github action to compare with the output of readelf -h

Author: LRGH

.github/workflows/tools.yml

@@ -9,7 +9,7 @@ on:
     branches: [ "master" ]
 
 jobs:
-  examples:
+  macos:
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
@@ -26,3 +26,21 @@ jobs:
       run: |
         export PYTHONPATH=$PYTHONPATH:$(pwd)
         zsh ./tests/examples_macos.sh
+  linux:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ["ubuntu-latest", "ubuntu-22.04", "ubuntu-20.04"]
+        python-version: ["3.10"]
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v4
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Comparison with readelf
+      run: |
+        readelf --version
+        export PYTHONPATH=$PYTHONPATH:$(pwd)
+        bash ./tests/examples_linux.sh

elfesteem/elf.py

@@ -40,10 +40,24 @@ class Shdr(CStructWithStrTable):
                 ("addralign","ptr"),
                 ("entsize","ptr") ]
     strtab = property(lambda _: _.parent.shstrtab)
-    format = property(lambda _: {
-        32: "  [%(idx)2d] %(name17)-17s %(type_txt)-15s %(addr)08x %(offset)06x %(size)06x %(entsize)02x %(flags_txt)3s %(link)2d %(info)3d %(addralign)2d",
-        64: "  [%(idx)2d] %(name17)-17s %(type_txt)-15s  %(addr)016x  %(offset)08x  %(size)016x  %(entsize)016x %(flags_txt)3s      %(link)2d    %(info)2d    %(addralign)2d",
-        }[_.wsize])
+    header32 = ["  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al"]
+    format32 = "  [%(idx)2d] %(name17)-17s %(type_txt)-15s %(addr)08x %(offset)06x %(size)06x %(entsize)02x %(flags_txt)3s %(link)2d %(info)3d %(addralign)2d"
+    header64 = ["  [Nr] Name              Type             Address           Offset    Size              EntSize          Flags  Link  Info  Align"]
+    format64 = "  [%(idx)2d] %(name17)-17s %(type_txt)-15s  %(addr)016x  %(offset)08x  %(size)016x  %(entsize)016x %(flags_txt)3s      %(link)2d    %(info)2d    %(addralign)2d"
+    footer32 = [
+        "Key to Flags:",
+        "  W (write), A (alloc), X (execute), M (merge), S (strings)",
+        "  I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)",
+        "  O (extra OS processing required) o (OS specific), p (processor specific)",
+        ]
+    footer64 = [
+        "Key to Flags:",
+        "  W (write), A (alloc), X (execute), M (merge), S (strings), l (large)",
+        "  I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)",
+        "  O (extra OS processing required) o (OS specific), p (processor specific)",
+        ]
+    format = property(lambda _: { 32: Shdr.format32, 64: Shdr.format64 }[_.wsize])
+    footer = property(lambda _: { 32: Shdr.footer32, 64: Shdr.footer64 }[_.wsize])
     name17 = property(lambda _: _.name[:17])
     idx = property(lambda _: _.parent.parent.shlist.index(_.parent))
     def flags_txt(self):
@@ -353,6 +367,27 @@ class Vernaux64(Vernaux32):
 ELFDATA2MSB =   2,       # Most significant byte at lowest address
 )
 
+SetConstants(
+# Legal values for e_ident[EI_OSABI]
+ELFOSABI_NONE =         0,      # UNIX System V ABI
+ELFOSABI_SYSV =         0,      # Alias
+ELFOSABI_HPUX =         1,      # HP-UX
+ELFOSABI_NETBSD =       2,      # NetBSD
+ELFOSABI_GNU =          3,      # Object uses GNU ELF extensions
+ELFOSABI_LINUX =        3,      # Compatibility alias
+ELFOSABI_SOLARIS =      6,      # Sun Solaris
+ELFOSABI_AIX =          7,      # IBM AIX
+ELFOSABI_IRIX =         8,      # SGI Irix
+ELFOSABI_FREEBSD =      9,      # FreeBSD
+ELFOSABI_TRU64 =        10,     # Compaq TRU64 UNIX
+ELFOSABI_MODESTO =      11,     # Novell Modesto
+ELFOSABI_OPENBSD =      12,     # OpenBSD
+ELFOSABI_ARM_AEABI =    64,     # ARM EABI
+ELFOSABI_ARM =          97,     # ARM
+ELFOSABI_STANDALONE =   255,    # Standalone (embedded) application
+no_name=('ELFOSABI_SYSV','ELFOSABI_LINUX'),
+)
+
 SetConstants(
 # Legal values for e_type (object file type).
 ET_NONE =         0,               # No file type

elfesteem/elf_init.py

@@ -736,17 +736,9 @@ def readelf_display(self):
                 % (len(self.shlist), self.parent.Ehdr.shoff),
                 "",
                 "Section Headers:" ]
-        if self.wsize == 32:
-            rep.append( "  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al" )
-        elif self.wsize == 64:
-            rep.extend(["  [Nr] Name              Type             Address           Offset    Size              EntSize          Flags  Link  Info  Align"])
+        rep.extend({32: elf.Shdr.header32, 64: elf.Shdr.header64}[self.wsize])
         rep.extend([ _.sh.readelf_display() for _ in self ])
-        rep.extend([ # Footer
-"Key to Flags:",
-"  W (write), A (alloc), X (execute), M (merge), S (strings)",
-"  I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)",
-"  O (extra OS processing required) o (OS specific), p (processor specific)",
-            ])
+        rep.extend(self[0].sh.footer)
         return "\n".join(rep)
     def __str__(self):
         raise AttributeError("Use pack() instead of str()")

examples/readelf.py

@@ -8,6 +8,26 @@
 sys.path.insert(1, os.path.abspath(sys.path[0]+'/..'))
 from elfesteem import elf_init, elf
 
+import subprocess
+def popen_read_out_err(cmd):
+    p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    p.wait()
+    p.stdin.close()
+    return p.stdout.read() + p.stderr.read()
+
+import re
+def get_readelf_version():
+    readelf_v = popen_read_out_err(["readelf", "--version"])
+    if type(readelf_v) != str: readelf_v = str(readelf_v, encoding='latin1')
+    r = re.search(r'GNU readelf .* (\d+\.\d+)', readelf_v)
+    if r:
+        sys.stderr.write("readelf version %s\n" % float(r.groups()[0]))
+        return float(r.groups()[0])
+    else:
+        sys.stderr.write("Could not detect readelf version\n")
+        sys.stderr.write(readelf_v)
+        return None
+
 et_strings = {
     elf.ET_REL: 'REL (Relocatable file)',
     elf.ET_EXEC: 'EXEC (Executable file)',
@@ -18,11 +38,26 @@ def expand_code(table, val):
     if val in table: return table[val]
     return '<unknown>: %#x' % val
 
+def is_pie(e):
+    # binutils 2.37
+    # 2021-06-15 https://github.com/bminor/binutils-gdb/commit/93df3340fd5ad32f784214fc125de71811da72ff
+    for i, sh in enumerate(e.sh):
+        if sh.sh.type != elf.SHT_DYNAMIC:
+            continue
+        if e.wsize == 32:
+            dyntab = sh.dyntab[:-2]
+        elif e.wsize == 64:
+            dyntab = sh.dyntab[:-1]
+        for d in dyntab:
+            if d.type == elf.DT_FLAGS_1 and d.name & elf.DF_1_PIE:
+                return True
+    return False
+
 def display_headers(e):
     print("ELF Header:")
     import struct
     ident = struct.unpack('16B', e.Ehdr.ident)
-    print("  Magic:   %s"%' '.join(['%02x'%_ for _ in ident]))
+    print("  Magic:   %s "%' '.join(['%02x'%_ for _ in ident]))
     print("  Class:                             %s"%expand_code({
         elf.ELFCLASS32: 'ELF32',
         elf.ELFCLASS64: 'ELF64',
@@ -38,7 +73,10 @@ def display_headers(e):
         0: 'UNIX - System V',
         }, ident[elf.EI_OSABI]))
     print("  ABI Version:                       %d"%ident[elf.EI_ABIVERSION])
-    print("  Type:                              %s"%expand_code(et_strings, e.Ehdr.type))
+    elf_file_type = expand_code(et_strings, e.Ehdr.type)
+    if e.Ehdr.type == elf.ET_DYN and elf.is_pie(e):
+        elf_file_type = 'DYN (Position-Independent Executable file)'
+    print("  Type:                              %s"%elf_file_type)
     machine_code = dict(elf.constants['EM'])
     # Same textual output as readelf, from readelf.c
     machine_code[elf.EM_M32]            = 'ME32100'
@@ -72,21 +110,19 @@ def display_headers(e):
     machine_code[elf.EM_IA_64]          = 'Intel IA-64'
     machine_code[elf.EM_MIPS_X]         = 'Stanford MIPS-X'
     machine_code[elf.EM_COLDFIRE]       = 'Motorola Coldfire'
+    machine_code[elf.EM_X86_64]         = 'Advanced Micro Devices X86-64'
     print("  Machine:                           %s"%expand_code(machine_code, e.Ehdr.machine))
-    """
-    TO BE CONTINUED
-                ("version","u32"),
-                ("entry","ptr"),
-                ("phoff","ptr"),
-                ("shoff","ptr"),
-                ("flags","u32"),
-                ("ehsize","u16"),
-                ("phentsize","u16"),
-                ("phnum","u16"),
-                ("shentsize","u16"),
-                ("shnum","u16"),
-                ("shstrndx","u16") ]
-    """
+    print("  Version:                           %#x"%e.Ehdr.version)
+    print("  Entry point address:               %#x"%e.Ehdr.entry)
+    print("  Start of program headers:          %d (bytes into file)"%e.Ehdr.phoff)
+    print("  Start of section headers:          %d (bytes into file)"%e.Ehdr.shoff)
+    print("  Flags:                             %#x"%e.Ehdr.flags)
+    print("  Size of this header:               %d (bytes)"%e.Ehdr.ehsize)
+    print("  Size of program headers:           %d (bytes)"%e.Ehdr.phentsize)
+    print("  Number of program headers:         %d"%e.Ehdr.phnum)
+    print("  Size of section headers:           %d (bytes)"%e.Ehdr.shentsize)
+    print("  Number of section headers:         %d"%e.Ehdr.shnum)
+    print("  Section header string table index: %d"%e.Ehdr.shstrndx)
 
 def display_program_headers(e):
     # Output format similar to readelf -l
@@ -199,11 +235,86 @@ def display_symbols(sections):
     parser.add_argument('-d', '--dynamic', dest='options', action='append_const', const='dynamic',  help='Display the dynamic section (if present)')
     parser.add_argument('-l', '--program-headers', '--segments', dest='options', action='append_const', const='program',  help='Display the program headers')
     parser.add_argument('-g', '--section-groups', dest='options', action='append_const', const='groups',   help='Display the section groups')
+    parser.add_argument('--readelf', dest='readelf_version', action='append', help='Simulate the output of a given version of readelf')
     parser.add_argument('file', nargs='+', help='ELF file(s)')
     args = parser.parse_args()
     if args.options is None:
         args.options = []
 
