/** Print some debugging info. The 'section' is an optional section pointer for the st_shndx member. */
void
SgAsmElfSymbol::dump(FILE *f, const char *prefix, ssize_t idx, SgAsmGenericSection *section) const
{
char p[4096];
if (idx>=0) {
sprintf(p, "%sElfSymbol[%zd].", prefix, idx);
} else {
sprintf(p, "%sElfSymbol.", prefix);
}
const int w = std::max(1, DUMP_FIELD_WIDTH-(int)strlen(p));
SgAsmGenericSymbol::dump(f, p, -1);
fprintf(f, "%s%-*s = %u", p, w, "st_info", p_st_info);
fprintf(f, " (%s %s)\n",to_string(get_elf_binding()).c_str(),to_string(get_elf_type()).c_str());
fprintf(f, "%s%-*s = %u\n", p, w, "st_res1", p_st_res1);
fprintf(f, "%s%-*s = %"PRIu64"\n", p, w, "st_size", p_st_size);
if (section && section->get_id() == (int)p_st_shndx) {
fprintf(f, "%s%-*s = [%d] \"%s\"\n", p, w, "st_shndx", section->get_id(), section->get_name()->get_string(true).c_str());
} else {
fprintf(f, "%s%-*s = %u\n", p, w, "st_shndx", p_st_shndx);
}
if (p_extra.size()>0) {
fprintf(f, "%s%-*s = %zu bytes\n", p, w, "extra", p_extra.size());
hexdump(f, 0, std::string(p)+"extra at ", p_extra);
}
}
void
SgAsmElfSymbol::parse_common()
{
/* Binding */
switch (get_elf_binding()) {
case STB_LOCAL: p_binding = SYM_LOCAL; break;
case STB_GLOBAL: p_binding = SYM_GLOBAL; break;
case STB_WEAK: p_binding = SYM_WEAK; break;
default:
fprintf(stderr, "unknown elf symbol binding: %u\n", get_elf_binding());
ROSE_ASSERT(0);
break;
}
/* Type */
switch (get_elf_type()) {
case STT_NOTYPE: p_type = SYM_NO_TYPE; break;
case STT_OBJECT: p_type = SYM_DATA; break;
case STT_FUNC: p_type = SYM_FUNC; break;
case STT_SECTION: p_type = SYM_SECTION; break;
case STT_FILE: p_type = SYM_FILE; break;
case STT_COMMON: p_type = SYM_COMMON; break;
case STT_TLS: p_type = SYM_TLS; break;
case STT_IFUNC: p_type = SYM_IFUNC; break;
default:
fprintf(stderr, "unknown elf symbol type: %u\n", get_elf_type());
ROSE_ASSERT(0);
break;
}
/* Definition state */
if (p_value || p_size) {
p_def_state = SYM_DEFINED;
} else if (p_name->get_string().size() > 0 || get_elf_type()) {
p_def_state = SYM_TENTATIVE;
} else {
p_def_state = SYM_UNDEFINED;
}
}
int module_load(
YR_SCAN_CONTEXT* context,
YR_OBJECT* module_object,
void* module_data,
size_t module_data_size)
{
YR_MEMORY_BLOCK* block;
elf32_header_t* elf_header32;
elf64_header_t* elf_header64;
set_integer(ELF_ET_NONE, module_object, "ET_NONE");
set_integer(ELF_ET_REL, module_object, "ET_REL");
set_integer(ELF_ET_EXEC, module_object, "ET_EXEC");
set_integer(ELF_ET_DYN, module_object, "ET_DYN");
set_integer(ELF_ET_CORE, module_object, "ET_CORE");
set_integer(ELF_EM_NONE, module_object, "EM_NONE");
set_integer(ELF_EM_M32, module_object, "EM_M32");
set_integer(ELF_EM_SPARC, module_object, "EM_SPARC");
set_integer(ELF_EM_386, module_object, "EM_386");
