Baseer 0.2.0
Baseer is an advanced binary analysis tool designed to provide deep insights into any file.
Loading...
Searching...
No Matches
b_elf_metadata.h File Reference

ELF metadata extraction and printing interface for Baseer. More...

#include "../bparser/bparser.h"
#include "../../baseer.h"
#include <elf.h>
#include <string.h>
#include "../bx_elf_utils/bx_elf_utils.h"
#include "udis86.h"

Go to the source code of this file.

Functions

void dump_elf32hdr (Elf32_Ehdr *elf)
 Dump the ELF header information for a 32-bit ELF file.
void dump_elf64hdr (Elf64_Ehdr *elf)
 Dump the ELF header information for a 64-bit ELF file.
void dump_elf32_shdr (Elf32_Ehdr *elf, Elf32_Shdr *shdrs, bparser *parser)
 Dump the section header table of a 32-bit ELF file.
void dump_elf64_shdr (Elf64_Ehdr *elf, Elf64_Shdr *shdrs, bparser *parser)
 Dump the section header table of a 64-bit ELF file.
void dump_elf32_phdr (Elf32_Ehdr *elf, Elf32_Phdr *phdr, bparser *parser)
 Dump the program header table of a 32-bit ELF file.
void dump_elf64_phdr (Elf64_Ehdr *elf, Elf64_Phdr *phdr, bparser *parser)
 Dump the program header table of a 64-bit ELF file.
bool print_meta_data (bparser *parser, void *args)
 Print high-level metadata of an ELF file and dispatch detailed dump functions.

Detailed Description

ELF metadata extraction and printing interface for Baseer.

This module provides functions to parse and print metadata from ELF files, including ELF headers, program headers, and section headers. It is used within the Baseer binary analysis framework to display detailed ELF information in a structured and colored format.

The main entry point is print_meta_data(), which determines the ELF class (32-bit or 64-bit), detects endianness, and invokes the appropriate dump functions for headers and sections.

Note
This module depends on bx_elf_utils for header dumping utilities.
Supports both 32bit and 64bit binaries.
See also
bx_elf_utils.h
bparser.h

Function Documentation

◆ dump_elf32_phdr()

void dump_elf32_phdr ( Elf32_Ehdr * elf,
Elf32_Phdr * phdr,
bparser * parser )

Dump the program header table of a 32-bit ELF file.

This function iterates over the program headers of a 32-bit ELF file and prints metadata and raw contents for each segment.

Printed metadata includes:

  • Program header type (human-readable and numeric)
  • Flags (R/W/X)
  • Offset
  • Virtual and physical addresses
  • File size, memory size, and alignment

Special cases:

  • If the segment type is PT_INTERP, the interpreter path is printed.
  • If the segment type is PT_DYNAMIC, it indicates the binary is dynamically linked.

Raw segment bytes:

  • If a segment has file size > 0, its raw bytes are read from the ELF file using bparser_read and printed in hexadecimal format.
Parameters
elfPointer to the ELF header (Elf32_Ehdr).
phdrPointer to the program header table (array of Elf32_Phdr).
parserPointer to a bparser structure that provides access to the file data.
Note
Output is color formatted and written to standard output.
See also
dump_elf64_phdr()

◆ dump_elf32_shdr()

void dump_elf32_shdr ( Elf32_Ehdr * elf,
Elf32_Shdr * shdrs,
bparser * parser )

Dump the section header table of a 32-bit ELF file.

This function iterates over the section headers of a 32-bit ELF file and prints human-readable information for each section.

Printed metadata includes:

  • Section index (ID)
  • Section name (resolved from the section string table)
  • Section type (as string and numeric)
  • Flags (W/A/X)
  • Virtual address, file offset, and section size
  • Link, Info, Alignment, and Entry size

Raw section bytes:

  • If a section has size > 0, its contents are read from the ELF file using bparser_read and printed in hexadecimal format.
Parameters
elfPointer to the ELF header (Elf32_Ehdr).
shdrsPointer to the section header table (array of Elf32_Shdr).
parserPointer to a bparser structure that provides access to the file data.
Note
Output is color formatted and written to standard output.
See also
dump_elf64_shdr()

◆ dump_elf32hdr()

void dump_elf32hdr ( Elf32_Ehdr * elf)

Dump the ELF header information for a 32-bit ELF file.

