SEF_ELFHEADER_64 *pELF64Header, uint8_t *nMachine)
2: {
3: long ret=0;
4: *nMachine = 0;
5: //判断 CPU
6: if(pELF64Header == NULL)
7: {
8: ret = -1;
9: }
10: if(3 == pELF64Header->e_machine)
11: {
12: *nMachine = 1;
13: //printf("virtual program address: %p\n",pELF64Header->e_entry);
14: }
15: else if(62 == pELF64Header->e_machine)
16: {
17: *nMachine = 2;
18: }
19: else
20: {
21: *nMachine = 3;
22: }
23: return ret;
24: }
25:
26: long ELF_GetELFMachine32(SEF_ELFHEADER_32 *pELF32Header, uint8_t *nMachine)
27: {
28: long ret=0;
29: *nMachine = 0;
30: if(pELF32Header == NULL)
31: {
32: ret = -1;
33: }
34: //判断 CPU
35: if(3 == pELF32Header->e_machine)
36: {
37: *nMachine = 1;
38: //printf("virtual program address: %p\n",pELF32Header->e_entry);
39: }
40: else if(62 == pELF32Header->e_machine)
41: {
42: *nMachine = 2;
43: }
44: else
45: {
46: *nMachine = 3;
47: }
48: return ret;
49: }
这里展示 的两个函数分别对应着:32位和64位。
提取信息:目标程序的入口点
1: long ELF_GetEntry32(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
2: {
3: long ret=0;
4: uint64_t ProNum=0;
5: long nFlag = -1;
6: uint64_t i = 0;
7: uint64_t offset = 0;
8: if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
9: {
10: ret = -1;
11: goto ELF_ENTRY32;
12: }
13: /*deal 32bits elf file*/
14: SEF_ELFHEADER_32 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_32);
15: ProNum = pElfHeader->e_phnum;
16: *RVA = pElfHeader->e_entry;
17: SEF_PROHEADER_32 *pSegTabFind=NULL;
18: SEF_PROHEADER_32 *pSegTabUse=NULL;
19: uint64_t nItemNum = *RVA;
20: /*find the first load segment*/
21: for (i=0; i22: {
23: pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_32[i]);
24: if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))25: {
26: nFlag = i;
27: pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_32[nFlag]);
28: break;29: }
30: }
31: if (pSegTabUse != NULL)32: {
33: offset = nItemNum - pSegTabUse->p_vaddr;
34: *RAW = pSegTabUse->p_offset + offset;
35: }
36: else37: {
38: ret = -2;
39: goto ELF_ENTRY32;40: }
41: ELF_ENTRY32:
42: return ret;43: }
44:
45: long ELF_GetEntry64(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)46: {
47: long ret=0;48: uint64_t ProNum=0;
49: long nFlag = -1;50: uint64_t i = 0;
51: uint64_t offset = 0;
52: /*deal 32bits elf file*/53: if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)54: {
55: ret = -1;
56: goto ELF_ENTRY64;57: }
58: SEF_ELFHEADER_64 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_64);
59: ProNum = pElfHeader->e_phnum;
60: *RVA = pElfHeader->e_entry;
61:
62: SEF_PROHEADER_64 *pSegTabFind=NULL;
63: SEF_PROHEADER_64 *pSegTabUse=NULL;
64: uint64_t nItemNum = *RVA;
65: /*find the first load segment*/66: for (i=0; i67: {
68: pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_64[i]);
69: if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))70: {
71: nFlag = i;
72: pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_64[nFlag]);
73: break;74: }
75: }
76: if (pSegTabUse != NULL)77: {
78: offset = nItemNum - pSegTabUse->p_vaddr;
79: *RAW = pSegTabUse->p_offset + offset;
80: // printf("RAW is %d\n",*RAW);81: }
82: else83: {
84: ret = -2;
85: goto ELF_ENTRY64;86: }