set_integer(ELF_EM_68K, module_object, "EM_68K");
set_integer(ELF_EM_88K, module_object, "EM_88K");
set_integer(ELF_EM_860, module_object, "EM_860");
set_integer(ELF_EM_MIPS, module_object, "EM_MIPS");
set_integer(ELF_EM_MIPS_RS3_LE, module_object, "EM_MIPS_RS3_LE");
set_integer(ELF_EM_PPC, module_object, "EM_PPC");
set_integer(ELF_EM_PPC64, module_object, "EM_PPC64");
set_integer(ELF_EM_ARM, module_object, "EM_ARM");
set_integer(ELF_EM_X86_64, module_object, "EM_X86_64");
set_integer(ELF_EM_AARCH64, module_object, "EM_AARCH64");
set_integer(ELF_SHT_NULL, module_object, "SHT_NULL");
set_integer(ELF_SHT_PROGBITS, module_object, "SHT_PROGBITS");
set_integer(ELF_SHT_SYMTAB, module_object, "SHT_SYMTAB");
set_integer(ELF_SHT_STRTAB, module_object, "SHT_STRTAB");
set_integer(ELF_SHT_RELA, module_object, "SHT_RELA");
set_integer(ELF_SHT_HASH, module_object, "SHT_HASH");
set_integer(ELF_SHT_DYNAMIC, module_object, "SHT_DYNAMIC");
set_integer(ELF_SHT_NOTE, module_object, "SHT_NOTE");
set_integer(ELF_SHT_NOBITS, module_object, "SHT_NOBITS");
set_integer(ELF_SHT_REL, module_object, "SHT_REL");
set_integer(ELF_SHT_SHLIB, module_object, "SHT_SHLIB");
set_integer(ELF_SHT_DYNSYM, module_object, "SHT_DYNSYM");
set_integer(ELF_SHF_WRITE, module_object, "SHF_WRITE");
set_integer(ELF_SHF_ALLOC, module_object, "SHF_ALLOC");
set_integer(ELF_SHF_EXECINSTR, module_object, "SHF_EXECINSTR");
set_integer(ELF_PT_NULL, module_object, "PT_NULL");
set_integer(ELF_PT_LOAD, module_object, "PT_LOAD");
set_integer(ELF_PT_DYNAMIC, module_object, "PT_DYNAMIC");
set_integer(ELF_PT_INTERP, module_object, "PT_INTERP");
set_integer(ELF_PT_NOTE, module_object, "PT_NOTE");
set_integer(ELF_PT_SHLIB, module_object, "PT_SHLIB");
set_integer(ELF_PT_PHDR, module_object, "PT_PHDR");
set_integer(ELF_PT_TLS, module_object, "PT_TLS");
set_integer(ELF_PT_GNU_EH_FRAME, module_object, "PT_GNU_EH_FRAME");
set_integer(ELF_PT_GNU_STACK, module_object, "PT_GNU_STACK");
set_integer(ELF_PF_X, module_object, "PF_X");
set_integer(ELF_PF_W, module_object, "PF_W");
set_integer(ELF_PF_R, module_object, "PF_R");
foreach_memory_block(context, block)
{
switch(get_elf_type(block->data, block->size))
{
case ELF_CLASS_32:
if (block->size > sizeof(elf32_header_t))
{
elf_header32 = (elf32_header_t*) block->data;
if (!(context->flags & SCAN_FLAGS_PROCESS_MEMORY) ||
elf_header32->type == ELF_ET_EXEC)
{
parse_elf_header_32(
elf_header32,
block->base,
block->size,
context->flags,
module_object);
}
}
break;
case ELF_CLASS_64:
if (block->size > sizeof(elf64_header_t))
{
elf_header64 = (elf64_header_t*) block->data;
if (!(context->flags & SCAN_FLAGS_PROCESS_MEMORY) ||
elf_header64->type == ELF_ET_EXEC)
{
parse_elf_header_64(
elf_header64,
block->base,
block->size,
context->flags,
module_object);
}
}
break;
}
}
return ERROR_SUCCESS;
}
