1. Advisor
  2. qiling
  3. functions
  4. qiling.loader.elf.ELFParse
View all qiling analysis

How to use the qiling.loader.elf.ELFParse function in qiling

To help you get started, we’ve selected a few qiling examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github qilingframework / qiling / qiling / loader / elf.py View on Github external
ql.dprint("[+] load 0x%x - 0x%x"%(loadbase + i['p_vaddr'], loadbase + i['p_vaddr'] + i['p_filesz']))


        entry_point = elfhead['e_entry'] + loadbase
        
        ql.dprint("[+] mem_start: " + hex(mem_start) + " mem_end: " + hex(mem_end))

        ql.brk_address = mem_end + loadbase

        # Load interpreter if there is an interpreter

        if interp_path != '':
            if sys.version_info >= (3, 0):
                interp_path = str(interp_path, 'utf-8', errors="ignore")
           
            interp = ELFParse(ql.rootfs + interp_path, ql)
            interphead = interp.parse_header(ql)
            ql.dprint("[+] interp is : %s" % (ql.rootfs + interp_path))

            interp_mem_size = -1
            for i in interp.parse_program_header(ql):
                if i['p_type'] == PT_LOAD:
                    if interp_mem_size < i['p_vaddr'] + i['p_memsz'] or interp_mem_size == -1:
                        interp_mem_size = i['p_vaddr'] + i['p_memsz']
            interp_mem_size = (interp_mem_size // 0x1000 + 1) * 0x1000
            ql.dprint("[+] interp_mem_size is : %x" % int(interp_mem_size))

            if ql.interp_base == 0:
                if ql.archbit == 64:
                    ql.interp_base = 0x7ffff7dd5000
                elif ql.archbit == 32 and ql.arch != QL_MIPS32EL:
                    ql.interp_base = 0xfb7d3000
github qilingframework / qiling / qiling / loader / elf.py View on Github external
P['p_offset']   = ql.unpack64(Pdata[i * Psize + 8 : i * Psize + 16 ])
            P['p_vaddr']    = ql.unpack64(Pdata[i * Psize + 16 : i * Psize + 24 ])
            P['p_paddr']    = ql.unpack64(Pdata[i * Psize + 24 : i * Psize + 32 ])
            P['p_filesz']   = ql.unpack64(Pdata[i * Psize + 32 : i * Psize + 40 ])
            P['p_memsz']    = ql.unpack64(Pdata[i * Psize + 40 : i * Psize + 48 ])
            P['p_align']    = ql.unpack64(Pdata[i * Psize + 48 : i * Psize + 56])
            yield P
        return

    def parse_program_header(self, ql):
        if ql.archbit == 64:
            return self.parse_program_header64(ql)
        elif ql.archbit == 32:
            return self.parse_program_header32(ql)

class ELFLoader(ELFParse):
    def __init__(self, path, ql):
        ELFParse.__init__(self, path, ql)

    def pack(self, data, ql):
        if ql.archbit == 64:
            return ql.pack64(data)
        elif ql.archbit == 32:
            return ql.pack32(data)
        else:
            return ql.pack32(data)

    def copy_str(self, uc, addr, l):
        l_addr = []
        s_addr = addr
        for i in l:
            s_addr = s_addr - len(i) - 1

qiling

Qiling is an advanced binary emulation framework that cross-platform-architecture

GitHub
GPL-2.0
Latest version published 1 year ago

Package Health Score

62 / 100
Full package analysis

Popular qiling functions

Similar packages