ELF格式解析库之提取信息

看,宝藏就在那儿

在上一篇文章中,我们提到用按图索骥比喻库的初始化过程,那么现在有了地图,接下来的事情就是去寻找我们感兴趣的宝藏了。这个宝藏可能是一个ELF文件的程序文本段,也有可能是程序的某个不知名的代码段,这些都取决于你想要什么信息。我建议你去阅读ELF 的官方标准,那里边讲的比较清楚。

我这里只是实现了几个提取诸如:程序的大小端,能执行的CPU位数,程序的入口点,以及获得程序的所有节的编号和根据节的编号获取该节的详细信息。

提取信息:程序的大小端

   1:  long ELF_GetELFEnddian(SEF_ELFHEADER* pHandle)
   2:  {
     
   3:      long ret = 0;
   4:      SEF_ELFHEADER *handle = (SEF_ELFHEADER*)pHandle;
   5:       big_endding or litte_endding
   6:   
   7:      if(pHandle == NULL)
   8:      {
     
   9:          ret = -1;
  10:      }
  11:      else if(pHandle->nFlag_Data == 1)
  12:      {
     
  13:          ret = ELFDATA2LSB;
  14:      }
  15:      else if(pHandle->nFlag_Data == 2)
  16:      {
     
  17:          ret = ELFDATA2MSB;
  18:      }
  19:      else
  20:      {
     
  21:          ret = ELFDATANONE;
  22:      }
  23:      return ret;
  24:  }

可以看到输入之前初始化的elfheader二级数据管理句柄,返回这个elf文件的大小端信息。

提取信息:目标文件能执行的CPU位数

   1:  long ELF_GetELFMachine64(SEF_ELFHEADER_64 *pELF64Header, uint8_t *nMachine)
   2:  {
     
   3:      long ret=0;
   4:      *nMachine = 0;
   5:      //判断 CPU
   6:      if(pELF64Header == NULL)
   7:      {
     
   8:          ret = -1;
   9:      }
  10:      if(3 == pELF64Header->e_machine)
  11:      {
     
  12:          *nMachine = 1;
  13:          //printf("virtual program address:    %p\n",pELF64Header->e_entry);
  14:      }
  15:      else if(62 == pELF64Header->e_machine)
  16:      {
     
  17:          *nMachine = 2;
  18:      }
  19:      else
  20:      {
     
  21:          *nMachine = 3;
  22:      }
  23:      return ret;
  24:  }
  25:   
  26:  long ELF_GetELFMachine32(SEF_ELFHEADER_32 *pELF32Header, uint8_t *nMachine)
  27:  {
     
  28:      long ret=0;
  29:      *nMachine = 0;
  30:      if(pELF32Header == NULL)
  31:      {
     
  32:          ret = -1;
  33:      }
  34:      //判断 CPU
  35:      if(3 == pELF32Header->e_machine)
  36:      {
     
  37:          *nMachine = 1;
  38:          //printf("virtual program address:    %p\n",pELF32Header->e_entry);
  39:      }
  40:      else if(62 == pELF32Header->e_machine)
  41:      {
     
  42:          *nMachine = 2;
  43:      }
  44:      else
  45:      {
     
  46:          *nMachine = 3;
  47:      }
  48:      return ret;
  49:  }

这里展示 的两个函数分别对应着:32位和64位。

提取信息:目标程序的入口点

   1:  long ELF_GetEntry32(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
   2:  {
     
   3:      long ret=0;
   4:      uint64_t ProNum=0;
   5:      long nFlag = -1;
   6:      uint64_t i = 0;
   7:      uint64_t offset = 0;
   8:      if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
   9:      {
     
  10:          ret = -1;
  11:          goto ELF_ENTRY32;
  12:      }    
  13:      /*deal 32bits elf file*/
  14:      SEF_ELFHEADER_32 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_32);
  15:      ProNum = pElfHeader->e_phnum;
  16:      *RVA   =  pElfHeader->e_entry;
  17:      SEF_PROHEADER_32 *pSegTabFind=NULL;
  18:      SEF_PROHEADER_32 *pSegTabUse=NULL;    
  19:      uint64_t nItemNum = *RVA;
  20:      /*find the first load segment*/
  21:      for (i=0; i 
    
  22:      {
     
  23:          pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_32[i]);
  24:          if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))
  25:          {
     
