Baseer 0.2.0
Baseer is an advanced binary analysis tool designed to provide deep insights into any file.
Loading...
Searching...
No Matches
bx_elf_utils.c File Reference

Implementation of ELF parsing and display utilities. More...

#include "bx_elf_utils.h"

Functions

void print_section_header_legend (void)
 Print legends for ELF section header types and flags with color highlighting.
void print_program_header_legend (void)
 Print legends for ELF program header types and flags with color highlighting.
const char * elf_machine_to_str (unsigned int machine)
 Convert ELF e_machine value to human-readable string.
const char * sh_type_to_str (unsigned int sh_type)
 Converts an ELF section header type to a human-readable string with color.
const char * elf_type_to_str (unsigned int type)
 Converts an ELF file type to a human-readable string.
const char * type_p_to_str (unsigned int p_type)
 Converts a program header type (p_type) to a human-readable string with color.
void display_byte (const unsigned char *byte)
 Display a single byte in hexadecimal with color coding.
void display_byte_char (const unsigned char *byte)
 Display a single byte as a printable character with color coding.
int is_in_list (const char *word, const char *list[])
 Check if a word exists in a null-terminated string list.
int is_number (const char *word)
 Check if a string represents a numeric value.
const char * get_color (const char *word)
 Get the ANSI color code for a given assembly token.
void print_highlight_asm (const char *line)
 Print an assembly instruction line with syntax highlighting.
void format_sh_flags (uint64_t sh_flags, char *buf, size_t size)
 Format ELF section header flags into a colored string.
void print_symbols_32bit (bparser *parser, Elf32_Ehdr *elf, Elf32_Shdr *shdrs, Elf32_Shdr *symtab, Elf32_Shdr *strtab)
 Print all symbols from a 32-bit ELF file (with colors).
void print_symbols_64bit (bparser *parser, Elf64_Ehdr *elf, Elf64_Shdr *shdrs, Elf64_Shdr *symtab, Elf64_Shdr *strtab)
 Print all symbols from a 64-bit ELF file (with colors).
void print_symbols_with_disasm_32bit (bparser *parser, Elf32_Ehdr *elf, Elf32_Shdr *shdrs, Elf32_Shdr *symtab, Elf32_Shdr *strtab)
 Print ELF32 symbols along with disassembly for functions.
void print_symbols_with_disasm_64bit (bparser *parser, Elf64_Ehdr *elf, Elf64_Shdr *shdrs, Elf64_Shdr *symtab, Elf64_Shdr *strtab)
 Print ELF64 symbols along with disassembly for functions.
void print_hex_header (unsigned long long offset)
 Print the hex dump header row.
void print_section_header_metadata_32bit (unsigned int id, const char *name, const char *type_str, const char *flags, Elf32_Shdr *shdrs)
 Print metadata of a 32-bit ELF section header.
void print_section_header_metadata_64bit (unsigned int id, const char *name, const char *type_str, const char *flags, Elf64_Shdr *shdrs)
 Print metadata of a 64-bit ELF section header.
void print_program_header_metadata_32bit (unsigned int id, const char *type_str, const char *flags, Elf32_Phdr *phdr)
 Print metadata of a 32-bit ELF program header (segment).
void print_program_header_metadata_64bit (unsigned int id, const char *type_str, const char *flags, Elf64_Phdr *phdr)
 Print metadata of a 64-bit ELF program header (segment).
void print_body_bytes (unsigned char *ptr, size_t size, unsigned long long offset, int disasm, unsigned char bit_type)
 Print a block of bytes in hex and ASCII format, optionally disassembling executable instructions.
void print_disasm (unsigned char *ptr, size_t size, unsigned long long offset, unsigned char bit_type)
 Disassemble a block of machine code and print the assembly with highlighting.
void format_p_flags (uint32_t p_flags, char *buf, size_t size)
 Format ELF program header flags into a colored string.

Detailed Description

Implementation of ELF parsing and display utilities.

