1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
|
--
-- elf.lua: Executable and Linkable Format
--
-- Copyright (c) 2017, Přemysl Janouch <p.janouch@gmail.com>
--
-- Permission to use, copy, modify, and/or distribute this software for any
-- purpose with or without fee is hereby granted, provided that the above
-- copyright notice and this permission notice appear in all copies.
--
-- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
-- SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
-- OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
-- CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--
local detect = function (c)
return c:read (4) == "\x7FELF"
end
local type_table = {
[0] = "no file type",
[1] = "relocatable file",
[2] = "executable file",
[3] = "shared object file",
[4] = "core file"
}
local machine_table = {
[0] = "no machine",
[1] = "AT&T WE 32100",
[2] = "SPARC",
[3] = "Intel 386",
[4] = "Motorola 68000",
[5] = "Motorola 88000",
[6] = "Intel MCU",
[7] = "Intel 80860",
[8] = "MIPS R3000",
[9] = "IBM System/370",
[10] = "MIPS RS3000 Little-endian",
[15] = "Hewlett-Packard PA-RISC",
[17] = "Fujitsu VPP500",
[18] = "Enhanced instruction set SPARC",
[19] = "Intel 80960",
[20] = "PowerPC",
[21] = "PowerPC64",
[22] = "IBM System/390",
[23] = "IBM SPU/SPC",
[36] = "NEC V800",
[37] = "Fujitsu FR20",
[38] = "TRW RH-32",
[39] = "Motorola RCE",
[40] = "ARM",
[41] = "DEC Alpha",
[42] = "Hitachi SH",
[43] = "SPARC V9",
[44] = "Siemens TriCore",
[45] = "Argonaut RISC Core",
[46] = "Hitachi H8/300",
[47] = "Hitachi H8/300H",
[48] = "Hitachi H8S",
[49] = "Hitachi H8/500",
[50] = "Intel IA-64 processor architecture",
[51] = "Stanford MIPS-X",
[52] = "Motorola ColdFire",
[53] = "Motorola M68HC12",
[54] = "Fujitsu MMA Multimedia Accelerator",
[55] = "Siemens PCP",
[56] = "Sony nCPU embedded RISC processor",
[57] = "Denso NDR1 microprocessor",
[58] = "Motorola Star*Core processor",
[59] = "Toyota ME16 processor",
[60] = "STMicroelectronics ST100 processor",
[61] = "Advanced Logic Corp. TinyJ embedded processor family",
[62] = "AMD x86-64 architecture",
[63] = "Sony DSP Processor",
[64] = "Digital Equipment Corp. PDP-10",
[65] = "Digital Equipment Corp. PDP-11",
[66] = "Siemens FX66 microcontroller",
[67] = "STMicroelectronics ST9+ 8/16 bit microcontroller",
[68] = "STMicroelectronics ST7 8-bit microcontroller",
[69] = "Motorola MC68HC16 Microcontroller",
[70] = "Motorola MC68HC11 Microcontroller",
[71] = "Motorola MC68HC08 Microcontroller",
[72] = "Motorola MC68HC05 Microcontroller",
[73] = "Silicon Graphics SVx",
[74] = "STMicroelectronics ST19 8-bit microcontroller",
[75] = "Digital VAX",
[76] = "Axis Communications 32-bit embedded processor",
[77] = "Infineon Technologies 32-bit embedded processor",
[78] = "Element 14 64-bit DSP Processor",
[79] = "LSI Logic 16-bit DSP Processor",
[80] = "Donald Knuth's educational 64-bit processor",
[81] = "Harvard University machine-independent object files",
[82] = "SiTera Prism",
[83] = "Atmel AVR 8-bit microcontroller",
[84] = "Fujitsu FR30",
[85] = "Mitsubishi D10V",
[86] = "Mitsubishi D30V",
[87] = "NEC v850",
[88] = "Mitsubishi M32R",
[89] = "Matsushita MN10300",
[90] = "Matsushita MN10200",
[91] = "picoJava",
[92] = "OpenRISC 32-bit embedded processor",
[93] = "ARC International ARCompact processor",
[94] = "Tensilica Xtensa Architecture",
[95] = "Alphamosaic VideoCore processor",
[96] = "Thompson Multimedia General Purpose Processor",
[97] = "National Semiconductor 32000 series",
[98] = "Tenor Network TPC processor",
[99] = "Trebia SNP 1000 processor",
[100] = "STMicroelectronics (www.st.com) ST200",
[101] = "Ubicom IP2xxx microcontroller family",
[102] = "MAX Processor",
[103] = "National Semiconductor CompactRISC microprocessor",
[104] = "Fujitsu F2MC16",
[105] = "Texas Instruments embedded microcontroller msp430",
[106] = "Analog Devices Blackfin (DSP) processor",
[107] = "S1C33 Family of Seiko Epson processors",
[108] = "Sharp embedded microprocessor",
[109] = "Arca RISC Microprocessor",
[110] = "microprocessor series from PKU-Unity Ltd." ..