  26:              nFlag = i;
  27:              pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_32[nFlag]);
  28:              break;
  29:          }
  30:      }
  31:      if (pSegTabUse != NULL)
  32:      {
     
  33:          offset = nItemNum - pSegTabUse->p_vaddr;
  34:          *RAW = pSegTabUse->p_offset + offset;
  35:      }
  36:      else
  37:      {
     
  38:          ret = -2;
  39:          goto ELF_ENTRY32;
  40:      }
  41:  ELF_ENTRY32:
  42:      return ret;
  43:  }
  44:   
  45:  long ELF_GetEntry64(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
  46:  {
     
  47:      long ret=0;
  48:      uint64_t ProNum=0;
  49:      long nFlag = -1;
  50:      uint64_t i = 0;
  51:      uint64_t offset = 0;    
  52:      /*deal 32bits elf file*/
  53:      if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
  54:      {
     
  55:          ret = -1;
  56:          goto ELF_ENTRY64;
  57:      }
  58:      SEF_ELFHEADER_64 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_64);
  59:      ProNum = pElfHeader->e_phnum;
  60:      *RVA   =  pElfHeader->e_entry;
  61:      
  62:      SEF_PROHEADER_64 *pSegTabFind=NULL;
  63:      SEF_PROHEADER_64 *pSegTabUse=NULL;    
  64:      uint64_t nItemNum = *RVA;
  65:      /*find the first load segment*/
  66:      for (i=0; i 
    
  67:      {
     
  68:      pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_64[i]);
  69:      if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))
  70:          {
     
  71:              nFlag = i;
  72:              pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_64[nFlag]);
  73:              break;
  74:          }
  75:      }
  76:      if (pSegTabUse != NULL)
  77:      {
     
  78:          offset = nItemNum - pSegTabUse->p_vaddr;
  79:          *RAW = pSegTabUse->p_offset + offset;
  80:      //    printf("RAW is %d\n",*RAW);
  81:      }
  82:      else
  83:      {
     
  84:          ret = -2;
  85:          goto ELF_ENTRY64;
  86:      }
  87:  ELF_ENTRY64:
  88:      return ret;
  89:  }

展示的函数依然是分别对应着:32位和64位。

提取信息:获得目标程序所有节的编号

   1:  long ELF_GetSecInfo32(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
   2:  {
     
   3:      long ret = 0;
   4:      uint16_t SecNum = 0;
   5:      uint8_t i=0;        //as temp circle num
   6:      SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
   7:      if(phandle->pS_SecHeader == NULL)
   8:      {
     
   9:          ret = -1;
  10:          goto getsecinfo_finish;        
  11:      }
  12:      SEF_ELFHEADER_32 *pElfHeader32=&(handle->pS_ElfHeader->S_ElfHeader_32);
  13:      SEF_SECHEADER_32 *pSecHead32=NULL;
  14:      
  15:      SecNum = pElfHeader32->e_shnum;
  16:   
  17:      if(nIndex < 0 || nIndex > SecNum)
  18:      {
     
  19:          printf("Your input number is illegal!!\n");
  20:          ret = -2;
  21:          goto getsecinfo_finish;        
  22:      }
  23:   
  24:      pSecHead32 = &(handle->pS_SecHeader->pS_SecHeader_32[nIndex]);
  25:   
  26:      ELF_GetSecName(handle,nIndex,pSecInfo);
  27:   
  28:      pSecInfo->nType = pSecHead32->sh_type;
  29:      pSecInfo->nAddr = pSecHead32->sh_addr;
  30:      pSecInfo->nflags = pSecHead32->sh_flags;
  31:      pSecInfo->nOffset = pSecHead32->sh_offset;
  32:      pSecInfo->nSize = pSecHead32->sh_size;
  33:      pSecInfo->nLink = pSecHead32->sh_link;
  34:      pSecInfo->nInfo = pSecHead32->sh_info;
  35:      pSecInfo->nAddralign = pSecHead32->sh_addralign;
  36:      pSecInfo->nEntsize = pSecHead32->sh_entsize;        
  37:      
  38:      //printf("nFlags is =====%p\n",pSecInfo->nflags);
  39:      //ELF_GetSecftInfo(pSecInfo);    
  40:  getsecinfo_finish:
  41:      return ret;
  42:  }
  43:   
  44:  long ELF_GetSecInfo64(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
  45:  {
     