This file provides functions for:

  • Converting ELF machine, file, section, and program header types to strings
  • Formatting ELF program header flags for display
  • Printing metadata for ELF section headers and program headers (32-bit and 64-bit)
  • Displaying section or segment bytes in hex and ASCII
  • Disassembling executable sections using the UDis86 library
  • Printing legends for ELF section and program header types and flags

It supports both 32-bit and 64-bit ELF binaries and uses ANSI color codes to enhance terminal output readability.

Function Documentation

◆ display_byte()

void display_byte ( const unsigned char * byte)

Display a single byte in hexadecimal with color coding.

This function prints the value of a byte in hex format (two digits) and applies a color depending on its meaning:

  • Default (COLOR_YELLOW) for active instructions.
  • COLOR_RED for NOP (0x90), INT3 (0xCC), or filler bytes (0xFF).
  • COLOR_GRAY for padding or null bytes (0x00).
Parameters
bytePointer to the byte to display.
Note
The color codes are ANSI escape sequences. The color is reset after printing each byte using COLOR_RESET.

◆ display_byte_char()

void display_byte_char ( const unsigned char * byte)

Display a single byte as a printable character with color coding.

This function prints the ASCII representation of a byte. Non-printable bytes are shown as a '.' character. The output is color-coded based on the byte value:

  • 0x90, 0xCC, 0xFF → COLOR_RED (low / unused bytes)
  • 0x00 → COLOR_GRAY (padding or null bytes)
  • All other bytes → COLOR_YELLOW (default / active instruction)

Printable ASCII characters (32-126) are displayed as-is, while non-printable bytes are represented with '.'.

Parameters
bytePointer to the byte to display.

◆ elf_machine_to_str()

const char * elf_machine_to_str ( unsigned int machine)

Convert ELF e_machine value to human-readable string.

This function takes an ELF machine type (e_machine) from the ELF header and returns a descriptive string representing the target architecture.

Parameters
machineThe e_machine field from the ELF header.
Returns
const char* Human-readable string describing the architecture.
Note
Returns "Unknown/Unsupported machine" for unrecognized values.

Example:

const char* arch = elf_machine_to_str(EM_X86_64);
printf("Architecture: %s\n", arch); // Output: Architecture: AMD x86-64
elf_machine_to_str
const char * elf_machine_to_str(unsigned int machine)
Convert ELF e_machine value to human-readable string.
Definition bx_elf_utils.c:217

◆ elf_type_to_str()

const char * elf_type_to_str ( unsigned int type)

Converts an ELF file type to a human-readable string.

This function maps ELF file type constants (ET_*) to descriptive strings. Examples include relocatable files, executables, shared objects, and core files.

Parameters
typeThe ELF file type (e.g., ET_REL, ET_EXEC, ET_DYN, etc.).
Returns
const char* A pointer to a string describing the ELF file type.
Note
The returned string points to static memory and must not be freed.
Supports standard ELF types, OS-specific, and processor-specific ranges.

◆ format_p_flags()

void format_p_flags ( uint32_t p_flags,
char * buf,
size_t size )

Format ELF program header flags into a colored string.

This function converts the p_flags field of an ELF program header into a human-readable string with color highlighting for readability:

  • Readable (R) → green
  • Writable (W) → red
  • Executable (X) → yellow
Parameters
p_flagsThe flags from the ELF program header (p_flags field of Elf32_Phdr or Elf64_Phdr).
bufOutput buffer to store the formatted string. Must be preallocated.
sizeSize of the output buffer.
Note
Uses ANSI color codes: COLOR_GREEN, COLOR_RED, COLOR_YELLOW, COLOR_CYAN, COLOR_RESET.
Adds 5 spaces after the flags for alignment.

Example usage:

char flags_buf[32];
format_p_flags(phdr[i].p_flags, flags_buf, sizeof(flags_buf));
printf("|---Flags: %s\n", flags_buf);
format_p_flags
void format_p_flags(uint32_t p_flags, char *buf, size_t size)
Format ELF program header flags into a colored string.
Definition bx_elf_utils.c:1424

◆ format_sh_flags()

void format_sh_flags ( uint64_t sh_flags,
char * buf,
size_t size )

Format ELF section header flags into a colored string.

