From 495b5a4d7664b5422770b77848c78c10e1e95136 Mon Sep 17 00:00:00 2001 From: xamidev Date: Thu, 4 Sep 2025 17:30:16 +0200 Subject: [PATCH] ELF32: NX/PIE check --- a.out | Bin 0 -> 15916 bytes helpelf | Bin 21048 -> 22136 bytes main.c | 162 +++++++++++++++++++++++++++++++++++++++++++++++++------ makefile | 5 ++ 4 files changed, 151 insertions(+), 16 deletions(-) create mode 100755 a.out diff --git a/a.out b/a.out new file mode 100755 index 0000000000000000000000000000000000000000..f722c3080a91c572889f58d106b9240cfc238882 GIT binary patch literal 15916 zcmeHOe{>wxb$+{A+d>FSHVT!0#GYUo$%(bruP8F6VfAB;6=WkzvYi|Xla+R)U3s;u z?9SSCS!k-tXP_-kmoyZ{E(k-`ld;;cy5m<%k?X>2#qGHQ)y}8kQQN zi0eg}SS3C!7D7dvMPEe$k_$Rg4(JKU7TpM$L>ttSz%uDH3?$kG>LrHUqUq~|AT2QU z(yl--=?n}cd-;@Gh}0JiYC?f6Ahw%6onX_jPs1*WGKhBiAUzGdMNN=NmaX-??r&NH zok<5^BU$$CutWSvqJMU)4R(9`icuGd<-x>;P_T1D$X^}`hT{Y7Sj1gr*ot6dZ132% zLp=7)iIXkAuA02Q=JqomcEES<3D|LT==dZ?? zwwQfl*EYE1VB!)iRH`Gu+?@LkaOqPp7W3x-91T#t$VXfUjI zi|$Cj76ztkz^8Tx!@f{(zb3k)n$It^fuJs;+TLK;FZ#5;uD*WJ9n-Ykg8p~{YsDQc z%?*uemAi5_=dRA=D>Aw28nmiotLoRHT2C;hYtfFajiE?b>+p4kG*sWy7YUn9R1N4g zfjrv|oPFcZB{}5<&@v7VjJ8g2>l`l$25;b~2${Or>L9K-m)K*lQ9yH}=9y^TT z>=cheX5zJ$3qED>+YPzQWAJgv3!OroBVPnOc^f1hNsxMj#u3Yy>_g0_};Z+|(ri z29uK;gcwfDq|@n#$8=}X8-yi}sPn?!A z-%$mU zzJqtkkw;kT$b&p?JgI+r_`xZZL~L%{F?2pLRkWQUD*V^vh<=M0O^!Ts3veR!eH;c~ z{7aMvs@?7*G38o!awvH`wfguKr{m36F6%|Zk6)$BSM@xchSu%rSK)B@o~!U_c4x#K|@&E?1^nRyA9yO43G?m|)szSgy7`(X!&v^<9oQ~YQkQ4wMvbN|l})>@;OqZ}!bbBv_U8RWmihS=*_(+M0FtgwN%g;&>c6(sZ%Osj zrh3>?k4yDqhI(?Z^l)D44w||yshg3ypsBk{>T-U;bG*aUZIZeIsjD}2Mu%5OUAd_< zI$SDs%M9IU=5!Z4^f?SX^nch>#Orn>ahn8A|IRvR!=7TpuuB@=uo*C-SRy11KeZVY z!!Rffe`7P07>2{r@My+>aZ$$LOLsq%#)#ec*^F^a8r$r~^%>*q()fA1(Va0~kj7%W zu_9wkOXHOftWKjrRT*Ou20?4;zYU{(_}8R{;BGK^aGe=K1jN-VT5;=1y<@;ncxQ0t z#pEX5juhSw&a|dpv+6nX$6Q~HFCX?!CB_}N^YcgA6iPIhyncP4sl z)ZPSF>TRqj*A@VJJ&=Mo3ciMVlpd`d#=?a(lw@H3M5DQ)Ta zxm1H;9`cSS4vvfXYFMEjNgS7jpSdKX^E__c>4{2N7*QKf{ksvvA@AA5!LwFK> zKx^t1LKvH+74 zIiG_%o3ateMj#u3Yy`3qz%PRQEzl|M$9DjttfjqSog&J%N|x6g-h*E`{fghG`xGtQ z6~Qm1J)aSKv}i0C2`g*;im0wC?+oe+3Zqy!qI3sCnxgOP*Ve5UWl=2@=|Wlja48Mc zX#-kUe6A`M@I^Jh66x&Ky7UaND-xY86%X$YNA`x{U|U4-MY{q)9oTqO6ZIXpbSS&L zN_ACbMTKZ@t#4}-!RoqNu{EMcqLGkKsjaJkB_q~Ju{o@3A*HUOt`?@|)^??>y;{PI zd=2wEj7sO$m#3*_|8G@nX{|p`XsQ<0qx%ef#lYH%x&bQt1Cj3T`O4U}l-(g;Pi#I? z3&ik4v((ysqAEjgSBB$#^NYs<*FeSs*F?tjXxKjh50+1ijgzmX(`P}`AlI36dNrsA z^rxV2fc_3N208;Oc^#`O;8#I~$k*1)4h}8MVc-}3V9dzmZTqsaHkKz^o4u0ni1~WZ z&9yP*HZ9cs#XRASMk7(B--p2#?vcYH?CaCqBHAe$Bk_Hbv4khIaYZFc>S!%*)#yY z7<3kEL}TCw-c6^ul=LY06W}lWCY`FBM#`y9UJV%QtY)D?FrC0mf{UhnhiEQb;EapLf}FU%uyBzxexNYN86U_w<2VjueX{;U z{Y#CAF3-sslv#o?fly~tHUilQWFwG`KsEx|2xKFWjesoz(@TUn0^$^_6O>OICQw`k zKD$f^{L61xSAcUawH(B6SvfDJ{68P2BU31hPf^8H%q{ULs>lb&C#>Qu2%n(JZ)raT z&cyfX8GPHyY3LRZ=iaDZ{1NC795TNJoZl&XK>R+Q^J@I&5MdT;*pbU{f|+cDZN}?C zpjM~b>K|$J9M5qCI=#a0G#KaiTFd{{9c*Kf!cpyWaW|d z{{wQx)`&4#|kX^R^WtvJo`u_p=>9sf@Iphd6@;uVc z@3gHkW0UVul=;qN zB?XyL$~b=<_e-6NML#a85)T98sZ zPRRcO;P;Sc`Fm}4mJdU=`pfp+H_!fvO;&*awoPXFry=wDWm@7a7SBR@US%FvrOoaxj%^O3T*Eb@ye{fi;!pIxlHg~ocA8S-xBY_eeCs2 zJQs`QkiUS2TJ@Jh-Vc1g>E8o6gh5I_EWZtMxo7r#?u2aB$NqIfwvvL(0m|lmY^f7> z>h`XvUg?ftH-)b=sOr8R0YyxYcXzwH#O%%sRqs=~xc4Fkq(7qegd&~3km|?6VodeL z2Sit-uRo;en%`Yf2{54r0Ry7O_-+ysvK`ir6F-NPP~JJ5bObcS}_r z54Ajeo`)J9s(Glyp_RZ&iHg9hCcBmco4J}@jn7={BV{L0egFP?#AsZdHh10Fz%ugYo*bJx)382YPq53_rDHRz>PK4QA3(S5dww$TN^Ibpgr7hr#1%%tbFARSM*Q18TT&15QsIcKj3F3`Re@GW@UUkeKO~ql#d+V zW}iTYWPfJU#U{E zGV`1(lUk9t*9%eX2XW3x9Ov955Av2j_JMQn1c5a;M5&fSUQ)Y-y4iaguOdgOBj zol}@M6LCym2U$3U7|;q`ujX_Cbd#uDf={q0`$LBBUIyTr$5M}x+94#E@ zEu_r!4>qfPKQM8Oi%<+|Kn$&9;eG@K{Sjy1^Ew~Ld9Z~WTZ4XpillP`Y56+=aWRNh z$vwL6*)|bL9O*Ss0f;!x=coPv?j6{9E{K!+d4ZcYbzssL<98Uu_7TVZh~pbR8W+}^ zvf((7odK=_IxAW2dk+fBUx^2EG=Nx-m55`y1frhxuJ?d|vusdFALLifyj2%*r8Jm{ zby;K!tLOmk2pq12{WBo?E(CFCuudz@)ClpQO+jBwoSNFyVh?_lSYR1pv$FpO?qLwR literal 0 HcmV?d00001 diff --git a/helpelf b/helpelf index d32093bec2d04382e9a940d4cd3f336890fd3b1f..37b3d935a193657c39ffb402c075d9f4a10d2e3a 100755 GIT binary patch delta 7118 zcmai34Nz29mcIABe%(#C&<)LB1DZx4q9`K%f&AEjjg0|C(P;c@5t@J^AT<6(ZC7-a zpc}~BnNbU;G-kGRHoJ+%CR)+i#mUAbJG+jPnQ{`7nQ^Mt9SqLKNm2=!IMe%``?{MB zJGJ}py>rj`zH{!q=l;FdUVWL5y~6vmrGlD)8NW7h6B8FVsc}3v>V%@HC)8MO8`{Xz zczSh)W|}B{nwk03)6!4lA6!}WYVCzB_iE<9a@M(R-@T(Ry?u9Rzq}z@T5K5l(3&Rs zEpI4mW-)eT*q7<aiU`yD&d9=mR<>MmS}j+Gd&YE@W8XuZ-eLF2_@fjN-u{a*jP>ax z_bK_ z<^a4D1pU;Gk=5jr0Q0#>pHf)+sW<3BoajN6<=7YCf2#+N(f?2f9#JlW9oP~X>ho^` zfd{v=F0YLQ{C5d?T|=rPksAaIYCvHmaFKu>4akZFUH~w<1HG6MY28cKwXh~dS{uk( z=053Hq9e^UWTyPck=BJ|rSyDlju@15So<-3QgUeeSdOga0FkXeXS|p@zl|h+@kebk z^f{9S_?sZ8<^PvqG)2=DxDZL0JWj|B5xy5mc>Hy^io6h^FHAuHM?M;7q!ERAib7`)Gw+;t-Fmlrsz;sbh*sK!!TK&E))qi13WNL&QuAppr z!xhkcFw0J7i%lvDv+x2o$58_cFQMQTqk3MHg8S5V;j1)_d+ZE(bc8*2M|u>(qn~e5 zZ`m^ZRgr)U;OZyX$Q}%8v-^;{&uMh`(nfh;jCI@5is_oe$d#``+>YQ%z?PONz&q5X zuYkkz5j-EU?krj=TI1!&8aE73m_JjMGqf;|$ayuA+3R}PbKs#?>4PY33@gHwKBiIa zLwK;)!vDBy6bT&d8RI@v&zR)f{@``>C-Kuto6#i@oHWOn&F z+Zy*ELMSFCS<4@=_u&2x?!U+VF7AZS0)gBWcr3-e1@~UuFW~+i?jPX3hWlr@7t9-< zAl^2b3XQC>rAsTAmalVUb(vUgm5Zdh#<4}c>S*?NpjI5u>=zFMf$NZszYhfd6VeBH z0&>%T2LiN)&O)YP<^2k>7_#)!Kwu-}N09p=Yd#MI1|fd~c^xw5i$LIG$Og#AkhdVy zB*x+qi!Q!z72|uX>I>2;Yx;@Be`h0zVDB9y07NZ4?2>|2powz|S&bSg~v7=*RxdZ!!_ zK;9t}fdV|neF=m0BILOL$*_MKQjm%x~e zHHGp0z<&t*Bgk+Aem z;2~$HJq=#6PHAcLG399|X!4B2GV(PlGzQ9LxX80osSbr2BA>E9Pvu^6Kb=Ztna*@X zzYnUN%Esd;eW06D4Z)Yn>i#*&{s+Wa7)5W8R<6QXS0I#Ro}z@jNDW;ilx$uH ze_fGK^0??wu}})Qk!U4Caq=%oaSFxFKcLWMLaF8FNhv4A&(`t(pm0kPy%1YC%@JK? z{5B}foZfhKZo_Vf4nCP^RYLLcnG}1O8PkyM;qj!@#8Ju)@pOv4+_DMEVV;ktZiTTO zu01@O0<5(7A&&Dr@_8oOe+i6!okAV zmx;y`&^nZ397H-oB{Krbe}j@BUJMa!Os1iXCIjZh6?kI4HBx}LVM zh^9}8KS<>vp!(GK0m{F81D5DdU`cBOozK&oAfn`zPS|njxO4|#Tt|zS&DWq+PJytv zwmoctW~vLCj6Vi<9xwQYLY1S;7g?#y_!@c?Mc;(Y%58)cL%}8z$LmQeiGCjx zsZf&n1`4xy5+P~)Yoa-Y;^38plnGiUFC?T~#LniO=qRrc$_ze6v?W5B$#;?B5=t(o zf#;Qeq2=)rf|d#;pGB`RLuBxs<=ipNyjrN;&Oo) zc>&Q@2xSs~n~++eSou?gtQ1N-_uHxBRYFVV&k?UqC~3@?2WTCCx&j~XS}NB?rt+C! zIFZWr!Ehpz8=`4HN!BvCQ78^Alba?HlC5QOGbw(Sr=`*(cm-N2w}@~~EtT~`S)!$K zt5DopDjS4St);S2D79K9y+T>d%-2z$#A9fNZbm<(Pf4c-n;e5|8vH+(qIVKN3}(KJ z$9vKwTJQrQt3-R5L?$++2q`fhkfL8EP?+$=fU}qjmuqCDnfwHE90oJWDa;>{d6+5| z4_dIy>;!&6viOCj2eu4Wi8Sr;57Zu80@|3w6{;yE84q0I+<@eRm*Hml9C4C(3^C+^ z#|JGx7kUa|^1!2m`elgY;6~bCrGaKWE%IsHNWGN?w&?%S4|*=wle;vqQU49(0&b=G zCkm9ysLJzl=C8o=6jubUdk|^yxHFW4Zp-B+ZdF0J`{~ z?MnzFw@?l1fx?9`TAFn6!8jZxQ=2+))bVLr8`tT3fS5vUYG)bOQ8|~mJ|`GloYca* z4BnR2fF(YS%IGkYsco^vz(@3_6CrSkvmcTV4*NkfkjqHcFpBcPRsST^KQfnUmj_<+ zTWV+$Ih!*xJMvT)yv-NfmEDM5}I=J!A5@_*C15Q|F%2jL*%xCn|Y#L3xo1n-C z|4B_KIAa)y#rfTQiy2TxynMa110eIcAZ$$XsZy zLT2>yNKNNO3h5H2yFm$B1cNL_8<%6uX5o}>P+5mr+{&2kCEDAE=<=~*%sTW0k&}m zM4M)>vPHVYkGr4?esV|{cR(CvqDNvZ&x)~`m4=_Cs>g#9y^D2#&rNpuZ6 zz<9oJxIT$2r-_sWGpIFiaaNY7K^@28Ml)07!TT?Kns~842m37*)*T@TqbgZ zNQLH5FR?t4O(O;%oXm`{yU0k0$!++8$c$_tr6WsyuP{|QE~)=jxQ~yh^@}R}iZn-w zy{^c26y-<8l05vouNYoZ^ghK=qsXr)+<0WMB3)BbjU|e-OtBtOq*oN3l#`&5@l=d} zblv2Nf;D5Du-;e_{-?p=r=rhL6rUpdj~K6Mf68>@HAOxQ(ewWa(Wbc170IW>7&j}@ zVMU&!Sm3TNR;;@ed$D3DR*cnut4wE-PLh2-WikqUosvKTeUhzBHCm_CUo1*lY<~)& z2+}VjhkiVCKE+N#Z+upfgpS9zaUR4MtG{2gEaTiY<7_2SONPOit0>jVr2C3)*R?#w zd|#1vD^cgvHAOj@9iCnFjg6g*zJ5JE=D|mIr;oOYhGuWWc2AeLVQ#+KUo_9q;i+$J zdA3b`tEj@-;h`TZy7n<4+uGF|l?m$9;^i|tJRKsM$J32(g}M2N*x}jX-9gl<6`mdS zo!h;gFwyTH>e1q3>8{o$uxgvp0wQ$P@A7)K)^~ZqY4+APdOKBniO1OC!OsI-UZ1+V zq(SkNx3{;dAC{D&N#fT4HL-NL0lzqGZSV4`4W<7Shp*?3*808Fcuzz7jvei7Ly3#? zCFyvUx~!~Hs?JbfEUTP8asN-kn@}9Hh=YhWteM+v z8-d2M6c&2@getCQ1-dtghTd00=mE99JjrwfYMf+cV|MjS`Al^|c^rRDy@88o1Z(M;X6c4ul&k1KGjsq()7@59GbmUmWB$d z&dJjJDD`f2u4ydz4uxTktErTh$?E!=+}Qv1-(KqJn%S|#8CvT@^52I(tno|IeWSX* zc7f?cp@ud{>KUk?7HR4UNxcj8xl&Cn)~P8g7erkt*VIqcSf@>GU72aRSfN?674-}V Zx80ihXZ6FC3r)A4(zI<{U0*fje*pOr(FOnj delta 4197 zcmaJ^3s6+o89wLSz3g?DWfvA$7SMni@ex-*f}kJ^3M`5Wj#wLwh*jewjW0CDsB5!H zbR!x!r?$q>QB&KR))`~BRT52OV;*CsY0@-tG__INI`vf_naq@l*6sJ7yC9O8T-@`Y z@BhF5bCz~f>rR{C?5RrqUo58F!XI3!ip65vPo8KBgf9j{*Ia?{ z`c6c+me?c0#XI-t?wD-y#vzfc|7ShVygnrV#yFwvEPCJ=IX0x>T0Ny zx7tFTqP6MrZkg`Q8yrO$&mC_~N8%%PwN{t%x`JF?6WCh4o$|4}@@a40w0-x;+vDWZ z-^4Rs9nwWUkK(RUz-@8P@47j<+RBqBkSKJ`2!!4>PDJ-wn~mt})f_wt99+G_(i#-lG0<+N_UIBNYe&svt+35J!us8Me7Y*I<%V0kT`%#|UBY}39gVD8N zi-r7Tc!_9Bi`sn832{M_heUcXWMxceT&-9#-T8ef1(fVH3We)J{QRJ~WdH_o$}<{5 zH>^~SZm~WBkzzOkgt)O@KnQC)V(B~~sF40DgyjwfZE*H<@Z1)C(G#uAGTjZDHZ;AG zd<}gMgk=WNhG$U@3l*a6^u9pzOcbKMoJDi(O$>0?TLx26GMmmN5$C^CAjRra%e*CxLPW{QMyK z_!S87MHH=4fd*bkpo&0{&ETyRZhZQDh&i0@6iZF&Vt|GGH39+alMu`JM-;A3fmUuM zFv0#aSk~|xM4OaCOSX}}Nzo=d9|d@Z4<*YKV<~hY{ucQ(I%%;tb31|WJA#yAJHJc3 znVv9AJNZG1Fv}|;_V5Um`lzaBKOaI)v-{8FJ1v3_ge$Gy$4mgXvvul*4k#}#Oj z7GWsj1xHXm{|a%vDVkiowuOGzSG zviU9or3&Qma|A{!