  46:      long ret = 0;
  47:      uint16_t SecNum = 0;
  48:      uint8_t i=0;        //as temp circle num
  49:      SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
  50:      if(phandle->pS_SecHeader == NULL)
  51:      {
     
  52:          ret = -1;
  53:          goto getsecinfo_finish;        
  54:      }
  55:      SEF_ELFHEADER_64 *pElfHeader64=&(handle->pS_ElfHeader->S_ElfHeader_64);
  56:      SEF_SECHEADER_64 *pSecHead64=NULL;
  57:   
  58:      SecNum = pElfHeader64->e_shnum;
  59:   
  60:      if(nIndex < 0 || nIndex > SecNum)
  61:      {
     
  62:          printf("Your input number is illegal!!\n");
  63:          ret = -2;
  64:          goto getsecinfo_finish;        
  65:      }
  66:      printf("--------------------------------");
  67:      pSecHead64 = &(handle->pS_SecHeader->pS_SecHeader_64[nIndex]);
  68:          
  69:      ELF_GetSecName(handle,nIndex,pSecInfo);
  70:   
  71:      pSecInfo->nType = pSecHead64->sh_type;
  72:      pSecInfo->nAddr = pSecHead64->sh_addr;
  73:      pSecInfo->nflags = pSecHead64->sh_flags;
  74:      pSecInfo->nOffset = pSecHead64->sh_offset;
  75:      pSecInfo->nSize = pSecHead64->sh_size;
  76:      pSecInfo->nLink = pSecHead64->sh_link;
  77:      pSecInfo->nInfo = pSecHead64->sh_info;
  78:      pSecInfo->nAddralign = pSecHead64->sh_addralign;
  79:      pSecInfo->nEntsize = pSecHead64->sh_entsize;        
  80:   
  81:      //ELF_GetSecftInfo(pSecInfo);
  82:  getsecinfo_finish:
  83:      return ret;
  84:  }

实际上设计两个函数式为了保持目标文件的兼容性。

提取信息:根据节的编号获取该节的详细信息

   1:  long ELF_GetSecName(void *handle,int num,ELF_SECINFO *pElfInfo)
   2:  {
     
   3:      SEF_HEADSET * phandle = (SEF_HEADSET *)handle;
   4:      int ret = 0;
   5:      if((phandle==NULL) || (phandle->pS_ElfHeader == NULL) || (phandle->pS_SecHeader==NULL))
   6:      {
     
   7:          ret = -1;
   8:          goto GetOut;
   9:      }
  10:      
  11:      SEF_ELFHEADER * pElfHeaderTemp = phandle->pS_ElfHeader;
  12:      SEF_SECHEADER * pSecHeaderTemp = phandle->pS_SecHeader;
  13:      int Index = 0;
  14:      
  15:      //deal 32bits elf file
  16:      if(pElfHeaderTemp->nFlag_Bits == ELFCLASS32)
  17:      {
     
  18:          Index = pElfHeaderTemp->S_ElfHeader_32.e_shstrndx;    
  19:          
  20:          //shstrname is the start address of the section name string section
  21:          char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_32[Index].sh_offset;
  22:          pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_32[num].sh_name;
  23:   
  24:              
  25:      }
  26:      //deal 64bits elf file
  27:      if(pElfHeaderTemp->nFlag_Bits == ELFCLASS64)
  28:      {
     
  29:          Index = pElfHeaderTemp->S_ElfHeader_64.e_shstrndx;    
  30:          
  31:          //shstrname is the start address of the section name string section
  32:          char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_64[Index].sh_offset;
  33:          pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_64[num].sh_name;
  34:      }
  35:  GetOut:
  36:      return ret;
  37:  }

把整个源码文件也贴出来:

   1:  #include
   2:  #include<string.h>
   3:  #include
   4:  #include"elf_GetElfInfo.h"
   5:  #include"elf_interface.h"
   6:  #include"../../include/adt.h"
   7:   
   8:  long ELF_GetELFEnddian(SEF_ELFHEADER* pHandle)
   9:  {
      
  10:      long ret = 0;
  11:      SEF_ELFHEADER *handle = (SEF_ELFHEADER*)pHandle;
  12:       big_endding or litte_endding
  13:   
  14:      if(pHandle == NULL)
  15:      {
      
  16:          ret = -1;
  17:      }
  18:      else if(pHandle->nFlag_Data == 1)
  19:      {
      
  20:          ret = ELFDATA2LSB;
  21:      }
  22:      else if(pHandle->nFlag_Data == 2)
  23:      {
      
