goelftools is library written in Go for parsing ELF file.

Last update: Dec 5, 2022

Comments: 0

goelftools

goelftools is library written in Go for parsing ELF file.

This library is inspired by pyelftools and rbelftools.

Motivation

The motivation to develop this library from scratch is a comprehensive understanding of ELF file structure.

Usage

View section names.

package main

import (
	"fmt"
	"log"
	"os"

	"github.com/hnts/goelftools/elf"
)

func main() {
	file := "testdata/elf_linux_amd64"
	b, err := os.ReadFile(file)
	if err != nil {
		log.Fatalf("failed to read %s: %s", file, err)
	}

	e, err := elf.New(b)
	if err != nil {
		log.Fatalf("failed to new elf file struct: %s", err)
	}

	ss := e.Sections
	for _, s := range ss {
		fmt.Println(s.Name)
	}
}

$ go run section_name.go | head -n10

.text
.rodata
.shstrtab
.typelink
.itablink
.gosymtab
.gopclntab
.go.buildinfo
.noptrdata

View assembly by using goelftools and gapstone.

Please note that the below code will not work without the capstone library installed.

package main

import (
	"fmt"
	"log"
	"os"

	"github.com/hnts/goelftools/elf"
	"github.com/knightsc/gapstone"
)

func main() {
	file := "testdata/elf_linux_amd64"
	b, err := os.ReadFile(file)
	if err != nil {
		log.Fatalf("failed to read %s: %s", file, err)
	}

	e, err := elf.New(b)
	if err != nil {
		log.Fatalf("failed to new elf file struct: %s", err)
	}

	engine, err := gapstone.New(
		gapstone.CS_ARCH_X86,
		gapstone.CS_MODE_64,
	)
	if err != nil {
		log.Fatalf("Failed to initialize engine: %v", err)
	}

	defer engine.Close()
	s := e.SectionByName(".text")
	if s == nil {
		log.Fatal(".text in not found")
	}

	insns, err := engine.Disasm(
		[]byte(s.Raw),
		0x10000,
		0,
	)
	if err != nil {
		log.Fatalf("Disassembly error: %v", err)
	}

	for _, insn := range insns {
		fmt.Printf("0x%x:\t%s\t\t%s\n", insn.Address, insn.Mnemonic, insn.OpStr)
	}
}

$ go run disas.go | head -n10
0x10000:        mov             rcx, qword ptr fs:[0xfffffffffffffff8]
0x10009:        cmp             rsp, qword ptr [rcx + 0x10]
0x1000d:        jbe             0x10047
0x1000f:        sub             rsp, 0x18
0x10013:        mov             qword ptr [rsp + 0x10], rbp
0x10018:        lea             rbp, [rsp + 0x10]
0x1001d:        nop             dword ptr [rax]
0x10020:        call            0x107a0
0x10025:        mov             rax, qword ptr [rsp + 0x20]
0x1002a:        mov             qword ptr [rsp], rax

Precautions

goelftools is under development.

If you want to parse ELF file in earnest by using Go, I recommend that you use debug/elf library.

Similar Resources

Abstract File Storage

afs - abstract file storage Please refer to CHANGELOG.md if you encounter breaking changes. Motivation Introduction Usage Matchers Content modifiers S

Dec 30, 2022

a tool for handling file uploads simple

baraka a tool for handling file uploads for http servers makes it easier to make operations with files from the http request. Contents Install Simple

Nov 30, 2022

Bigfile -- a file transfer system that supports http, rpc and ftp protocol https://bigfile.site

Bigfile ———— a file transfer system that supports http, rpc and ftp protocol 简体中文 ∙ English Bigfile is a file transfer system, supports http, ftp and

Dec 31, 2022

Read csv file from go using tags

go-csv-tag Read csv file from Go using tags The project is in maintenance mode. It is kept compatible with changes in the Go ecosystem but no new feat

Nov 16, 2022

Pluggable, extensible virtual file system for Go

vfs Package vfs provides a pluggable, extensible, and opinionated set of file system functionality for Go across a number of file system types such as

Jan 3, 2023

An epoll(7)-based file-descriptor multiplexer.

poller Package poller is a file-descriptor multiplexer. Download: go get github.com/npat-efault/poller Package poller is a file-descriptor multiplexer

Sep 25, 2022

QueryCSV enables you to load CSV files and manipulate them using SQL queries then after you finish you can export the new values to a CSV file

QueryCSV enable you to load CSV files and manipulate them using SQL queries then after you finish you can export the new values to CSV file

Dec 22, 2021

Read a tar file contents using go1.16 io/fs abstraction

go-tarfs Read a tar file contents using go1.16 io/fs abstraction Usage ⚠️ go-tarfs needs go=1.16 Install: go get github.com/nlepage/go-tarfs Use: pac

Dec 1, 2022

Open Source Continuous File Synchronization

Goals Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers. We strive to fulfill the goals belo

Jan 9, 2023

goelftools is library written in Go for parsing ELF file.

goelftools

Motivation

Usage

Precautions

Owner

Similar Resources

Abstract File Storage

a tool for handling file uploads simple

Bigfile -- a file transfer system that supports http, rpc and ftp protocol https://bigfile.site

Read csv file from go using tags

Pluggable, extensible virtual file system for Go

An epoll(7)-based file-descriptor multiplexer.

QueryCSV enables you to load CSV files and manipulate them using SQL queries then after you finish you can export the new values to a CSV file

Read a tar file contents using go1.16 io/fs abstraction

Open Source Continuous File Synchronization

Related tags

Goful is a CUI file manager written in Go.

File uploader with support for multiple hosts and progress reporting written in Go.

GeeseFS is a high-performance, POSIX-ish S3 (Yandex, Amazon) file system written in Go

RIFF file extractor written in Go.

Go file operations library chasing GNU APIs.

File system event notification library on steroids.

Go library for the TOML file format

A simple library for generating PDF written in Go lang

GoCsv is a library written in pure Go to use csv data more comfortable