elf binary parsing utility written in Go.

Overview

What is it ?

go-readelf is a small elf binary parser currently capable of printing relocation entries, elf header, sections and Symbols. It utilizes Go's elf package for typing and structure information while performing the mechanics for parsing elf binaries independently. It supports both 32 and 64-bit elf binaries and was tested/built on x86_64 Linux (Arch).

What about binutils readelf ?

This is a pet project really meant to culuminate/expand what I am currently studying out of a book called Linux Binary Analysis (chapter-2). Readelf is about 16k lines of C code, so this is in no way a replacement (it would be a meme to claim it is). If you would like to see what elf parsing looks like in Golang then this utility source code certainly helps, maybe for some reason you need a lightweight elf parser. I'd also suggest the elf package in Golang.

Installation:

[terminal]$ git clone https://github.com/sad0p/go-readelf.git
[terminal]$ cd go-readelf
[terminal]$ go build go-readelf.go
[terminal]$ ./go-readelf
Usage: ./go-readelf [-hrsS] <target-binary>
        -h: View elf header
        -r: View relocation entries
        -s: View symbols
        -S: View Sections
        -l: View program headers
[terminal]$ 

Source code quality: I'm fairly new to Go, as a matter of fact this is the first application I've written in the language, refactoring along the lines of the Effective Go guidelines are welcomed if I missed anything.

Needed improvements: I purposely didn't implement the ability to print program headers, hopefully someone takes up the task before I'm no longer bored and push code to do just that.

Future work related to this project:

I'm definitely looking forward to writing a parser that is resistant to anti-reverse engineering techniques that corrupt Elf meta data to the point it stops analysis tools like this, but binary is still interpreted and executes correctly.

Issues
  • View program headers not working, throws

    View program headers not working, throws "Unrecognizable parameters"

    Filing the first issue here. So glad to see this project. Congratulations !!

    I wanted to write something similar (ELF parser) in Go as I have an interest in Binary Analysis too (ELF based).

    It seems the "View program headers" isn't working as expected and throws "Unrecognizable parameters". Details below

    $ ./go-readelf -h
    Usage: ./go-readelf [-hrsS]
    	-h: View Elf header
    	-r: View relocation entries
    	-s: View symbols
    	-S: View Sections
    	-l: View program headers
    $
    $ ./go-readelf -l /bin/ls
    Unrecognizable parameters
    $
    

    Binutils readelf output for comparison on same setup

    $ readelf -l /bin/ls
    
    Elf file type is DYN (Shared object file)
    Entry point 0x6890
    There are 12 program headers, starting at offset 64
    
    Program Headers:
      Type           Offset             VirtAddr           PhysAddr
                     FileSiz            MemSiz              Flags  Align
      PHDR           0x0000000000000040 0x0000000000000040 0x0000000000000040
                     0x00000000000002a0 0x00000000000002a0  R      0x8
      INTERP         0x00000000000002e0 0x00000000000002e0 0x00000000000002e0
                     0x000000000000001c 0x000000000000001c  R      0x1
          [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
      LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
                     0x00000000000034f8 0x00000000000034f8  R      0x1000
      LOAD           0x0000000000004000 0x0000000000004000 0x0000000000004000
                     0x0000000000013f51 0x0000000000013f51  R E    0x1000
      LOAD           0x0000000000018000 0x0000000000018000 0x0000000000018000
                     0x0000000000008c90 0x0000000000008c90  R      0x1000
      LOAD           0x0000000000020f90 0x0000000000021f90 0x0000000000021f90
                     0x00000000000012b8 0x0000000000002568  RW     0x1000
      DYNAMIC        0x00000000000219f8 0x00000000000229f8 0x00000000000229f8
                     0x0000000000000210 0x0000000000000210  RW     0x8
      NOTE           0x0000000000000300 0x0000000000000300 0x0000000000000300
                     0x0000000000000020 0x0000000000000020  R      0x8
      NOTE           0x0000000000000320 0x0000000000000320 0x0000000000000320
                     0x0000000000000044 0x0000000000000044  R      0x4
      GNU_EH_FRAME   0x000000000001d31c 0x000000000001d31c 0x000000000001d31c
                     0x0000000000000914 0x0000000000000914  R      0x4
      GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
                     0x0000000000000000 0x0000000000000000  RW     0x10
      GNU_RELRO      0x0000000000020f90 0x0000000000021f90 0x0000000000021f90
                     0x0000000000001070 0x0000000000001070  R      0x1
    
     Section to Segment mapping:
      Segment Sections...
       00     
       01     .interp 
       02     .interp .note.gnu.property .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt 
       03     .init .plt .plt.sec .text .fini 
       04     .rodata .eh_frame_hdr .eh_frame 
       05     .init_array .fini_array .data.rel.ro .dynamic .got .data .bss 
       06     .dynamic 
       07     .note.gnu.property 
       08     .note.ABI-tag .note.gnu.build-id 
       09     .eh_frame_hdr 
       10     
       11     .init_array .fini_array .data.rel.ro .dynamic .got 
    $
    