  24:          ret = ELFDATA2MSB;
  25:      }
  26:      else
  27:      {
      
  28:          ret = ELFDATANONE;
  29:      }
  30:      return ret;
  31:  }
  32:   
  33:  long ELF_GetELFMachine64(SEF_ELFHEADER_64 *pELF64Header, uint8_t *nMachine)
  34:  {
      
  35:      long ret=0;
  36:      *nMachine = 0;
  37:      //判断 CPU
  38:      if(pELF64Header == NULL)
  39:      {
      
  40:          ret = -1;
  41:      }
  42:      if(3 == pELF64Header->e_machine)
  43:      {
      
  44:          *nMachine = 1;
  45:          //printf("virtual program address:    %p\n",pELF64Header->e_entry);
  46:      }
  47:      else if(62 == pELF64Header->e_machine)
  48:      {
      
  49:          *nMachine = 2;
  50:      }
  51:      else
  52:      {
      
  53:          *nMachine = 3;
  54:      }
  55:      return ret;
  56:  }
  57:   
  58:  long ELF_GetELFMachine32(SEF_ELFHEADER_32 *pELF32Header, uint8_t *nMachine)
  59:  {
      
  60:      long ret=0;
  61:      *nMachine = 0;
  62:      if(pELF32Header == NULL)
  63:      {
      
  64:          ret = -1;
  65:      }
  66:      //判断 CPU
  67:      if(3 == pELF32Header->e_machine)
  68:      {
      
  69:          *nMachine = 1;
  70:          //printf("virtual program address:    %p\n",pELF32Header->e_entry);
  71:      }
  72:      else if(62 == pELF32Header->e_machine)
  73:      {
      
  74:          *nMachine = 2;
  75:      }
  76:      else
  77:      {
      
  78:          *nMachine = 3;
  79:      }
  80:      return ret;
  81:  }
  82:   
  83:  long ELF_GetEntry32(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
  84:  {
      
  85:      long ret=0;
  86:      uint64_t ProNum=0;
  87:      long nFlag = -1;
  88:      uint64_t i = 0;
  89:      uint64_t offset = 0;
  90:      if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
  91:      {
      
  92:          ret = -1;
  93:          goto ELF_ENTRY32;
  94:      }    
  95:      /*deal 32bits elf file*/
  96:      SEF_ELFHEADER_32 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_32);
  97:      ProNum = pElfHeader->e_phnum;
  98:      *RVA   =  pElfHeader->e_entry;
  99:      SEF_PROHEADER_32 *pSegTabFind=NULL;
 100:      SEF_PROHEADER_32 *pSegTabUse=NULL;    
 101:      uint64_t nItemNum = *RVA;
 102:      /*find the first load segment*/
 103:      for (i=0; i 
     
 104:      {
      
 105:          pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_32[i]);
 106:          if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))
 107:          {
      
 108:              nFlag = i;
 109:              pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_32[nFlag]);
 110:              break;
 111:          }
 112:      }
 113:      if (pSegTabUse != NULL)
 114:      {
      
 115:          offset = nItemNum - pSegTabUse->p_vaddr;
 116:          *RAW = pSegTabUse->p_offset + offset;
 117:      }
 118:      else
 119:      {
      
 120:          ret = -2;
 121:          goto ELF_ENTRY32;
 122:      }
 123:  ELF_ENTRY32:
 124:      return ret;
 125:  }
 126:   
 127:  long ELF_GetEntry64(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA)
 128:  {
      
 129:      long ret=0;
 130:      uint64_t ProNum=0;
 131:      long nFlag = -1;
 132:      uint64_t i = 0;
 133:      uint64_t offset = 0;    
 134:      /*deal 32bits elf file*/
 135:      if(pHandle->pS_ElfHeader == NULL || pHandle->pS_ProHeader == NULL)
 136:      {
      
 137:          ret = -1;
 138:          goto ELF_ENTRY64;
 139:      }
 140:      SEF_ELFHEADER_64 *pElfHeader = &(pHandle->pS_ElfHeader->S_ElfHeader_64);
 141:      ProNum = pElfHeader->e_phnum;
 142:      *RVA   =  pElfHeader->e_entry;
 143:      
 144:      SEF_PROHEADER_64 *pSegTabFind=NULL;
 145:      SEF_PROHEADER_64 *pSegTabUse=NULL;    
 146:      uint64_t nItemNum = *RVA;
 147:      /*find the first load segment*/
 148:      for (i=0; i 
     