87: ELF_ENTRY64:
88: return ret;89: }
展示的函数依然是分别对应着:32位和64位。
提取信息:获得目标程序所有节的编号
1: long ELF_GetSecInfo32(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
2: {
3: long ret = 0;
4: uint16_t SecNum = 0;
5: uint8_t i=0; //as temp circle num
6: SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
7: if(phandle->pS_SecHeader == NULL)
8: {
9: ret = -1;
10: goto getsecinfo_finish;
11: }
12: SEF_ELFHEADER_32 *pElfHeader32=&(handle->pS_ElfHeader->S_ElfHeader_32);
13: SEF_SECHEADER_32 *pSecHead32=NULL;
14:
15: SecNum = pElfHeader32->e_shnum;
16:
17: if(nIndex < 0 || nIndex > SecNum)
18: {
19: printf("Your input number is illegal!!\n");
20: ret = -2;
21: goto getsecinfo_finish;
22: }
23:
24: pSecHead32 = &(handle->pS_SecHeader->pS_SecHeader_32[nIndex]);
25:
26: ELF_GetSecName(handle,nIndex,pSecInfo);
27:
28: pSecInfo->nType = pSecHead32->sh_type;
29: pSecInfo->nAddr = pSecHead32->sh_addr;
30: pSecInfo->nflags = pSecHead32->sh_flags;
31: pSecInfo->nOffset = pSecHead32->sh_offset;
32: pSecInfo->nSize = pSecHead32->sh_size;
33: pSecInfo->nLink = pSecHead32->sh_link;
34: pSecInfo->nInfo = pSecHead32->sh_info;
35: pSecInfo->nAddralign = pSecHead32->sh_addralign;
36: pSecInfo->nEntsize = pSecHead32->sh_entsize;
37:
38: //printf("nFlags is =====%p\n",pSecInfo->nflags);
39: //ELF_GetSecftInfo(pSecInfo);
40: getsecinfo_finish:
41: return ret;
42: }
43:
44: long ELF_GetSecInfo64(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
45: {
46: long ret = 0;
47: uint16_t SecNum = 0;
48: uint8_t i=0; //as temp circle num
49: SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
50: if(phandle->pS_SecHeader == NULL)
51: {
52: ret = -1;
53: goto getsecinfo_finish;
54: }
55: SEF_ELFHEADER_64 *pElfHeader64=&(handle->pS_ElfHeader->S_ElfHeader_64);
56: SEF_SECHEADER_64 *pSecHead64=NULL;
57:
58: SecNum = pElfHeader64->e_shnum;
59:
60: if(nIndex < 0 || nIndex > SecNum)
61: {
62: printf("Your input number is illegal!!\n");
63: ret = -2;
64: goto getsecinfo_finish;
65: }
66: printf("--------------------------------");
67: pSecHead64 = &(handle->pS_SecHeader->pS_SecHeader_64[nIndex]);
68:
69: ELF_GetSecName(handle,nIndex,pSecInfo);
70:
71: pSecInfo->nType = pSecHead64->sh_type;
72: pSecInfo->nAddr = pSecHead64->sh_addr;
73: pSecInfo->nflags = pSecHead64->sh_flags;
74: pSecInfo->nOffset = pSecHead64->sh_offset;
75: pSecInfo->nSize = pSecHead64->sh_size;
76: pSecInfo->nLink = pSecHead64->sh_link;
77: pSecInfo->nInfo = pSecHead64->sh_info;
78: pSecInfo->nAddralign = pSecHead64->sh_addralign;
79: pSecInfo->nEntsize = pSecHead64->sh_entsize;
80:
81: //ELF_GetSecftInfo(pSecInfo);
82: getsecinfo_finish:
83: return ret;
84: }
实际上设计两个函数式为了保持目标文件的兼容性。
提取信息:根据节的编号获取该节的详细信息
1: long ELF_GetSecName(void *handle,int num,ELF_SECINFO *pElfInfo)
2: {
3: SEF_HEADSET * phandle = (SEF_HEADSET *)handle;
4: int ret = 0;
5: if((phandle==NULL) || (phandle->pS_ElfHeader == NULL) || (phandle->pS_SecHeader==NULL))
6: {
7: ret = -1;
8: goto GetOut;
9: }
10:
11: SEF_ELFHEADER * pElfHeaderTemp = phandle->pS_ElfHeader;
12: SEF_SECHEADER * pSecHeaderTemp = phandle->pS_SecHeader;
13: int Index = 0;
14:
15: //deal 32bits elf file