Parameters
sh_flagsSection header flags (bitmask).
bufBuffer to write formatted flags into.
sizeSize of the buffer.

◆ get_color()

const char * get_color ( const char * word)

Get the ANSI color code for a given assembly token.

This function determines the color that should be used to print a single word/token from an assembly instruction or line. It checks the token against several categories such as numbers, registers, opcodes, instruction types, and invalid/unknown tokens.

The color codes are defined by macros like COLOR_RED, COLOR_GREEN, etc.

Parameters
wordA null-terminated string representing the token to check.
Returns
A string containing the ANSI color code to use for this token. Returns COLOR_RESET if the token does not match any known category.
Note
The helper functions used include:
  • is_number() : returns true if the token is a numeric value.
  • is_in_list() : checks if the token exists in a given list of strings.
  • Token lists used:
    • data_mov : data movement instructions (mov, lea, etc.)
    • arithmetic : add, sub, mul, etc.
    • logic_ops : and, or, xor, etc.
    • jumps : jmp, je, jne, call, ret, etc.
    • string_ops : rep movsb, stosb, etc.
    • system_ops : syscall, int, etc.
    • asm_registers : all CPU registers (rax, rbx, r8d, al, etc.)
    • asm_types : db, dw, qword ptr, o16, etc.
    • invalid : invalid/unknown tokens

◆ is_in_list()

int is_in_list ( const char * word,
const char * list[] )

Check if a word exists in a null-terminated string list.

This function searches for an exact match of the given word in the provided list of strings. The list must be null-terminated.

Parameters
wordThe null-terminated string to search for.
listA null-terminated array of strings.
Returns
Returns 1 if the word is found in the list, 0 otherwise.
Note
Comparison is case-sensitive and uses strcmp(). Typically used to check if a token belongs to categories like registers, opcodes, instruction types, etc.

◆ is_number()

int is_number ( const char * word)

Check if a string represents a numeric value.

This function determines whether the given string word is a number. It supports:

  • Hexadecimal numbers starting with "0x" or "0X"
  • Decimal numbers (only digits)
Parameters
wordA null-terminated string to check.
Returns
Returns 1 if the string is a valid number (hex or decimal), 0 otherwise.
Note
Hexadecimal detection only checks the "0x" prefix; it does not validate that the remaining characters are valid hex digits. Decimal numbers are checked using isdigit().

◆ print_body_bytes()

void print_body_bytes ( unsigned char * ptr,
size_t size,
unsigned long long offset,
int disasm,
unsigned char bit_type )

Print a block of bytes in hex and ASCII format, optionally disassembling executable instructions.

This function prints the content of a memory block in a traditional hex dump format, showing the offset, hexadecimal bytes, and ASCII representation. If the block contains executable instructions (SHF_EXECINSTR flag is set), it also disassembles the instructions using the Udis86 library and highlights the assembly.

Parameters
ptrPointer to the memory block to print.
sizeNumber of bytes to print from the memory block.
offsetStarting offset to display in the hex dump.
disasmIf non-zero and contains SHF_EXECINSTR, the function disassembles the bytes.
bit_typeELF class: ELFCLASS32 for 32-bit, ELFCLASS64 for 64-bit.
Note
Uses ANSI color codes for highlighting offsets, hex bytes, and disassembly. Assumes the following helper functions exist:
  • print_hex_header(offset)
  • display_byte(unsigned char <em>ptr)
  • display_byte_char(unsigned char *ptr)
  • print_highlight_asm(const char
line)
BLOCK_LENGTH macro defines how many bytes per line (commonly 16).

Example output:

|
| --Offset-- 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
|----0x00001000: 4865 6C6C 6F20 576F 726C 6421 0000 0000 |Hello World!....|
|----0x00001010: ... (next 16 bytes)
Disassembly (if executable):
|----0x00001000: mov eax, 1
|----0x00001005: ret

◆ print_disasm()

void print_disasm ( unsigned char * ptr,
size_t size,
unsigned long long offset,
unsigned char bit_type )

Disassemble a block of machine code and print the assembly with highlighting.