 149:      {
      
 150:      pSegTabFind = &(pHandle->pS_ProHeader->pS_ProHeader_64[i]);
 151:      if(nItemNum >= pSegTabFind->p_vaddr && (nItemNum <= (pSegTabFind->p_vaddr +pSegTabFind->p_memsz)))
 152:          {
      
 153:              nFlag = i;
 154:              pSegTabUse = &(pHandle->pS_ProHeader->pS_ProHeader_64[nFlag]);
 155:              break;
 156:          }
 157:      }
 158:      if (pSegTabUse != NULL)
 159:      {
      
 160:          offset = nItemNum - pSegTabUse->p_vaddr;
 161:          *RAW = pSegTabUse->p_offset + offset;
 162:      //    printf("RAW is %d\n",*RAW);
 163:      }
 164:      else
 165:      {
      
 166:          ret = -2;
 167:          goto ELF_ENTRY64;
 168:      }
 169:  ELF_ENTRY64:
 170:      return ret;
 171:  }
 172:   
 173:  long ELF_GetSecInfo32(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
 174:  {
      
 175:      long ret = 0;
 176:      uint16_t SecNum = 0;
 177:      uint8_t i=0;        //as temp circle num
 178:      SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
 179:      if(phandle->pS_SecHeader == NULL)
 180:      {
      
 181:          ret = -1;
 182:          goto getsecinfo_finish;        
 183:      }
 184:      SEF_ELFHEADER_32 *pElfHeader32=&(handle->pS_ElfHeader->S_ElfHeader_32);
 185:      SEF_SECHEADER_32 *pSecHead32=NULL;
 186:      
 187:      SecNum = pElfHeader32->e_shnum;
 188:   
 189:      if(nIndex < 0 || nIndex > SecNum)
 190:      {
      
 191:          printf("Your input number is illegal!!\n");
 192:          ret = -2;
 193:          goto getsecinfo_finish;        
 194:      }
 195:   
 196:      pSecHead32 = &(handle->pS_SecHeader->pS_SecHeader_32[nIndex]);
 197:   
 198:      ELF_GetSecName(handle,nIndex,pSecInfo);
 199:   
 200:      pSecInfo->nType = pSecHead32->sh_type;
 201:      pSecInfo->nAddr = pSecHead32->sh_addr;
 202:      pSecInfo->nflags = pSecHead32->sh_flags;
 203:      pSecInfo->nOffset = pSecHead32->sh_offset;
 204:      pSecInfo->nSize = pSecHead32->sh_size;
 205:      pSecInfo->nLink = pSecHead32->sh_link;
 206:      pSecInfo->nInfo = pSecHead32->sh_info;
 207:      pSecInfo->nAddralign = pSecHead32->sh_addralign;
 208:      pSecInfo->nEntsize = pSecHead32->sh_entsize;        
 209:      
 210:      //printf("nFlags is =====%p\n",pSecInfo->nflags);
 211:      //ELF_GetSecftInfo(pSecInfo);    
 212:  getsecinfo_finish:
 213:      return ret;
 214:  }
 215:   
 216:  long ELF_GetSecInfo64(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo)
 217:  {
      
 218:      long ret = 0;
 219:      uint16_t SecNum = 0;
 220:      uint8_t i=0;        //as temp circle num
 221:      SEF_HEADSET* handle = (SEF_HEADSET*)phandle;
 222:      if(phandle->pS_SecHeader == NULL)
 223:      {
      
 224:          ret = -1;
 225:          goto getsecinfo_finish;        
 226:      }
 227:      SEF_ELFHEADER_64 *pElfHeader64=&(handle->pS_ElfHeader->S_ElfHeader_64);
 228:      SEF_SECHEADER_64 *pSecHead64=NULL;
 229:   
 230:      SecNum = pElfHeader64->e_shnum;
 231:   
 232:      if(nIndex < 0 || nIndex > SecNum)
 233:      {
      