16: if(pElfHeaderTemp->nFlag_Bits == ELFCLASS32)
17: {
18: Index = pElfHeaderTemp->S_ElfHeader_32.e_shstrndx;
19:
20: //shstrname is the start address of the section name string section
21: char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_32[Index].sh_offset;
22: pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_32[num].sh_name;
23:
24:
25: }
26: //deal 64bits elf file
27: if(pElfHeaderTemp->nFlag_Bits == ELFCLASS64)
28: {
29: Index = pElfHeaderTemp->S_ElfHeader_64.e_shstrndx;
30:
31: //shstrname is the start address of the section name string section
32: char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_64[Index].sh_offset;
33: pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_64[num].sh_name;
34: }
35: GetOut:
36: return ret;
37: }
把整个源码文件也贴出来:
1: #include
2: #include<string.h>
3: #include
4: #include"elf_GetElfInfo.h"
5: #include"elf_interface.h"
6: #include"../../include/adt.h"
7:
8: long ELF_GetELFEnddian(SEF_ELFHEADER* pHandle)
9: {
10: long ret = 0;
11: SEF_ELFHEADER *handle = (SEF_ELFHEADER*)pHandle;
12: big_endding or litte_endding
13:
14: if(pHandle == NULL)
15: {
16: ret = -1;
17: }
18: else if(pHandle->nFlag_Data == 1)
19: {
20: ret = ELFDATA2LSB;
21: }
22: else if(pHandle->nFlag_Data == 2)
23: {
24: ret = ELFDATA2MSB;
25: }
26: else
27: {
28: ret = ELFDATANONE;
29: }
30: return ret;
31: }
32:
33: long ELF_GetELFMachine64(SEF_ELFHEADER_64 *pELF64Header, uint8_t *nMachine)
34: {
35: long ret=0;
36: *nMachine = 0;
37: //判断 CPU
38: if(pELF64Header == NULL)
39: {
40: ret = -1;
41: }
42: if(3 == pELF64Header->e_machine)
43: {
44: *nMachine = 1;
45: //printf("virtual program address: %p\n",pELF64Header->e_entry);
46: }
47: else if(62 == pELF64Header->e_machine)
48: {
49: *nMachine = 2;
50: }
51: else
52: {
53: *nMachine = 3;
54: }
55: return ret;
56: }
57:
58: long ELF_GetELFMachine32(SEF_ELFHEADER_32 *pELF32Header, uint8_t *nMachine)
59: {
60: long ret=0;
61: *nMachine = 0;
62: if(pELF32Header == NULL)
63: {
64: ret = -1;
65: }
66: //判断 CPU
67: if(3 == pELF32Header->e_machine)
68: {
69: *nMachine = 1;
70: //printf("virtual program address: %p\n",pELF32Header->e_entry);
71: }
72: else if(62 == pELF32Header->e_machine)
73: {
74: *nMachine = 2;
75: }
76: else
77: {
78: *nMachine = 3;
79: }
80: return ret;
81: }
82:
83: long ELF_GetEntry32(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
84: {
85: long ret=0;
86: uint64_t ProNum=0;
87: long nFlag = -1;
88: uint64_t i = 0;
89: uint64_t offset = 0;
90: if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
91: {
92: ret = -1;
93: goto ELF_ENTRY32;
94: }
95: /*deal 32bits elf file*/
96: SEF_ELFHEADER_32 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_32);
97: ProNum = pElfHeader->e_phnum;
98: *RVA = pElfHeader->e_entry;
99: SEF_PROHEADER_32 *pSegTabFind=NULL;
100: SEF_PROHEADER_32 *pSegTabUse=NULL;
101: uint64_t nItemNum = *RVA;
102: /*find the first load segment*/
103: for (i=0; i104: {
105: pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_32[i]);
106: if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))107: {
108: nFlag = i;
109: pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_32[nFlag]);
