gman0064/chisel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add offset constants for header and section table

Browse Source
This commit is contained in:
Garrett Dickinson 2023-01-26 15:24:55 -06:00
parent e121bc619a
commit 8f30ed9209
2 changed files with 34 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -1,8 +1,7 @@
# chisel
`chisel` is a tool for decompiling *nix ELF programs for binary analysis and reverse engineering. This project is being developed alongside coursework for **Auburn University's COMP5970 Binary Program Analysis**.
`chisel` is a tool for decompiling *nix ELF programs for binary analysis and reverse engineering. This project is being developed for assignments pertaining to Auburn University's **COMP5970 Binary Program Analysis** course.
## Supported Binary formats
`chisel` supports binaries compiled to the [ELF format](https://en.wikipedia.org/wiki/Executable_and_Linkable_Format) from most x86 *nix systems, and *does not* currently support macOS Mach-O or Windows PE binaries.
`chisel` supports binaries compiled to the [ELF format](https://en.wikipedia.org/wiki/Executable_and_Linkable_Format) from most x86/x64 *nix systems, and __does not__ currently support macOS Mach-O or Windows PE binaries.

33
src/main.rs
View File

@ -1,9 +1,40 @@
// main.rs
// Author: Garrett Dickinson
// Created: 01/23/2023
// Description: Main entrypoint script for chisel. Contains basic procedures
// for gathering ELF file data.
use std::path;
use std::env;
use std::fs;
use std::process::exit;
// Generic ELF information offsets.
const ELF_MAGIC_NUMBER: &[u8] = &[0x7F,0x45,0x4C,0x46];
const ELF_ARCH_OFFSET: u8 = 0x04; // x86 or x64 indiicator; 1 byte
const ELF_ENDIAN_OFFSET: u8 = 0x05; // Endian offset (1 - little, 2 - big); 1 byte
const ELF_ABI_OFFSET: u8 = 0x07; // ABI identifier; 1 byte
const ELF_TYPE_OFFSET: u8 = 0x10; // Object type identifier; 2 bytes
const ELF_MACHINE_OFFSET: u8 = 0x12; // Instruction set type; 2 bytes
// Entry points and program header table inforamtion.
// Tupled offset are split by architecture:
// 0 : x86
// 1 : x86_64
const ELF_ENTRYPOINT_OFFSET: u8 = 0x18;
const ELF_PHOFF_OFFSET: (u8, u8) = (0x1C, 0x20); // Program header table pointer; 2 bytes
const ELF_SHOFF_OFFSET: (u8, u8) = (0x20, 0x28); // Section table pointer; 2 bytes
const ELF_EHSIZE_OFFSET: (u8, u8) = (0x28, 0x34); // Program header table entry size pointer; 2 bytes
const ELF_PHENTSIZE_OFFSET: (u8, u8) = (0x28, 0x34); // Section table pointer; 2 bytes
const ELF_PHNUM_OFFSET: (u8, u8) = (0x2C, 0x38);
const ELF_SHENTSIZE_OFFSET: (u8, u8) = (0x2E, 0x3A);
const ELF_SHNUM_OFFSET: (u8, u8) = (0x30, 0x3C);
const ELF_SHSTRNDX_OFFSET: (u8, u8) = (0x32, 0x3E);
fn main() {
// Collect our execution args
@ -24,7 +55,7 @@ fn main() {
if magic_num == ELF_MAGIC_NUMBER {
println!("Found ELF Magic Number!");
} else {
println!("[Error] Could not find magic number, is this an executable?")
println!("[Error] Could not find magic number, is this an ELF executable?")
}
}
} else {