 234:          printf("Your input number is illegal!!\n");
 235:          ret = -2;
 236:          goto getsecinfo_finish;        
 237:      }
 238:      printf("--------------------------------");
 239:      pSecHead64 = &(handle->pS_SecHeader->pS_SecHeader_64[nIndex]);
 240:          
 241:      ELF_GetSecName(handle,nIndex,pSecInfo);
 242:   
 243:      pSecInfo->nType = pSecHead64->sh_type;
 244:      pSecInfo->nAddr = pSecHead64->sh_addr;
 245:      pSecInfo->nflags = pSecHead64->sh_flags;
 246:      pSecInfo->nOffset = pSecHead64->sh_offset;
 247:      pSecInfo->nSize = pSecHead64->sh_size;
 248:      pSecInfo->nLink = pSecHead64->sh_link;
 249:      pSecInfo->nInfo = pSecHead64->sh_info;
 250:      pSecInfo->nAddralign = pSecHead64->sh_addralign;
 251:      pSecInfo->nEntsize = pSecHead64->sh_entsize;        
 252:   
 253:      //ELF_GetSecftInfo(pSecInfo);
 254:  getsecinfo_finish:
 255:      return ret;
 256:  }
 257:   
 258:  long ELF_GetSecName(void *handle,int num,ELF_SECINFO *pElfInfo)
 259:  {
      
 260:      SEF_HEADSET * phandle = (SEF_HEADSET *)handle;
 261:      int ret = 0;
 262:      if((phandle==NULL) || (phandle->pS_ElfHeader == NULL) || (phandle->pS_SecHeader==NULL))
 263:      {
      
 264:          ret = -1;
 265:          goto GetOut;
 266:      }
 267:      
 268:      SEF_ELFHEADER * pElfHeaderTemp = phandle->pS_ElfHeader;
 269:      SEF_SECHEADER * pSecHeaderTemp = phandle->pS_SecHeader;
 270:      int Index = 0;
 271:      
 272:      //deal 32bits elf file
 273:      if(pElfHeaderTemp->nFlag_Bits == ELFCLASS32)
 274:      {
      
 275:          Index = pElfHeaderTemp->S_ElfHeader_32.e_shstrndx;    
 276:          
 277:          //shstrname is the start address of the section name string section
 278:          char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_32[Index].sh_offset;
 279:          pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_32[num].sh_name;
 280:   
 281:              
 282:      }
 283:      //deal 64bits elf file
 284:      if(pElfHeaderTemp->nFlag_Bits == ELFCLASS64)
 285:      {
      
 286:          Index = pElfHeaderTemp->S_ElfHeader_64.e_shstrndx;    
 287:          
 288:          //shstrname is the start address of the section name string section
 289:          char * shstrname = phandle->pBuffer + pSecHeaderTemp->pS_SecHeader_64[Index].sh_offset;
 290:          pElfInfo->szName = shstrname + pSecHeaderTemp->pS_SecHeader_64[num].sh_name;
 291:      }
 292:  GetOut:
 293:      return ret;
 294:  }
 