110: break;111: }
112: }
113: if (pSegTabUse != NULL)114: {
115: offset = nItemNum - pSegTabUse->p_vaddr;
116: *RAW = pSegTabUse->p_offset + offset;
117: }
118: else119: {
120: ret = -2;
121: goto ELF_ENTRY32;122: }
123: ELF_ENTRY32:
124: return ret;125: }
126:
127: long ELF_GetEntry64(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)128: {
129: long ret=0;130: uint64_t ProNum=0;
131: long nFlag = -1;132: uint64_t i = 0;
133: uint64_t offset = 0;
134: /*deal 32bits elf file*/135: if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)136: {
137: ret = -1;
138: goto ELF_ENTRY64;139: }
140: SEF_ELFHEADER_64 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_64);
141: ProNum = pElfHeader->e_phnum;
142: *RVA = pElfHeader->e_entry;
143:
144: SEF_PROHEADER_64 *pSegTabFind=NULL;
145: SEF_PROHEADER_64 *pSegTabUse=NULL;
146: uint64_t nItemNum = *RVA;
147: /*find the first load segment*/148: for (i=0; i149: {
150: pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_64[i]);
151: if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))152: {
153: nFlag = i;
154: pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_64[nFlag]);
155: break;156: }
157: }
158: if (pSegTabUse != NULL)159: {
160: offset = nItemNum - pSegTabUse->p_vaddr;
161: *RAW = pSegTabUse->p_offset + offset;
162: // printf("RAW is %d\n",*RAW);163: }
164: else165: {
166: ret = -2;
167: goto ELF_ENTRY64;168: }
169: ELF_ENTRY64:
170: return ret;171: }
172:
173: long ELF_GetSecInfo32(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)174: {
175: long ret = 0;176: uint16_t SecNum = 0;
177: uint8_t i=0; //as temp circle num178: SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
179: if(phandle->pS_SecHeader == NULL)180: {
181: ret = -1;
182: goto getsecinfo_finish;183: }
184: SEF_ELFHEADER_32 *pElfHeader32=&(handle->pS_ElfHeader->S_ElfHeader_32);
185: SEF_SECHEADER_32 *pSecHead32=NULL;
186:
187: SecNum = pElfHeader32->e_shnum;
188:
189: if(nIndex < 0 || nIndex > SecNum)190: {
191: printf("Your input number is illegal!!\n");192: ret = -2;
193: goto getsecinfo_finish;194: }
195:
196: pSecHead32 = &(handle->pS_SecHeader->pS_SecHeader_32[nIndex]);
197:
198: ELF_GetSecName(handle,nIndex,pSecInfo);
199:
200: pSecInfo->nType = pSecHead32->sh_type;
201: pSecInfo->nAddr = pSecHead32->sh_addr;
202: pSecInfo->nflags = pSecHead32->sh_flags;
203: pSecInfo->nOffset = pSecHead32->sh_offset;
204: pSecInfo->nSize = pSecHead32->sh_size;
205: pSecInfo->nLink = pSecHead32->sh_link;
206: pSecInfo->nInfo = pSecHead32->sh_info;
207: pSecInfo->nAddralign = pSecHead32->sh_addralign;
208: pSecInfo->nEntsize = pSecHead32->sh_entsize;
209:
210: //printf("nFlags is =====%p\n",pSecInfo->nflags);211: //ELF_GetSecftInfo(pSecInfo);212: getsecinfo_finish:
213: return ret;214: }
215:
216: long ELF_GetSecInfo64(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)217: {
218: long ret = 0;219: uint16_t SecNum = 0;
220: uint8_t i=0; //as temp circle num221: SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
222: if(phandle->pS_SecHeader == NULL)223: {
224: ret = -1;
225: goto getsecinfo_finish;226: }