This function uses the Udis86 library to disassemble a memory block and prints each instruction in Intel syntax. The output includes offsets and color highlighting for opcodes, registers, and addresses.

Parameters
ptrPointer to the memory block containing machine code.
sizeNumber of bytes to disassemble.
offsetStarting address to display in the disassembly output.
bit_typeELF class: ELFCLASS32 for 32-bit instructions, ELFCLASS64 for 64-bit instructions.
Note
Uses the helper function print_highlight_asm() to colorize the instructions.
ANSI color codes (COLOR_YELLOW, COLOR_RESET) are used for highlighting.

Example output:

|----0x00001000: mov eax, 1
|----0x00001005: add ebx, eax
|----0x00001007: ret

◆ print_hex_header()

void print_hex_header ( unsigned long long offset)

Print the hex dump header row.

This function prints the header line used in a hex dump, showing both the hexadecimal column labels (00–0F) and the ASCII column labels. It also highlights the header with green color using ANSI escape codes.

Example output (simplified):

|
| --Offset-- 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
Parameters
offsetStarting offset for the hex dump (not currently used in the header itself, but included for consistency).
Note
The function assumes ANSI color macros like COLOR_GREEN and COLOR_RESET are defined.

◆ print_highlight_asm()

void print_highlight_asm ( const char * line)

Print an assembly instruction line with syntax highlighting.

This function scans through a single line of assembly code and applies syntax highlighting (using ANSI color codes) to recognized tokens such as opcodes, registers, numbers, etc. Highlighting is determined by the helper function get_color().

Tokens are split based on whitespace and punctuation characters, but punctuation itself (commas, brackets, colons, etc.) is preserved and printed without coloring.

Example:

Input : "mov rax, [rbx+0x10]"
Output: mov (red) rax (cyan) , [ rbx (cyan) + 0x10 (yellow) ]
Parameters
lineA null-terminated string containing the assembly instruction line to highlight. If NULL, the function returns immediately.
Note
Requires that COLOR_* macros and get_color() are defined. The word buffer is currently fixed at 64 bytes.

◆ print_program_header_legend()

void print_program_header_legend ( void )

Print legends for ELF program header types and flags with color highlighting.

This function prints two tables to the console:

  1. Program Header Types Legend: Describes common p_type values with colors.
  2. Program Header Flags Legend: Describes common p_flags values with colors.

Each entry is highlighted using ANSI color codes for better readability.

Note
Uses the legend_entry struct:
typedef struct {
const char *name; // Short name or flag
const char *desc; // Description of the type or flag
const char *color; // ANSI color code
} legend_entry;
legend_entry
Definition bx_elf_utils.h:14

Example output (truncated):

=== Program Header Types Legend ===
+------------+------------------------------------------+
| Type | Description |
+------------+------------------------------------------+
| NULL | PT_NULL: Unused entry |
| LOAD | PT_LOAD: Loadable segment |
...
=== Program Header Flags Legend ===
+-----+-----------------------------------+
| Flag| Description |
+-----+-----------------------------------+
| R | PF_R: Readable |
| W | PF_W: Writable |
| X | PF_X: Executable |
...
Note
Uses ANSI color codes (COLOR_RED, COLOR_GREEN, COLOR_YELLOW, COLOR_CYAN, COLOR_MAGENTA, COLOR_WHITE, COLOR_RESET).

◆ print_program_header_metadata_32bit()

void print_program_header_metadata_32bit ( unsigned int id,
const char * type_str,
const char * flags,
Elf32_Phdr * phdr )

Print metadata of a 32-bit ELF program header (segment).

This function prints detailed information about a single ELF32 program segment, including type, flags, offset, virtual/physical addresses, file/memory size, and alignment. It uses ANSI color codes for visual distinction.