最后给出.h头文件:
   1:  #include"../../include/elf_type.h"
   2:  #include "elf_interface.h"
   3:  #include"../../include/adt.h"
   4:   
   5:  #define ELF_FLAG_WRITE 0X1
   6:  #define ELF_FLAG_ALLOC 0X2
   7:  #define ELF_FLAG_EXECINSTR 0X4
   8:  #define ELF_FLAG_MERGE 0X10
   9:  #define ELF_FLAG_STRINGS 0X20
  10:  #define ELF_FLAG_LINK 0X40
  11:  #define ELF_FLAG_ORDER 0X80
  12:  #define ELF_FLAG_NONCONFORMING 0X100
  13:  #define ELF_FLAG_CROUP 0X200
  14:  #define ELF_FLAG_MASKOS 0X0ff00000
  15:  #define ELF_FLAG_MASKPROC 0Xf0000000
  16:   
  17:   
  18:  ///Get ELF's Enddian ///
  19:  /*
  20:    function : get ELF's enddian 
  21:    input    : [in point] pHandle is Call InitElf will return handle
  22:    result   : ret ;
  23:              -1 input point is NULL
  24:               0 ELFDATANONE  can't decide  which enddian
  25:               1 ELFDATA2LSB  little enddian
  26:               2 ELFDATA2MSB  big enddian
  27:   */
  28:  long ELF_GetELFEnddian(SEF_ELFHEADER *pHandle);
  29:   
  30:   
  31:   
  32:   
  33:  //Get ELF's Machine/
  34:  /*
  35:      funtinon: decide ELF's Machine when class is 64_class
  36:      input:  
  37:      result:  0 success
  38:              -5 can not decide which Machine it is 
  39:      readme: nEndding:   1 liteld+ending ; 2 big-edding
  40:              nMachine:   1 Intel 0x386 CPU ,2 AMD 64 CPU
  41:              nELFType:   1 ET_REL ; 2 ET_EXEC ; 3 ET_DYN ; 0 it's not ELF type
  42:  */
  43:  long ELF_GetELFMachine64(SEF_ELFHEADER_64 *pELF64Header, uint8_t *nMachine);
  44:   
  45:  /*
  46:      funtinon: decide ELF's Machine when class is 32_class
  47:      input:  
  48:      result:  0 success
  49:      -5 can not decide which Machine it is 
  50:      readme: nEndding:   1 little_endding ; 2 big_endding
  51:              nMachine:   1 Intel 0x386 CPU , 2 AMD 64 CPU
  52:              nELFType:   1 ET_REL ; 2 ET_EXEC ;3 ET_DYN ; 0 it's not ELF type
  53:  */
  54:  long ELF_GetELFMachine32(SEF_ELFHEADER_32 *pELF32Header, uint8_t *nMachine);
  55:   
  56:  /Get ELF's  Entry
  57:  /*
  58:    function: Get know Program exev begin point 's virtual Address --- RVA and Physics Offset---RAW
  59:    input:    [int point] Common struct include pS_ElfHeader Struct and Program Struct
  60:                [int/out point] RAW
  61:    result:   ret = 0;    success
  62:              ret = -1;    input point is NULL
  63:              ret = -2    can't find which program table has the first command
  64:    readme:
  65:  */
  66:  long ELF_GetEntry32(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA);
  67:   
  68:  /*
  69:    function: Get know Program exev begin point 's virtual Address --- RVA and Physics Offset---RAW
  70:    input:    [int point] Common struct include pS_ElfHeader Struct and Program Struct
  71:                [int/out point] RAW
  72:    result:   ret = 0;    success
  73:              ret = -1;    input point is NULL
  74:              ret = -2    can't find which program table has the first command
  75:    readme:
  76:  */
  77:  long ELF_GetEntry64(SEF_HEADSET *pHandle,uint64_t *RAW,uint64_t *RVA);
  78:   
  79:  long ELF_GetSecInfo32(SEF_HEADSET *phandle,uint32_t nIndex,ELF_SECINFO *pSecInfo);
  80:   
  81:  long ELF_GetSecInfo64(SEF_HEADSET*phandle,uint32_t nIndex,ELF_SECINFO *pElfSecInfo);
  82:   
  83:   
  84:  /*
  85:   *function :        Get know Program exec begin point's virtual Address ---RVA and Physics Offset---RAW 
  86:   *input    ;        [int point] pHandle is CAll InitELF will return handle  ,pAddressHandle from InitAddressELF 
  87:                      [in/out point] RAW and RVA   
  88:   *result   ;        ret==0;        success
  89:                      ret==-1;    input point is illegal 
  90:                      ret==-2;    can't find which Program table has the first command 
  91:  `readme       :
  92:   * 
  93:   * */
  94:  //long ELF_GetEntry(void *handle, uint64_t *RAW, uint64_t *RVA);
  95:   
  96:  //Get ELF's ALL Information
  97:  /* 
  98:      funtinon: Get ELF bit, machine, bigendding  
  99:      input:  [in point]     pHandle is Call InitELF will return handle 
 100:              [in/out poing] ELFInfo struct point, recfrese Buf.h
 101:      result:  0 success
 102:              -1 input point is null
 103:              -2 length is too short or it's firt four bits don't fit ELF style so it's not ELF style
 104:  
 105:      readme: InitElF , handle Call InitELF()
 106:              output    bIsElfStyle TURE elf文件 ;FALSE 非elf文件
 107:                      nEndding:   1 little_endding ; 2 big_endding ;3 can't decide which enddian
 108:                      nClass  :   1 32_class ; 2 64_class ;3 can't decide which class
 109:                      nMachine:   1  Intel 0x386 CPU ;2 AMD 64 CPU;3 can't decide which class
 110:  */
 111:  //long ELF_GetElfHeaderInfo(void *pHandle,ELF_HEADERINFO *pElfInfo);
 112:   
 113:   
 114:
 115:  long ELF_GetSecName(void *handle,int num,ELF_SECINFO *pSecInfo);
 116:   

转载于:https://www.cnblogs.com/hellowolrd-dc/p/3917450.html

你可能感兴趣的:(c#)