227: SEF_ELFHEADER_64 *pElfHeader64=&(handle->pS_ElfHeader->S_ElfHeader_64);
228: SEF_SECHEADER_64 *pSecHead64=NULL;
229:
230: SecNum = pElfHeader64->e_shnum;
231:
232: if(nIndex < 0 || nIndex > SecNum)233: {
234: printf("Your input number is illegal!!\n");235: ret = -2;
236: goto getsecinfo_finish;237: }
238: printf("--------------------------------");239: pSecHead64 = &(handle->pS_SecHeader->pS_SecHeader_64[nIndex]);
240:
241: ELF_GetSecName(handle,nIndex,pSecInfo);
242:
243: pSecInfo->nType = pSecHead64->sh_type;
244: pSecInfo->nAddr = pSecHead64->sh_addr;
245: pSecInfo->nflags = pSecHead64->sh_flags;
246: pSecInfo->nOffset = pSecHead64->sh_offset;
247: pSecInfo->nSize = pSecHead64->sh_size;
248: pSecInfo->nLink = pSecHead64->sh_link;
249: pSecInfo->nInfo = pSecHead64->sh_info;
250: pSecInfo->nAddralign = pSecHead64->sh_addralign;
251: pSecInfo->nEntsize = pSecHead64->sh_entsize;
252:
253: //ELF_GetSecftInfo(pSecInfo);254: getsecinfo_finish:
255: return ret;256: }
257:
258: long ELF_GetSecName(void *handle,int num,ELF_SECINFO *pElfInfo)259: {
260: SEF_HEADSET * phandle = (SEF_HEADSET *)handle;
261: int ret = 0;262: if((phandle==NULL) || (phandle->pS_ElfHeader == NULL) || (phandle->pS_SecHeader==NULL))263: {
264: ret = -1;
265: goto GetOut;266: }
267:
268: SEF_ELFHEADER * pElfHeaderTemp = phandle->pS_ElfHeader;
269: SEF_SECHEADER * pSecHeaderTemp = phandle->pS_SecHeader;
270: int Index = 0;271:
272: //deal 32bits elf file273: if(pElfHeaderTemp->nFlag_Bits == ELFCLASS32)274: {
275: Index = pElfHeaderTemp->S_ElfHeader_32.e_shstrndx;
276:
277: //shstrname is the start address of the section name string section278: char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_32[Index].sh_offset;279: pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_32[num].sh_name;
280:
281:
282: }
283: //deal 64bits elf file284: if(pElfHeaderTemp->nFlag_Bits == ELFCLASS64)285: {
286: Index = pElfHeaderTemp->S_ElfHeader_64.e_shstrndx;
287:
288: //shstrname is the start address of the section name string section289: char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_64[Index].sh_offset;290: pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_64[num].sh_name;
291: }
292: GetOut:
293: return ret;294: }
最后给出.h头文件:1: #include"../../include/elf_type.h"2: #include "elf_interface.h"3: #include"../../include/adt.h"4:
5: #define ELF_FLAG_WRITE 0X16: #define ELF_FLAG_ALLOC 0X27: #define ELF_FLAG_EXECINSTR 0X48: #define ELF_FLAG_MERGE 0X109: #define ELF_FLAG_STRINGS 0X2010: #define ELF_FLAG_LINK 0X4011: #define ELF_FLAG_ORDER 0X8012: #define ELF_FLAG_NONCONFORMING 0X10013: #define ELF_FLAG_CROUP 0X20014: #define ELF_FLAG_MASKOS 0X0ff0000015: #define ELF_FLAG_MASKPROC 0Xf000000016:
17:
18: ///Get ELF's Enddian ///19: /*20: function : get ELF's enddian21: input : [in point] pHandle is Call InitElf will return handle22: result : ret ;23: -1 input point is NULL24: 0 ELFDATANONE can't decide which enddian25: 1 ELFDATA2LSB little enddian26: 2 ELFDATA2MSB big enddian27: */28: long ELF_GetELFEnddian(SEF_ELFHEADER *pHandle);29:
30:
31:
32:
33: //Get ELF's Machine/34: /*35: funtinon: decide ELF's Machine when class is 64_class36: input:37: result: 0 success38: -5 can not decide which Machine it is39: readme: nEndding: 1 liteld+ending ; 2 big-edding40: nMachine: 1 Intel 0x386 CPU ,2 AMD 64 CPU41: nELFType: 1 ET_REL ; 2 ET_EXEC ; 3 ET_DYN ; 0 it's not ELF type42: */43: long ELF_GetELFMachine64(SEF_ELFHEADER_64 *pELF64Header, uint8_t *nMachine);44:
45: /*46: funtinon: decide ELF's Machine when class is 32_class47: input:48: result: 0 success49: -5 can not decide which Machine it is50: readme: nEndding: 1 little_endding ; 2 big_endding51: nMachine: 1 Intel 0x386 CPU , 2 AMD 64 CPU52: nELFType: 1 ET_REL ; 2 ET_EXEC ;3 ET_DYN ; 0 it's not ELF type53: */54: long ELF_GetELFMachine32(SEF_ELFHEADER_32 *pELF32Header, uint8_t *nMachine);55:
56: /Get ELF's Entry57: /*58: function: Get know Program exev begin point 's virtual Address --- RVA and Physics Offset---RAW59: input: [int point] Common struct include pS_ElfHeader Struct and Program Struct60: [int/out point] RAW61: result: ret = 0; success62: ret = -1; input point is NULL63: ret = -2 can't find which program table has the first command64: readme:65: */66: long ELF_GetEntry32(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA);67:
68: /*69: function: Get know Program exev begin point 's virtual Address --- RVA and Physics Offset---RAW70: input: [int point] Common struct include pS_ElfHeader Struct and Program Struct71: [int/out point] RAW72: result: ret = 0; success73: ret = -1; input point is NULL74: ret = -2 can't find which program table has the first command75: readme:76: */77: long ELF_GetEntry64(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA);78:
79: long ELF_GetSecInfo32(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo);80:
81: long ELF_GetSecInfo64(SEF_HEADSET*phandle,uint32_t nIndex,ELF_SECINFO *pElfSecInfo);82:
83:
84: /*85: *function : Get know Program exec begin point's virtual Address ---RVA and Physics Offset---RAW86: *input ; [int point] pHandle is CAll InitELF will return handle ,pAddressHandle from InitAddressELF87: [in/out point] RAW and RVA88: *result ; ret==0; success89: ret==-1; input point is illegal90: ret==-2; can't find which Program table has the first command91: `readme :92: *93: * */94: //long ELF_GetEntry(void *handle, uint64_t *RAW, uint64_t *RVA);95:
96: //Get ELF's ALL Information97: /*98: funtinon: Get ELF bit, machine, bigendding99: input: [in point] pHandle is Call InitELF will return handle100: [in/out poing] ELFInfo struct point, recfrese Buf.h101: result: 0 success102: -1 input point is null103: -2 length is too short or it's firt four bits don't fit ELF style so it's not ELF style104:
105: readme: InitElF , handle Call InitELF()106: output bIsElfStyle TURE elf文件 ;FALSE 非elf文件107: nEndding: 1 little_endding ; 2 big_endding ;3 can't decide which enddian108: nClass : 1 32_class ; 2 64_class ;3 can't decide which class109: nMachine: 1 Intel 0x386 CPU ;2 AMD 64 CPU;3 can't decide which class110: */111: //long ELF_GetElfHeaderInfo(void *pHandle,ELF_HEADERINFO *pElfInfo);112:
113:
114:
115: long ELF_GetSecName(void *handle,int num,ELF_SECINFO *pSecInfo);116: