[Kong API].ELF.ELF
ELF executable image parser
Synopsis:
auto img = new image("a.out", IO_MODE.R);
img.analyze(new PT(i), new SHT(i));
Description:
ELF platform specific data structures and endianess is handled through proxy structures. By default the following mappings are defined:
* Ehdr : [ Elf32_Ehdr, Elf64_Ehdr ] * Phdr : [ Elf32_Phdr, Elf64_Phdr ] * Shdr : [ Elf32_Shdr, Elf64_Shdr ] * Sym : [ Elf32_Sym, Elf64_Sym ] * Rel : [ Elf32_Rel, Elf64_Rel ] * Rela : [ Elf32_Rela, Elf64_Rela ] * Dyn : [ Elf32_Dyn, Elf64_Dyn ]
New mappings may be defined like so:
mixin (reflect!("Dyn", ["Elf32_Dyn", "Elf64_Dyn"],
"d_val",
"d_ptr",
"d_tag"
));
Notes:
- Struct instances must be initialized properly (see: image_reflect).
Members can be accessed (with in-place endian conversion) using private enums and OpIndex?.
// Dyn d uint64_t x = d[d.d_tag]; // d[Dyn.d_tag] works as well. d[d.d_tag] = x;
Notes:
- All data members are padded to uint64_t by opIndex;
class : image
image.analyze
The analyze method should be called with 1 or more data mining objects. These objects determine how and what is extracted from the image, and where it is to be stored. These objects must be derivative of mine!(Phdr) or mine!(Shdr) (the two top level data types used by the ELF format).
Default implementations are provided:
- ELF.PT - Segment(Phdr) parser.
- ELF.ST - Section(Shdr) parser.
- ELF.DT - Segment.Dynamic(Dyn) parser. (may not be passed to analyze() directly).
| Type | Name | Description |
| Constructors: | ||
| (string path, IO_MODE? mode = IO_MODE.R) | this | |
| (void* base_address, bool active) | this | Set active=true for libraries loaded through runtime dynamic linking. |
| (io_stream file) | this | |
| Methods: | ||
| void (T...)(T); | analyze | |
| Static Methods: | ||
| uint64_t(uint64_t address, ref Phdr segment); | RVA2file | Virtual-address : file offset conversion |
| uint64_t(uint64_t offset, ref Phdr segment); | file2RVA | |
| Sym (string query, Sym[] table, uint32_t[] hash_buckets, uint32_t[] hash_chains, char[] strtab); | symbol_lookup | |
| T* (T)(T[] reloc_table, ref Sym symbol, Sym[] symbols); | PLT_lookup | Find PLT relocation entry (points to GOT slots). |
Error handling:
Throws image_exception for various parse failures (in addition to standard IO exceptions).
- RVA2file and file2RVA throw image_exception if the conversion is invalid (offsets out of bounds).
Example:
http://www.dsource.org/projects/kong/browser/trunk/kong/examples/elf_dump.d
Related:
image_interface, image_reflect, mine, ELF/types.d