" and MPRC of Peking University",
[111] = "eXcess: 16/32/64-bit configurable embedded CPU",
[112] = "Icera Semiconductor Inc. Deep Execution Processor",
[113] = "Altera Nios II soft-core processor",
[114] = "National Semiconductor CompactRISC CRX",
[115] = "Motorola XGATE embedded processor",
[116] = "Infineon C16x/XC16x processor",
[117] = "Renesas M16C series microprocessors",
[118] = "Microchip Technology dsPIC30F Digital Signal Controller",
[119] = "Freescale Communication Engine RISC core",
[120] = "Renesas M32C series microprocessors",
[131] = "Altium TSK3000 core",
[132] = "Freescale RS08 embedded processor",
[133] = "Analog Devices SHARC family of 32-bit DSP processors",
[134] = "Cyan Technology eCOG2 microprocessor",
[135] = "Sunplus S+core7 RISC processor",
[136] = "New Japan Radio (NJR) 24-bit DSP Processor",
[137] = "Broadcom VideoCore III processor",
[138] = "RISC processor for Lattice FPGA architecture",
[139] = "Seiko Epson C17 family",
[140] = "The Texas Instruments TMS320C6000 DSP family",
[141] = "The Texas Instruments TMS320C2000 DSP family",
[142] = "The Texas Instruments TMS320C55x DSP family",
[160] = "STMicroelectronics 64bit VLIW Data Signal Processor",
[161] = "Cypress M8C microprocessor",
[162] = "Renesas R32C series microprocessors",
[163] = "NXP Semiconductors TriMedia architecture family",
[164] = "Qualcomm Hexagon processor",
[165] = "Intel 8051 and variants",
[166] = "STMicroelectronics STxP7x family of configurable" ..
" and extensible RISC processors",
[167] = "Andes Technology compact code size embedded RISC processor family",
[168] = "Cyan Technology eCOG1X family",
[168] = "Cyan Technology eCOG1X family",
[169] = "Dallas Semiconductor MAXQ30 Core Micro-controllers",
[170] = "New Japan Radio (NJR) 16-bit DSP Processor",
[171] = "M2000 Reconfigurable RISC Microprocessor",
[172] = "Cray Inc. NV2 vector architecture",
[173] = "Renesas RX family",
[174] = "Imagination Technologies META processor architecture",
[175] = "MCST Elbrus general purpose hardware architecture",
[176] = "Cyan Technology eCOG16 family",
[177] = "National Semiconductor CompactRISC CR16 16-bit microprocessor",
[178] = "Freescale Extended Time Processing Unit",
[179] = "Infineon Technologies SLE9X core",
[180] = "Intel L10M",
[181] = "Intel K10M",
[183] = "ARM AArch64",
[185] = "Atmel Corporation 32-bit microprocessor family",
[186] = "STMicroeletronics STM8 8-bit microcontroller",
[187] = "Tilera TILE64 multicore architecture family",
[188] = "Tilera TILEPro multicore architecture family",
[190] = "NVIDIA CUDA architecture",
[191] = "Tilera TILE-Gx multicore architecture family",
[192] = "CloudShield architecture family",
[193] = "KIPO-KAIST Core-A 1st generation processor family",
[194] = "KIPO-KAIST Core-A 2nd generation processor family",
[195] = "Synopsys ARCompact V2",
[196] = "Open8 8-bit RISC soft processor core",
[197] = "Renesas RL78 family",
[198] = "Broadcom VideoCore V processor",
[199] = "Renesas 78KOR family",
[200] = "Freescale 56800EX Digital Signal Controller (DSC)",
[201] = "Beyond BA1 CPU architecture",
[202] = "Beyond BA2 CPU architecture",
[203] = "XMOS xCORE processor family",
[204] = "Microchip 8-bit PIC(r) family",
[205] = "reserved by Intel",
[206] = "reserved by Intel",