This function prints human-readable information about the provided 32-bit ELF header, including:

  • The ELF class (32-bit)
  • Entry point address
  • Program header count and offset
  • Section header count and offset
  • Section header string table index
  • File type and machine type (both as strings and raw values)
Parameters
elfPointer to an Elf32_Ehdr structure representing the ELF header.
Note
The output is printed to standard output with color formatting.
See also
dump_elf64hdr()

◆ dump_elf64_phdr()

void dump_elf64_phdr ( Elf64_Ehdr * elf,
Elf64_Phdr * phdr,
bparser * parser )

Dump the program header table of a 64-bit ELF file.

This function iterates over the program headers of a 64-bit ELF file and prints metadata and raw contents for each segment.

Printed metadata includes:

  • Program header type (human-readable and numeric)
  • Flags (R/W/X)
  • Offset
  • Virtual and physical addresses
  • File size, memory size, and alignment

Special cases:

  • If the segment type is PT_INTERP, the interpreter path is printed.
  • If the segment type is PT_DYNAMIC, it indicates the binary is dynamically linked.

Raw segment bytes:

  • If a segment has file size > 0, its raw bytes are read from the ELF file using bparser_read and printed in hexadecimal format.
Parameters
elfPointer to the ELF header (Elf64_Ehdr).
phdrPointer to the program header table (array of Elf64_Phdr).
parserPointer to a bparser structure that provides access to the file data.
Note
Output is color formatted and written to standard output.
See also
dump_elf32_phdr()

◆ dump_elf64_shdr()

void dump_elf64_shdr ( Elf64_Ehdr * elf,
Elf64_Shdr * shdrs,
bparser * parser )

Dump the section header table of a 64-bit ELF file.

This function iterates over the section headers of a 64-bit ELF file and prints human-readable information for each section.

Printed metadata includes:

  • Section index (ID)
  • Section name (resolved from the section string table)
  • Section type (as string and numeric)
  • Flags (W/A/X)
  • Virtual address, file offset, and section size
  • Link, Info, Alignment, and Entry size

Raw section bytes:

  • If a section has size > 0, its contents are read from the ELF file using bparser_read and printed in hexadecimal format.
Parameters
elfPointer to the ELF header (Elf64_Ehdr).
shdrsPointer to the section header table (array of Elf64_Shdr).
parserPointer to a bparser structure that provides access to the file data.
Note
Output is color formatted and written to standard output.
See also
dump_elf32_shdr()

◆ dump_elf64hdr()

void dump_elf64hdr ( Elf64_Ehdr * elf)

Dump the ELF header information for a 64-bit ELF file.

This function prints human-readable information about the provided 64-bit ELF header, including:

  • The ELF class (64-bit)
  • Entry point address
  • Program header count and offset
  • Section header count and offset
  • Section header string table index
  • File type and machine type (both as strings and raw values)
Parameters
elfPointer to an Elf64_Ehdr structure representing the ELF header.
Note
The output is printed to standard output with color formatting.
See also
dump_elf32hdr()

◆ print_meta_data()

bool print_meta_data ( bparser * parser,
void * args )

Print high-level metadata of an ELF file and dispatch detailed dump functions.

This function reads the ELF identification bytes from the parser source memory to determine:

  • Endianness (Little Endian, Big Endian, or Unknown)
  • ELF class (32-bit or 64-bit)

Based on the ELF class, it parses the ELF header, program headers, and section headers, then calls the corresponding dump functions:

Parameters
parserPointer to a bparser structure containing the ELF file in memory.
argsOptional arguments (currently unused).
Returns
true if the ELF class was recognized and processed (32-bit or 64-bit), false otherwise (invalid or unknown ELF class).
Note
Output is color formatted and written to standard output.
See also
dump_elf32hdr(), dump_elf32_shdr(), dump_elf32_phdr(), dump_elf64hdr(), dump_elf64_shdr(), dump_elf64_phdr()