Parameters
idThe index of the program header in the program header table.
type_strA string representing the segment type (e.g., "PT_LOAD").
flagsA string representing the segment flags (e.g., "R E" for readable + executable).
phdrPointer to the array of ELF32 program headers (Elf32_Phdr[]).
Note
Assumes that the macros for ANSI colors (COLOR_CYAN, COLOR_BG_WHITE, COLOR_BCYAN, COLOR_RESET) and META_LABEL_WIDTH are defined.

Example output:

|--Program Segment [0]:
|---Type: PT_LOAD
|---Flags: R E
|---Offset: 0x00001000
|---VirtAddr: 0x08048000
|---PhysAddr: 0x08048000
|---FileSz: 0x00002000
|---MemSz: 0x00002000
|---Align: 0x1000

◆ print_program_header_metadata_64bit()

void print_program_header_metadata_64bit ( unsigned int id,
const char * type_str,
const char * flags,
Elf64_Phdr * phdr )

Print metadata of a 64-bit ELF program header (segment).

This function prints detailed information about a single ELF64 program segment, including type, flags, offset, virtual/physical addresses, file/memory size, and alignment. It uses ANSI color codes for visual distinction.

Parameters
idThe index of the program header in the program header table.
type_strA string representing the segment type (e.g., "PT_LOAD").
flagsA string representing the segment flags (e.g., "R E" for readable + executable).
phdrPointer to the array of ELF64 program headers (Elf64_Phdr[]).
Note
Assumes that the macros for ANSI colors (COLOR_CYAN, COLOR_BG_WHITE, COLOR_BCYAN, COLOR_RESET) and META_LABEL_WIDTH are defined.

Example output:

|--Program Segment [0]:
|---Type: PT_LOAD
|---Flags: R E
|---Offset: 0x00001000
|---VirtAddr: 0x00401000
|---PhysAddr: 0x00401000
|---FileSz: 0x00002000
|---MemSz: 0x00002000
|---Align: 0x1000

◆ print_section_header_legend()

void print_section_header_legend ( void )

Print legends for ELF section header types and flags with color highlighting.

This function prints two tables to the console:

  1. Section Header Types Legend: Describes common sh_type values with colors.
  2. Section Header Flags Legend: Describes common sh_flags values with colors.

Each entry is highlighted using ANSI color codes for better readability.

Note
Uses the legend_entry struct:
typedef struct {
const char *name; // Short name or flag
const char *desc; // Description of the type or flag
const char *color; // ANSI color code
} legend_entry;

Example output (truncated):

=== Section Header Types Legend ===
+---------------------+------------------------------------+
| Type | Description |
+---------------------+------------------------------------+
| NULL | SHT_NULL: Unused section |
| PROGBITS | SHT_PROGBITS: Program-defined data|
...
=== Section Header Flags Legend ===
+------+-------------------------------------------+
| Flag | Description |
+------+-------------------------------------------+
| W | SHF_WRITE: Writable |
| A | SHF_ALLOC: Occupies memory |
...
Note
Uses ANSI color codes (COLOR_RED, COLOR_GREEN, COLOR_YELLOW, COLOR_CYAN, COLOR_MAGENTA, COLOR_WHITE, COLOR_GRAY, COLOR_RESET).

◆ print_section_header_metadata_32bit()

void print_section_header_metadata_32bit ( unsigned int id,
const char * name,
const char * type_str,
const char * flags,
Elf32_Shdr * shdrs )

Print metadata of a 32-bit ELF section header.

This function prints detailed information about a single ELF32 section, including type, flags, address, offset, size, link, info, alignment, and entry size. It uses ANSI color codes for visual distinction.

Parameters
idThe index of the section in the section header table.
nameThe name of the section.
type_strA string representing the section type (e.g., "SHT_PROGBITS").
flagsA string representing the section flags (e.g., "AX" for alloc+execute).
shdrsPointer to the array of ELF32 section headers (Elf32_Shdr[]).
Note
Assumes that the macros for ANSI colors (COLOR_CYAN, COLOR_BLUE, COLOR_BG_WHITE, COLOR_BCYAN, COLOR_RESET) and META_LABEL_WIDTH are defined.

