# elf_parse **Repository Path**: harry_jzj/elf_parse ## Basic Information - **Project Name**: elf_parse - **Description**: aarch64 elf的解析分析工具 - **Primary Language**: Python - **License**: Apache-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2026-03-19 - **Last Updated**: 2026-03-24 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # elf_parse AARCH64 ELF 解析分析工具 ## 功能特性 - ELF 文件解析(节区、符号、段等) - AARCH64 反汇编支持 - 安全特性分析(NX、PIE、RELRO、Stack Canary、FORTIFY) - **共享库依赖分析** - **动态重定位统计**(支持标准 REL/RELA、Android Packed、RELR) - **符号匹配分析** ## 安装 ```bash # 克隆仓库 git clone https://github.com/yourusername/elf_parse.git cd elf_parse # 创建虚拟环境 python -m venv venv source venv/bin/activate # Linux # 或 venv\Scripts\activate # Windows # 安装 pip install -e ".[dev]" ``` ## 使用说明 ### 基本命令 ```bash # 查看 ELF 信息 elf-parse info /path/to/binary # 列出节区 elf-parse sections /path/to/binary # 列出符号 elf-parse symbols /path/to/binary # 安全分析 elf-parse security /path/to/binary # 反汇编 elf-parse disasm /path/to/binary ``` ### 依赖分析(deps 命令) 分析共享库的依赖关系和重定位信息: ```bash # 基本依赖分析 elf-parse deps libfoo.so /target/directory # 包含重定位统计和符号匹配 elf-parse deps libfoo.so /target/directory -r # 详细输出 elf-parse deps libfoo.so /target/directory -r -v # 输出到文件 elf-parse deps libfoo.so /target/directory -r -o result.txt ``` #### deps 命令输出说明 1. **FOUND LIBRARIES** - 找到的库及其路径 2. **MISSING LIBRARIES** - 未找到的依赖库 3. **RELOCATION STATISTICS** - 重定位类型统计 4. **PER-LIBRARY RELOCATION STATISTICS** - 每个库的重定位统计 5. **SYMBOL MATCHING ANALYSIS** - 符号匹配分析 - R_AARCH64_JUMP_SLOT 匹配统计 - R_AARCH64_GLOB_DAT 匹配统计 6. **SYMBOL MATCHING SUMMARY** - 汇总表格 #### 支持的重定位类型 | 类型 | 说明 | |------|------| | DT_REL / DT_RELA | 标准 REL/RELA 重定位 | | DT_JMPREL | PLT 重定位(函数跳转) | | DT_ANDROID_REL / DT_ANDROID_RELA | Android Packed 重定位(SLEB128/ULEB128 编码) | | DT_RELR | 紧凑相对重定位(Bitmap 格式) | **注意**:只解析动态重定位,静态重定位(.rel.text 等)不会被分析。 #### 特性 - **无外部依赖**:所有解析逻辑内置实现 - **Android Packed Relocations**:直接解析 SLEB128/ULEB128 编码的紧凑格式 - **RELR 支持**:解析 Bitmap 格式的紧凑相对重定位 #### Android Packed Relocations 格式 ``` Header: - signature: 4 bytes ("APS1" for REL, "APS2" for RELA) - packed_size: 4 bytes - unpacked_size: 4 bytes Data (SLEB128/ULEB128 encoded groups): - group_size: sleb128 - group_flags: sleb128 - entries[]: - offset_delta: sleb128 - r_info: uleb128 (if not relative) - addend: sleb128 (if RELA) ``` #### RELR 格式 ``` Entry format: - bit[0] == 0: base address entry - bit[0] == 1: bitmap entry (bits 1-63 indicate relative relocations) ``` #### 示例输出 ``` ================================================================================ Dependency Analysis: libtest.so Search Directory: /system/lib64 ================================================================================ ======================================== FOUND LIBRARIES ======================================== [+] libtest.so Path: /system/lib64/libtest.so Dependencies: libc.so, libm.so [+] libc.so Path: /system/lib64/libc.so ======================================== MISSING LIBRARIES ======================================== [-] libmissing.so ======================================== SUMMARY ======================================== Found: 2 Missing: 1 Total: 3 ================================================================================ RELOCATION STATISTICS ================================================================================ Total relocations: 156 By type: R_AARCH64_JUMP_SLOT : 89 R_AARCH64_GLOB_DAT : 45 R_AARCH64_RELATIVE : 22 ================================================================================ SYMBOL MATCHING SUMMARY ================================================================================ Type Matched Unmatched Total -------------------------------------------------------------- R_AARCH64_JUMP_SLOT 80 9 89 R_AARCH64_GLOB_DAT 42 3 45 -------------------------------------------------------------- TOTAL 122 12 134 ``` ## API 使用 ```python from elf_parse import ELFParser, AARCH64Analyzer, DependencyAnalyzer # 解析 ELF 文件 with ELFParser("/path/to/binary") as parser: parser.print_info() symbols = parser.get_symbols() sections = parser.get_sections() # AARCH64 分析 analyzer = AARCH64Analyzer(parser) security = analyzer.analyze_security_features() print(security) # 依赖分析 dep_analyzer = DependencyAnalyzer([], verbose=True) found, missing = dep_analyzer.analyze_dependencies("libfoo.so", Path("/system/lib64")) stats = dep_analyzer.collect_relocation_stats(found) ``` ## 依赖库 - [pyelftools](https://github.com/eliben/pyelftools) - ELF 文件解析 - [capstone](https://www.capstone-engine.org/) - 反汇编引擎 - [LIEF](https://lief-project.github.io/) - 二进制分析框架 ## 开发 ```bash # 运行测试 pytest # 代码格式化 black src tests # 类型检查 mypy src # 代码检查 ruff check src ``` ## 许可证 MIT License