+    elf.is_pie = lambda _: False
+    if args.readelf_version:
+        for readelf in args.readelf_version:
+            if 'native' in readelf:
+                readelf_version = get_readelf_version()
+            else:
+                readelf_version = float(readelf)
+        if True:
+            # TODO: readelf has a different output if "do_section_details" or "do_wide"
+            elf.Shdr.header64 = ["  [Nr] Name              Type             Address           Offset",
+                                 "       Size              EntSize          Flags  Link  Info  Align"]
+            elf.Shdr.format64 = ("  [%(idx)2d] %(name17)-17s %(type_txt)-15s  %(addr)016x  %(offset)08x\n"
+                                 "       %(size)016x  %(entsize)016x %(flags_txt)3s      %(link)2d    %(info)2d     %(addralign)d")
+        if readelf_version >= 2.26:
+            # 2016-01-20 https://github.com/bminor/binutils-gdb/commit/9fb71ee49fc37163697e4f34e16097928eb83d66
+            elf.Shdr.footer = property(lambda _: [
+                "Key to Flags:",
+                "  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),",
+                "  L (link order), O (extra OS processing required), G (group), T (TLS),",
+                "  C (compressed), x (unknown), o (OS specific), E (exclude),",
+                "  %sp (processor specific)" % (
+                    "l (large), " if e.Ehdr.machine in (elf.EM_X86_64, elf.EM_L10M, elf.EM_K10M) else
+                    "y (noread), " if e.Ehdr.machine == elf.EM_ARM else
+                    "" ),
+                ])
+        if readelf_version >= 2.27:
+            # 2016-07-05 https://github.com/bminor/binutils-gdb/commit/f0728ee368f217f2473798ad7ccfe9feae4412ce
+            elf.Shdr.footer = property(lambda _: [
+                "Key to Flags:",
+                "  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),",
+                "  L (link order), O (extra OS processing required), G (group), T (TLS),",
+                "  C (compressed), x (unknown), o (OS specific), E (exclude),",
+                "  %sp (processor specific)" % (
+                    "l (large), " if e.Ehdr.machine in (elf.EM_X86_64, elf.EM_L10M, elf.EM_K10M) else
+                    "y (purecode), " if e.Ehdr.machine == elf.EM_ARM else
+                    "" ),
+                ])
+        if readelf_version >= 2.29: # more precisely 2.29.1
+            # 2017-09-05 https://github.com/bminor/binutils-gdb/commit/83eef883581525d04df3a8e53a82c01d0d12b56a
+            elf.Shdr.footer = property(lambda _: [
+                "Key to Flags:",
+                "  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),",
+                "  L (link order), O (extra OS processing required), G (group), T (TLS),",
+                "  C (compressed), x (unknown), o (OS specific), E (exclude),",
+                "  %sp (processor specific)" % (
+                    "l (large), " if e.Ehdr.machine in (elf.EM_X86_64, elf.EM_L10M, elf.EM_K10M) else
+                    "y (purecode), " if e.Ehdr.machine == elf.EM_ARM else
+                    "v (VLE), " if e.Ehdr.machine == elf.EM_PPC else
+                    "" ),
+                ])
+        if readelf_version >= 2.36: # more precisely 2.36.1
+            # 2021-02-02 https://github.com/bminor/binutils-gdb/commit/5424d7ed94cf5a7ca24636ab9f4e6d5c353fc0d3
+            elf.Shdr.footer = property(lambda _: [
+                "Key to Flags:",
+                "  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),",
+                "  L (link order), O (extra OS processing required), G (group), T (TLS),",
+                "  C (compressed), x (unknown), o (OS specific), E (exclude),",
+                "  %s%sp (processor specific)" % (
+                    "R (retain), D (mbind), " if e.Ehdr.ident[elf.EI_OSABI] in (elf.ELFOSABI_GNU, elf.ELFOSABI_FREEBSD) else
+                    "D (mbind), " if e.Ehdr.ident[elf.EI_OSABI] == elf.ELFOSABI_NONE else
+                    ""
+                    ,
+                    "l (large), " if e.Ehdr.machine in (elf.EM_X86_64, elf.EM_L10M, elf.EM_K10M) else
+                    "y (noread), " if e.Ehdr.machine == elf.EM_ARM else
+                    "" ),
+                ])
+        if readelf_version >= 2.35:
+            # 2020-07-02 https://github.com/bminor/binutils-gdb/commit/0942c7ab94e554657c3e11ab85ae7f15373ee80d
+            elf.Shdr.name17 = property(lambda _: _.name[:12]+"[...]" if len(_.name) > 17 else _.name)
+        if readelf_version >= 2.37:
+            # 2021-06-15 https://github.com/bminor/binutils-gdb/commit/93df3340fd5ad32f784214fc125de71811da72ff
+            elf.is_pie = is_pie
+
+
     for file in args.file:
         if len(args.file) > 1:
             print("\nFile: %s" % file)

tests/examples_linux.sh

@@ -0,0 +1,10 @@
+#! /bin/bash
+
+options="-h -S -r -s --dyn-syms -d -l -g"
+options="-h -S"
+for option in $options; do
+for file in /bin/sh; do
+echo "=== readelf $option $file ==="
+diff -c <(readelf $option $file) <(python ./examples/readelf.py $option --readelf=native $file 2>/dev/null)
+done
+done

tests/test_elf_manipulation.py

@@ -161,7 +161,7 @@ def test_ELF_small64(assertion):
               'Packing after reading elf64_small.out')
     # Packed file is identical :-)
     d = e.sh.readelf_display().encode('latin1')
-    assertion('c497dd6a4e9aa54fb5f65ee3b8f9de3e',
+    assertion('0454c8b5354b3eda58fce252d5d48621',
               hashlib.md5(d).hexdigest(),
               'Display Section Headers (readelf, 64bit)')
     d = e.getsectionbyname('.symtab').readelf_display().encode('latin1')