Example output:

|--Section [1] .text:
|---Type: PROGBITS
|---Flags: AX
|---Addr: 0x08048000
|---Offset: 0x00001000
|---Size: 0x00002000
|---Link: 0
|---Info: 0
|---Align: 0x10
|---EntSize: 0

◆ print_section_header_metadata_64bit()

void print_section_header_metadata_64bit ( unsigned int id,
const char * name,
const char * type_str,
const char * flags,
Elf64_Shdr * shdrs )

Print metadata of a 64-bit ELF section header.

This function prints detailed information about a single ELF64 section, including type, flags, address, offset, size, link, info, alignment, and entry size. It uses ANSI color codes for visual distinction.

Parameters
idThe index of the section in the section header table.
nameThe name of the section.
type_strA string representing the section type (e.g., "SHT_PROGBITS").
flagsA string representing the section flags (e.g., "AX" for alloc+execute).
shdrsPointer to the array of ELF64 section headers (Elf64_Shdr[]).
Note
Assumes that the macros for ANSI colors (COLOR_CYAN, COLOR_BLUE, COLOR_BG_WHITE, COLOR_BCYAN, COLOR_RESET) and META_LABEL_WIDTH are defined.

Example output:

|--Section [1] .text:
|---Type: PROGBITS
|---Flags: AX
|---Addr: 0x00401000
|---Offset: 0x00001000
|---Size: 0x00002000
|---Link: 0
|---Info: 0
|---Align: 0x10
|---EntSize: 0

◆ print_symbols_32bit()

void print_symbols_32bit ( bparser * parser,
Elf32_Ehdr * elf,
Elf32_Shdr * shdrs,
Elf32_Shdr * symtab,
Elf32_Shdr * strtab )

Print all symbols from a 32-bit ELF file (with colors).

This function iterates over the ELF32 symbol table (symtab) and its associated string table (strtab) to display information about each symbol. It prints a nicely formatted and colorized table that includes:

  • Index : The symbol index in the table.
  • Value : The symbol value (address in executables/shared objects, or section offset in relocatable files).
  • Size : The size of the symbol in bytes.
  • Type : The decoded symbol type (FUNC, OBJECT, SECTION, FILE, etc.).
  • Name : The symbol name resolved from the string table.
Parameters
parserPointer to the binary parser context (holds loaded ELF data in memory).
elfPointer to the ELF32 header structure.
shdrsPointer to the array of section headers in the ELF file.
symtabPointer to the section header for the symbol table (.symtab).
strtabPointer to the section header for the associated string table (.strtab).
Note
  • For relocatable ELF (.o) files: Value is the symbol’s offset relative to its section.
  • For executables / shared objects: Value is the virtual memory address of the symbol at runtime.
  • For undefined symbols: Value = 0 since the address will be resolved later.
Warning
Output uses ANSI color codes, so results may look odd in non-color terminals.

◆ print_symbols_64bit()

void print_symbols_64bit ( bparser * parser,
Elf64_Ehdr * elf,
Elf64_Shdr * shdrs,
Elf64_Shdr * symtab,
Elf64_Shdr * strtab )

Print all symbols from a 64-bit ELF file (with colors).

This function iterates over the ELF64 symbol table (symtab) and its associated string table (strtab) to display information about each symbol. It prints a formatted and colorized table including:

  • Index : The symbol index in the table.
  • Value : The symbol value (for executables/shared objects, this is the virtual address at runtime; for relocatable objects, this is the section-relative offset).
  • Size : The size of the symbol in bytes.
  • Type : The decoded symbol type (FUNC, OBJECT, SECTION, FILE, etc.).
  • Name : The symbol’s name resolved from the string table.
Parameters
parserPointer to the binary parser context (holds loaded ELF data in memory).
elfPointer to the ELF64 header structure.
shdrsPointer to the array of section headers in the ELF file.
symtabPointer to the section header for the symbol table (.symtab).
strtabPointer to the section header for the associated string table (.strtab).
Note
  • For relocatable ELF (.o): Value is the offset relative to its section.
  • For executables / shared objects: Value is the virtual memory address of the symbol.
  • For undefined symbols: Value = 0 since resolution is deferred to the linker/loader.
Warning
Output uses ANSI color codes, so results may appear incorrect in terminals without color support.

