Baseer 0.2.0
Baseer is an advanced binary analysis tool designed to provide deep insights into any file.
Loading...
Searching...
No Matches
bx_elf_disasm.c File Reference

Functions for disassembling ELF files and printing metadata. More...

#include "bx_elf_disasm.h"
#include "../b_hashmap/b_hashmap.h"

Functions

void dump_disasm_elf32_shdr (Elf32_Ehdr *elf, Elf32_Shdr *shdrs, bparser *parser)
 Disassemble and print the ELF32 section headers.
void dump_disasm_elf64_shdr (Elf64_Ehdr *elf, Elf64_Shdr *shdrs, bparser *parser)
 Disassemble and print the ELF64 section headers.
void dump_disasm_elf32_phdr (Elf32_Ehdr *elf, Elf32_Phdr *phdr, bparser *parser)
 Disassembles and prints the program headers of a 32-bit ELF file.
void dump_disasm_elf64_phdr (Elf64_Ehdr *elf, Elf64_Phdr *phdr, bparser *parser)
 Disassembles and prints the program headers of a 64-bit ELF file.
bool print_elf_disasm (bparser *parser, void *args)
 Print ELF file disassembly and metadata.

Detailed Description

Functions for disassembling ELF files and printing metadata.

Function Documentation

◆ dump_disasm_elf32_phdr()

void dump_disasm_elf32_phdr ( Elf32_Ehdr * elf,
Elf32_Phdr * phdr,
bparser * parser )

Disassembles and prints the program headers of a 32-bit ELF file.

This function iterates through all program headers in a 32-bit ELF file, prints their metadata (type, flags, addresses, sizes), and optionally disassembles the binary contents of loadable segments using udis86.

Parameters
elfPointer to the ELF header structure (Elf32_Ehdr).
phdrPointer to the first program header (array of Elf32_Phdr).
parserPointer to the Baseer parser object used for reading file contents.
  • Prints program header table with columns: ID, Type, Flags, Offset, VirtAddr, PhysAddr, FileSz, MemSz, Align.
  • Highlights special segments:
    • PT_INTERP: prints interpreter path.
    • PT_DYNAMIC: marks the file as dynamically linked.
  • If a program header contains data (p_filesz > 0), its content is read and disassembled instruction by instruction until either the end of the segment or a ret instruction is encountered.
Note
Only supports EM_386 and EM_X86_64 architectures at the moment.
Warning
Stops disassembly early when encountering ret (UD_Iret).

◆ dump_disasm_elf32_shdr()

void dump_disasm_elf32_shdr ( Elf32_Ehdr * elf,
Elf32_Shdr * shdrs,
bparser * parser )

Disassemble and print the ELF32 section headers.

Iterates over all section headers in a 32-bit ELF file. Prints metadata (name, type, flags, address, size, etc.) and disassembles machine code sections using udis86. Metadata sections (e.g., .rela.dyn, .interp) are identified and not disassembled.

Parameters
elfPointer to the ELF32 header.
shdrsPointer to the array of ELF32 section headers.
parserPointer to a bparser structure for reading binary data.

◆ dump_disasm_elf64_phdr()

void dump_disasm_elf64_phdr ( Elf64_Ehdr * elf,
Elf64_Phdr * phdr,
bparser * parser )

Disassembles and prints the program headers of a 64-bit ELF file.

This function iterates through all program headers in a 64-bit ELF file, prints their metadata (type, flags, addresses, sizes), and optionally disassembles the binary contents of loadable segments using udis86.

Parameters
elfPointer to the ELF header structure (Elf64_Ehdr).
phdrPointer to the first program header (array of Elf64_Phdr).
parserPointer to the Baseer parser object used for reading file contents.
  • Prints program header table with columns: ID, Type, Flags, Offset, VirtAddr, PhysAddr, FileSz, MemSz, Align.
  • Highlights special segments:
    • PT_INTERP: prints interpreter path.
    • PT_DYNAMIC: marks the file as dynamically linked.
  • If a program header contains data (p_filesz > 0), its content is read and disassembled instruction by instruction until either the end of the segment or a ret instruction is encountered.
Note
Only supports EM_386 and EM_X86_64 architectures at the moment.
Warning
Stops disassembly early when encountering ret (UD_Iret).

◆ dump_disasm_elf64_shdr()

void dump_disasm_elf64_shdr ( Elf64_Ehdr * elf,
Elf64_Shdr * shdrs,
bparser * parser )

Disassemble and print the ELF64 section headers.

Iterates over all section headers in a 64-bit ELF file. Prints metadata (name, type, flags, address, size, etc.) and disassembles machine code sections using udis86. Metadata sections (e.g., .rela.dyn, .interp) are identified and not disassembled.

Parameters
elfPointer to the ELF64 header.
shdrsPointer to the array of ELF64 section headers.
parserPointer to a bparser structure for reading binary data.

◆ print_elf_disasm()

bool print_elf_disasm ( bparser * parser,
void * args )

Print ELF file disassembly and metadata.

This function analyzes an ELF file in memory using a bparser and prints key information including endianness, class (32-bit or 64-bit), entry point, section headers, program headers, file type, and machine type. It calls the appropriate ELF32 or ELF64 section and program header disassembly functions. Only x86 (32-bit) and x86_64 (64-bit) architectures are supported.

Parameters
parserPointer to a bparser structure containing the ELF file in memory.
argsOptional arguments (currently unused).
Returns
true if the ELF file was successfully analyzed and disassembled; false if the ELF class or machine type is unsupported or unknown.