From 8f30ed9209d0b44dcbf802546c84b593bc9f2a1e Mon Sep 17 00:00:00 2001 From: Garrett Dickinson Date: Thu, 26 Jan 2023 15:24:55 -0600 Subject: [PATCH] Add offset constants for header and section table --- README.md | 5 ++--- src/main.rs | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 34 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index eec7569..01614fb 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,7 @@ # chisel -`chisel` is a tool for decompiling *nix ELF programs for binary analysis and reverse engineering. This project is being developed alongside coursework for **Auburn University's COMP5970 Binary Program Analysis**. +`chisel` is a tool for decompiling *nix ELF programs for binary analysis and reverse engineering. This project is being developed for assignments pertaining to Auburn University's **COMP5970 Binary Program Analysis** course. ## Supported Binary formats -`chisel` supports binaries compiled to the [ELF format](https://en.wikipedia.org/wiki/Executable_and_Linkable_Format) from most x86 *nix systems, and *does not* currently support macOS Mach-O or Windows PE binaries. - +`chisel` supports binaries compiled to the [ELF format](https://en.wikipedia.org/wiki/Executable_and_Linkable_Format) from most x86/x64 *nix systems, and __does not__ currently support macOS Mach-O or Windows PE binaries. \ No newline at end of file diff --git a/src/main.rs b/src/main.rs index 9931cda..ca6a4e5 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,9 +1,40 @@ +// main.rs +// Author: Garrett Dickinson +// Created: 01/23/2023 +// Description: Main entrypoint script for chisel. Contains basic procedures +// for gathering ELF file data. + + use std::path; use std::env; use std::fs; use std::process::exit; +// Generic ELF information offsets. + const ELF_MAGIC_NUMBER: &[u8] = &[0x7F,0x45,0x4C,0x46]; +const ELF_ARCH_OFFSET: u8 = 0x04; // x86 or x64 indiicator; 1 byte +const ELF_ENDIAN_OFFSET: u8 = 0x05; // Endian offset (1 - little, 2 - big); 1 byte +const ELF_ABI_OFFSET: u8 = 0x07; // ABI identifier; 1 byte +const ELF_TYPE_OFFSET: u8 = 0x10; // Object type identifier; 2 bytes +const ELF_MACHINE_OFFSET: u8 = 0x12; // Instruction set type; 2 bytes + + +// Entry points and program header table inforamtion. +// Tupled offset are split by architecture: +// 0 : x86 +// 1 : x86_64 + +const ELF_ENTRYPOINT_OFFSET: u8 = 0x18; +const ELF_PHOFF_OFFSET: (u8, u8) = (0x1C, 0x20); // Program header table pointer; 2 bytes +const ELF_SHOFF_OFFSET: (u8, u8) = (0x20, 0x28); // Section table pointer; 2 bytes +const ELF_EHSIZE_OFFSET: (u8, u8) = (0x28, 0x34); // Program header table entry size pointer; 2 bytes +const ELF_PHENTSIZE_OFFSET: (u8, u8) = (0x28, 0x34); // Section table pointer; 2 bytes +const ELF_PHNUM_OFFSET: (u8, u8) = (0x2C, 0x38); +const ELF_SHENTSIZE_OFFSET: (u8, u8) = (0x2E, 0x3A); +const ELF_SHNUM_OFFSET: (u8, u8) = (0x30, 0x3C); +const ELF_SHSTRNDX_OFFSET: (u8, u8) = (0x32, 0x3E); + fn main() { // Collect our execution args @@ -24,7 +55,7 @@ fn main() { if magic_num == ELF_MAGIC_NUMBER { println!("Found ELF Magic Number!"); } else { - println!("[Error] Could not find magic number, is this an executable?") + println!("[Error] Could not find magic number, is this an ELF executable?") } } } else {