- ELF文件相关PWN篇-二进制文件
ELF header解析器
查看elf.h
中有定义
则可以从文件流中读入数据到指针中,进而输出ELF Header信息
以下代码在Windows中编译需要将elf.h
文件复制到/include
目录下
32位与64位在文件头有区别:
64位版本:
#include<bits/stdc++.h>
#include<elf.h>
using namespace std;
signed main()
{
Elf64_Ehdr e64_hd;//参见elf.h定义
FILE *pt;//定义FILE类型的指针
pt=freopen("question_5_x64","r",stdin);//需要判断的文件
fread(&e64_hd,sizeof(Elf64_Ehdr),1,pt);//从文件流读取数据到e64_hd中
printf("Magic number and other info: ");
for(int i=0;i<16;i++)
{
printf("%02x ",e64_hd.e_ident[i]);
// cout<<e64_hd.e_ident[i];
}
printf("\n");
printf("Object file type: %x\n",e64_hd.e_type);
// cout<<"Object file type: "<<e64_hd.e_type<<endl;
printf("Architecture: %lu\n",e64_hd.e_machine);
// cout<<"Architecture: "<<e64_hd.e_machine<<endl;
printf("Entry point virtual address: 0x%x\n",e64_hd.e_entry);
printf("Program header table file offset: %d(bytes into file)\n",e64_hd.e_phoff);
printf("Section header table file offset: %d(bytes into file)\n",e64_hd.e_shoff);
printf("Processor-specific flags: 0x%x\n",e64_hd.e_flags);
printf("ELF header size in bytes: %d(bytes)\n",e64_hd.e_ehsize);
printf("Program header table entry size: %d(bytes)\n",e64_hd.e_phentsize);
printf("Program header table entry count: %d\n",e64_hd.e_phnum);
printf("Section header table entry size: %d(bytes)\n",e64_hd.e_shentsize);
printf("Section header table entry count: %d\n",e64_hd.e_shnum);
printf("Section header string table index: %d\n",e64_hd.e_shstrndx);
return 0;
}
截图与readelf -h
对比:
32位版本:
#include<bits/stdc++.h>
#include<elf.h>
using namespace std;
signed main()
{
Elf32_Ehdr e32_hd;//参见elf.h定义
FILE *pt;//定义FILE类型的指针
pt=freopen("question_5_x86","r",stdin);//需要判断的文件
fread(&e32_hd,sizeof(Elf32_Ehdr),1,pt);//从文件流读取数据到e32_hd中
printf("Magic number and other info: ");
for(int i=0;i<16;i++)
{
printf("%02x ",e32_hd.e_ident[i]);
// cout<<e32_hd.e_ident[i];
}
printf("\n");
printf("Object file type: %x\n",e32_hd.e_type);
// cout<<"Object file type: "<<e32_hd.e_type<<endl;
printf("Architecture: %lu\n",e32_hd.e_machine);
// cout<<"Architecture: "<<e32_hd.e_machine<<endl;
printf("Entry point virtual address: 0x%x\n",e32_hd.e_entry);
printf("Program header table file offset: %d(bytes into file)\n",e32_hd.e_phoff);
printf("Section header table file offset: %d(bytes into file)\n",e32_hd.e_shoff);
printf("Processor-specific flags: 0x%x\n",e32_hd.e_flags);
printf("ELF header size in bytes: %d(bytes)\n",e32_hd.e_ehsize);
printf("Program header table entry size: %d(bytes)\n",e32_hd.e_phentsize);
printf("Program header table entry count: %d\n",e32_hd.e_phnum);
printf("Section header table entry size: %d(bytes)\n",e32_hd.e_shentsize);
printf("Section header table entry count: %d\n",e32_hd.e_shnum);
printf("Section header string table index: %d\n",e32_hd.e_shstrndx);
return 0;
}
截图与readelf -h
对比: