information about Unix ELF files.
elf_info returns information about Unix ELF file format.
exports: <list of lists> contains exported elements. Each sublist contains two items:- <string> First one is the exported item's name.
- <string> Second one is the exported item's type.
header: <dictionary> some descriptive metadata about the file.type: <string> human readable type of file (i.e. "EXEC (Executable file)").hdr_version: <string> header version.num_prog_headers: <integer> number of entries in the program header.os_abi: <string> human readable application binary interface type (i.e. "UNIX - Linux").obj_version: <string> "0x1" for original ELF files.machine: <string> platform (ie. "Advanced Micro Devices X86-64").entrypoint: <integer> executable entry point.num_section_headers: <string> number of section headers.abi_version: <integer> application binary interface version.data: <string> data alignment in memory (i.e. "little endian".)class: <string> file class (i.e. "ELF32").
imports: <list of lists> contains imported elements. Each sublist contains two items:- <string> First one is the imported item's name.
- <string> Second one is the imported item's type.
packers: <list of strings> contains the executable's packers, if any.sections: <list of dictionaries> sections of the ELF file. Every item contains the following fields:name: <string> section name.address: <integer> section virtual address.flags: <string> section flags.offset: <integer> section phisical offset.type: <string> type of section.size: <integer> size of section in bytes.
segments: <list of lists> aka Program Headers. each element contains contains two items:- <string> First one is the segment type.
- <list of strings> Second one is a list of resources involved in that segment.
shared_libraries: <list of strings> contains shared libraries used by this executable.
{
"data": {
...
"attributes" : {
...
"elf_info": {
"exports": [
[
"<string>",
"<string>"
], ...
],
"header": {
"type": "<string>",
"hdr_version": "<string>",
"num_prog_headers": <int>,
"os_abi": "<string>",
"obj_version": "<string>",
"machine": "<string>",
"entrypoint": <int>,
"num_section_headers" <int>,
"abi_version": 0,
"data": "<string>",
"class": "<string>"
},
"imports": [
[
"<string>",
"<string>"
], ...
],
"packers": ["<string>",...],
"sections": [
{
"name": "<string>",
"address": <int>,
"flags": "<string>",
"offset": <int>,
"type": "<string>",
"size": <int>
}, ...
],
"segments": [
[
"<string>",
["<strings>"]
], ...
],
"shared_libraries": ["<strings>"]
}
}
}
}
{
"data": {
"attributes": {
"elf_info": {
"exports": [
[
"__aeabi_unwind_cpp_pr0",
"FUNC"
],
[
"JNI_OnLoad",
"FUNC"
],
[
"__aeabi_unwind_cpp_pr1",
"FUNC"
],
[
"__aeabi_idivmod",
"FUNC"
]
],
"header": {
"abi_version": 0,
"class": "ELF64",
"data": "2's complement, little endian",
"entrypoint": 6374704,
"hdr_version": "1 (current)",
"machine": "Advanced Micro Devices X86-64",
"num_prog_headers": 2,
"num_section_headers": 0,
"obj_version": "0x1",
"os_abi": "UNIX - Linux",
"type": "EXEC (Executable file)"
},
"imports": [
[
"__cxa_finalize",
"FUNC"
],
[
"__cxa_atexit",
"FUNC"
],
[
"strlen",
"FUNC"
],
[
"_Znaj",
"FUNC"
],
[
"__stack_chk_fail",
"FUNC"
]
],
"packers": [
"upx"
],
"sections": [
{
"address": 0,
"flags": "",
"name": "",
"offset": 0,
"size": 0,
"type": "NULL"
},
{
"address": 308,
"flags": "A",
"name": ".note.gnu.build-id",
"offset": 308,
"size": 36,
"type": "NOTE"
},
{
"address": 344,
"flags": "A",
"name": ".dynsym",
"offset": 344,
"size": 1232,
"type": "DYNSYM"
}
],
"segments": [
[
"PHDR",
[]
],
[
"LOAD",
[
".note.gnu.build-id",
".dynsym",
".dynstr",
".hash",
".gnu.version",
".gnu.version_d",
".gnu.version_r",
".rel.dyn",
".rel.plt",
".plt",
".text",
".ARM.extab",
".ARM.exidx",
".rodata"
]
],
[
"LOAD",
[
".fini_array",
".data.rel.ro",
".init_array",
".dynamic",
".got",
".data",
".bss"
]
]
],
"shared_libraries": [
"liblog.so",
"libstdc++.so",
"libc.so",
"libm.so",
"libdl.so"
]
}
}
}
}