[207] = "reserved by Intel",
[208] = "reserved by Intel",
[209] = "reserved by Intel",
[210] = "KM211 KM32 32-bit processor",
[211] = "KM211 KMX32 32-bit processor",
[212] = "KM211 KMX16 16-bit processor",
[213] = "KM211 KMX8 8-bit processor",
[214] = "KM211 KVARC processor",
[215] = "Paneve CDP architecture family",
[216] = "Cognitive Smart Memory Processor",
[217] = "iCelero CoolEngine",
[218] = "Nanoradio Optimized RISC",
[219] = "CSR Kalimba architecture family",
[224] = "AMD GPU architecture",
[244] = "Lanai 32-bit processor",
[247] = "Linux kernel bpf virtual machine"
}
local decode32 = function (c)
-- TODO: like the 64-bit version, maybe try to merge the code somehow
end
local decode64 = function (c)
local type = c:u16 ("type of file: %s", function (u16)
name = type_table[u16]
if name then return name end
return "unknown: %d", u16
end)
local machine = c:u16 ("required architecture: %s", function (u16)
name = machine_table[u16]
if name then return name end
return "unknown: %d", u16
end)
local version = c:u32 ("version: %d")
local entry = c:u64 ("program entry address: %#x")
local ph_offset = c:u64 ("program header table offset: %#x")
local sh_offset = c:u64 ("section header table offset: %#x")
local flags = c:u32 ("processor-specific flags: %#x")
local eh_size = c:u16 ("ELF header size: %d")
local ph_entry_size = c:u16 ("program header size: %d")
local ph_number = c:u16 ("program header count: %d")
local sh_entry_size = c:u16 ("section header size: %d")
local sh_number = c:u16 ("section header count: %d")
local sh_string_index = c:u16 ("section header index for strings: %d")
-- TODO: decode all sections as well, see man 5 elf,
-- /usr/include/elf.h and /usr/include/llvm/Support/ELF.h
end
local abi_table = {
[0] = "UNIX System V ABI",
[1] = "HP-UX operating system",
[2] = "NetBSD",
[3] = "GNU/Linux",
[4] = "GNU/Hurd",
[6] = "Solaris",
[7] = "AIX",
[8] = "IRIX",
[9] = "FreeBSD",
[10] = "TRU64 UNIX",
[11] = "Novell Modesto",
[12] = "OpenBSD",
[13] = "OpenVMS",
[14] = "Hewlett-Packard Non-Stop Kernel",
[15] = "AROS",
[16] = "FenixOS",
[17] = "Nuxi CloudABI",
[64] = "Bare-metal TMS320C6000",
[64] = "AMD HSA runtime",
[65] = "Linux TMS320C6000",
[97] = "ARM",
[255] = "Standalone (embedded) application"
}
local decode = function (c)
if not detect (c ()) then error ("not an ELF file") end
local p = c.position, c:read (4)
c (p, p + 3):mark ("ELF magic")
local class = c:u8 ("ELF class: %s", function (u8)
if u8 == 1 then return "32-bit" end
if u8 == 2 then return "64-bit" end
return "invalid: %d", u8
end)
local data = c:u8 ("ELF data: %s", function (u8)
if u8 == 1 then
c.endianity = "le"
return "little-endian"
end
if u8 == 2 then
c.endianity = "be"
return "big-endian"
end
return "invalid: %d", u8
end)
local version = c:u8 ("ELF version: %d")
local abi = c:u8 ("OS ABI: %s", function (u8)
name = abi_table[u8]
if name then return name end
return "unknown: %d", u8
end)
local abi_version = c:u8 ("OS ABI version: %d")
-- The padding is reserved, no big sense in marking it
local padding = c:read (7)
-- We cannot decode anything further as we don't know how
if data ~= 1 and data ~= 2 then return end
if class == 1 then decode32 (c) end
if class == 2 then decode64 (c) end
end
hex.register { type="elf", detect=detect, decode=decode }
|