◆ print_symbols_with_disasm_32bit()

void print_symbols_with_disasm_32bit ( bparser * parser,
Elf32_Ehdr * elf,
Elf32_Shdr * shdrs,
Elf32_Shdr * symtab,
Elf32_Shdr * strtab )

Print ELF32 symbols along with disassembly for functions.

This function iterates over the symbol table of a 32-bit ELF file, printing information about each symbol and disassembling function symbols. It highlights the type of each symbol using ANSI color codes.

Parameters
parserPointer to a bparser structure containing the loaded ELF data.
elfPointer to the ELF32 file header (Elf32_Ehdr).
shdrsPointer to the section header array (Elf32_Shdr[]).
symtabPointer to the section header of the symbol table (Elf32_Shdr).
strtabPointer to the section header of the associated string table (Elf32_Shdr).
Note
The function assumes:
  • ANSI color macros (COLOR_RESET, COLOR_YELLOW, COLOR_BLUE, etc.) are defined.
  • Helper function print_disasm exists to disassemble memory regions.
  • ELF macros like ELF32_ST_TYPE, and constants like STT_FUNC, STT_OBJECT are defined.
  • Only symbols with st_size > 0 are disassembled.

Example output:

=== Symbols (symtab + strtab) ===
|-- main:
0x08001000: mov eax, ebx
...

◆ print_symbols_with_disasm_64bit()

void print_symbols_with_disasm_64bit ( bparser * parser,
Elf64_Ehdr * elf,
Elf64_Shdr * shdrs,
Elf64_Shdr * symtab,
Elf64_Shdr * strtab )

Print ELF64 symbols along with disassembly for functions.

This function iterates over the symbol table of a 64-bit ELF file, printing information about each symbol and disassembling function symbols. It highlights the type of each symbol using ANSI color codes.

Parameters
parserPointer to a bparser structure containing the loaded ELF data.
elfPointer to the ELF64 file header (Elf64_Ehdr).
shdrsPointer to the section header array (Elf64_Shdr[]).
symtabPointer to the section header of the symbol table (Elf64_Shdr).
strtabPointer to the section header of the associated string table (Elf64_Shdr).
Note
The function assumes:
  • ANSI color macros (COLOR_RESET, COLOR_YELLOW, COLOR_BLUE, etc.) are defined.
  • Helper function print_disasm exists to disassemble memory regions.
  • ELF macros like ELF64_ST_TYPE, and constants like STT_FUNC, STT_OBJECT are defined.
  • Only symbols with st_size > 0 are disassembled.

Example output:

=== Symbols (symtab + strtab) ===
|-- main:
0x00401000: mov rax, rbx
...

◆ sh_type_to_str()

const char * sh_type_to_str ( unsigned int sh_type)

Converts an ELF section header type to a human-readable string with color.

This function maps ELF section header type constants (SHT_*) to descriptive strings. ANSI color codes are added for colored output in terminal.

Parameters
sh_typeThe section header type (e.g., SHT_PROGBITS, SHT_SYMTAB, ...).
Returns
const char* A pointer to a static string representing the type. The string includes ANSI color codes for terminal output.
Note
The returned string should not be freed, as it points to static memory.
Supports standard, GNU, and SUNW section types, as well as OS/Processor/Application-specific ranges.

◆ type_p_to_str()

const char * type_p_to_str ( unsigned int p_type)

Converts a program header type (p_type) to a human-readable string with color.

This function maps ELF program header type constants (PT_*) to descriptive strings, optionally including ANSI color codes for terminal highlighting.

Parameters
p_typeThe program header type (e.g., PT_LOAD, PT_DYNAMIC, PT_INTERP, etc.).
Returns
const char* A pointer to a string describing the program header type.
Note
The returned string points to static memory and must not be freed.
Supports standard ELF program header types, OS-specific, and processor-specific ranges.
Some types include ANSI color codes for terminal output.