    System information

    $ cat /etc/fedora-release 
    Fedora release 30 (Thirty)
    $ 
    
    opened by kamathe 1
Releases(v1.1)
  • v1.1(Jun 15, 2021)

  • v1.0(Aug 27, 2020)

    Supports elf32/64-bit variants. Test on x86_64 Linux

    Features:

    • Prints relocations
    • Prints elf header
    • Prints section headers
    • Prints symbol tables
    Source code(tar.gz)
    Source code(zip)
Owner
non-l33t InfoSec enthusiast and programmer with focus on reverse engineering and software exploitation.
null
Flag is a simple but powerful command line option parsing library for Go support infinite level subcommand

Flag Flag is a simple but powerful commandline flag parsing library for Go. Documentation Documentation can be found at Godoc Supported features bool

null 120 Apr 1, 2022
Idiomatic Go input parsing with subcommands, positional values, and flags at any position. No required project or package layout and no external dependencies.

Sensible and fast command-line flag parsing with excellent support for subcommands and positional values. Flags can be at any position. Flaggy has no

Eric Greer 792 May 11, 2022
Struct-based argument parsing in Go

go-arg Struct-based argument parsing for Go Declare command line arguments for your program by defining a struct. var args struct { Foo string Bar b

Alex Flint 1.4k May 17, 2022
Generate flags by parsing structures

Flags based on structures. The sflags package uses structs, reflection and struct field tags to allow you specify command line options. It supports di

null 134 Apr 13, 2022
Go library for Parsing Ansible inventory files

aini Go library for Parsing Ansible inventory files. We are trying to follow the logic of Ansible parser as close as possible. Documentation on ansibl

Relex 72 Mar 4, 2022
A rich tool for parsing flags and values in pure Golang

A rich tool for parsing flags and values in pure Golang. No additional library is required and you can use everywhere.

ALi.w 14 Jan 25, 2022
Package varflag implements command-line flag parsing into vars.Variables for easy type handling with additional flag types.

varflag Package flag implements command-line flag parsing into vars.Variables for easy type handling with additional flag types. varflag Flags String

Marko Kungla 2 Feb 11, 2022
🚀 Platform providing a powerful and fast public script parsing API dedicated to the Skript community.

SkriptMC-Parser is currently a prototype in the early stages of development of a system that allows the Skript community to test their scripts via a public API for potential errors or warnings. This is a quick and easy way to check your scripts without having to set up a Spigot server on your environment.

Romain 0 Mar 3, 2022
Run your MapReduce workloads as a single binary on a single machine with multiple CPUs and high memory. Pricing of a lot of small machines vs heavy machines is the same on most cloud providers.

gomap Run your MapReduce workloads as a single binary on a single machine with multiple CPUs and high memory. Pricing of a lot of small machines vs he

null 20 May 1, 2022
gif effects CLI. single binary, no dependencies. linux, osx, windows.

yeetgif Composable GIF effects CLI, with reasonable defaults. Made for custom Slack/Discord emoji :) Get it Alternative 1: go get Alternative 2: just

Sergey Grebenshchikov 519 May 6, 2022
Another Go shellcode loader designed to work with Cobalt Strike raw binary payload.

Bankai Another Go shellcode loader designed to work with Cobalt Strike raw binary payload. I created this project to mainly educate myself learning Go

bigb0ss 110 Apr 26, 2022
A lightweight replacement for the standard fmt package, reduces binary size by roughly 400kb in a hello world

console This is a lightweight replacement for the fmt package, reduces the binary size by roughly 400kb in a hello world program. Please note: This pa

null 1 Nov 7, 2021
Tiny binary serializer and deserializer to create on demand parsers and compilers

Parco Hobbyist binary compiler and parser built with as less reflection as possible, highly extensible and with zero dependencies. There are plenty pa

Marquitos 14 Mar 3, 2022
Gostall - Run go install ./cmd/server and not have the binary install in your GOBIN be called server?

GOSTALL Ever wanted to run go install ./cmd/server and not have the binary insta

David Desmarais-Michaud 0 Jan 7, 2022
Instal - Install any binary app from a script URL

??️ Install any binary app from a script URL. this cli app is an alternative to

Abdfn 13 Apr 24, 2022
archy is an static binary to determine current kernel and machine architecture, with backwards compatible flags to uname, and offers alternative output format of Go runtime (i.e. GOOS, GOARCH).

archy archy is an simple binary to determine current kernel and machine architecture, which wraps uname and alternatively can read from Go runtime std

xargs-dev 3 Mar 18, 2022
A JSON diff utility

JayDiff A JSON diff utility. Install Downloading the compiled binary Download the latest version of the binary: releases extract the archive and place

Guillaume de Sagazan 85 Apr 29, 2022
Commandline Utility To Create Secure Password Hashes (scrypt / bcrypt / pbkdf2)

passhash Create Secure Password Hashes with different algorithms. I/O format is base64 conforming to RFC 4648 (also known as url safe base64 encoding)

Michael Gebetsroither 14 Jan 22, 2021
📷 Command-line utility to download all photos from Instagram

Instagram Downloader This is a simple command-line tool, written in Go, to download all images from an Instagram account. Getting Started Install inst

Gregory Schier 19 Apr 23, 2022