+Q1;cOyS0;aD#aPF`Jr@ zNS487Qxg@)H=C+gv=XzYNh+G(>}j$B9i%4$v+cleQY6w-bGl0_=s*ypVi})-g#*ZO6~>9C z&PIlLT=@um840={ye!jAE9qD2{-iz*wK>pj&unLae=eK^YIV82*b}t>5-vM+%Ji|D zIE)>|rqadRZy-j(vqVTDf)=^6Az>cDOtNT^n;Wd(fV|hB<48mnS_dKieuLT)kvY~1 zP!A@Mr-;n5o`O8$qWu<;nOT2M#f0u>a;3}qZ+IO`r`u4AYz$f_V)9-(-5LZj64Cw_ z3@cej}6@0`vA+a7_3Q z@`dwgibj}5iCup~bD`|}9Eji6#Si7tRPm{9*IL9}`a+6|%<$e+7jHjCe7c#J=FwE~ zsRjEMfh~PZmmim;2V<~M^^ax7tIwXhY60VmtYi?8CFWV;#JfX1Di&rhLCV=`=Pt+J zYJM{#N~{M@wKRKJyd{b~yEMKvtnVREd6V*1@5CHnKYn!acIDbMEZ!ZtHpyp7hc~1% zEoroUjJ?!ehgH!BGP`}OT}whPoh-TBG>HuCXHjpB!FipV!>>;+t8ujvJDI0g{Tb`LL{3Cxw>P%II2FTD!izJ-X^gv{hW*8nc#vE*~!& zH?%-^9n-}r-SU=Eo{xVQ^?tAF;s8EaLKV6=s%IJHx|pEzP=)+ed5*M>t?Re?sGgp$ z8!%W6pRU*Ii5GRt>ZAF({i5FINx5?DFxSdOYv(t&vgVZwm#%2VT`1ofTO{v}t&(*W zi_@B$SK%XPWFZmirZoSsWyO;DE9AL~O%8%9TUO6+p4+l=zTD(*mN)!!<@YMfWqai$ zd8;xSJyKO5gfT!~8DAr^b7f(5O>*zYxUbw>?J4*S4@(XXG`}Am_qa--Phn1W|3i$! zOh#%vd}YGyS&8 z_o=*vtmjn4*TGB{UKa4*AN@Az@yBvZJsx;<*<@p_$J>`q4VKAf_~YuhI4yrv>(Tqe znt~5nH!qTh!1fbHHN6k&YI&j7)0e(M$lCk7TF@0mU(+??VYxiu(RTpnsQ3rv-hhXH z7=0tqpUdSHsq%JRY4U;<^IPWmYwPQ(#x)oE3VjdD`U(G)(*0n87PHn6anOyE_^d*1mKjiXEc~4(J>}`Q #include #include +#include #define MAX_FILENAME 256 #define EI_NIDENT 16 #define MAX_HEADER_LEN 2048 +#define PF_X 1 +#define PT_GNU_STACK 0x6474e551 #define Elf32_Half uint16_t #define Elf32_Word uint32_t @@ -46,6 +49,10 @@ #define Elf64_Addr uint64_t #define Elf64_Off uint64_t +bool verbose = false; +bool pie = false; +bool nx = false; + struct Elf32_Ehdr { unsigned char e_ident[EI_NIDENT]; @@ -64,6 +71,18 @@ struct Elf32_Ehdr Elf32_Half e_shstrndx; }; +struct Elf32_Phdr +{ + Elf32_Word p_type; + Elf32_Off p_offset; + Elf32_Addr p_vaddr; + Elf32_Addr p_paddr; + Elf32_Word p_filesz; + Elf32_Word p_memsz; + Elf32_Word p_flags; + Elf32_Word p_align; +}; + struct Elf64_Ehdr { unsigned char e_ident[EI_NIDENT]; @@ -108,30 +127,132 @@ int read_elf_magic(FILE* fp) return 0; } -void display_elf_common(unsigned char e_ident[EI_NIDENT]) -{ - // EI_DATA - switch(e_ident[5]) + void display_elf_common(unsigned char e_ident[EI_NIDENT]) { - case 0x01: - printf("(LSB) "); - break; - case 0x02: - printf("(MSB) "); - break; - default: - printf("\nInvalid data encoding!\n"); - exit(-EINVAL); - } + // EI_DATA + switch(e_ident[5]) + { + case 0x01: + printf("(LSB) "); + break; + case 0x02: + printf("(MSB) "); + break; + default: + printf("\nInvalid data encoding!\n"); + exit(-EINVAL); + } - // EI_VERSION - printf("version %d", e_ident[6]); + + if (verbose) + { + // EI_VERSION + printf("version %d ", e_ident[6]); + } } void display_elf32(struct Elf32_Ehdr* header) { printf("32-bit ELF "); display_elf_common(header->e_ident); + + switch (header->e_type) + { + case 0x00: + printf("(no file type),"); + break; + case 0x01: + printf("(relocatable file),"); + break; + case 0x02: + printf("(executable file),"); + break; + case 0x03: // (ET_DYN, prob means PIE) + printf("(shared object file),"); + pie = true; + break; + case 0x04: + printf("(core file),"); + break; + default: + printf("(unknown),"); + break; + } + + switch (header->e_machine) + { + case 0x00: + printf("No architecture"); + break; + case 0x01: + printf("AT&T WE 32100"); + break; + case 0x02: + printf("SPARC"); + break; + case 0x03: + printf("i386"); + break; + case 0x04: + printf("Motorola 68000"); + break; + case 0x05: + printf("Motorola 88000"); + break; + case 0x07: + printf("Intel 80860"); + break; + case 0x08: + printf("MIPS RS3000"); + break; + case 0x09: + printf("MIPS RS4000"); + break; + default: + printf("Unknown architecture"); + break; + } + + if (verbose) + { + printf("\ne_version: %d\n", header->e_version); + printf("e_entry: 0x%08x\n", header->e_entry); + printf("e_phoff: 0x%08x\n", header->e_phoff); + printf("e_shoff: 0x%08x\n", header->e_shoff); + printf("e_flags: 0x%08x\n", header->e_flags); + printf("e_ehsize: 0x%08x\n", header->e_ehsize); + printf("e_phentsize: 0x%08x\n", header->e_phentsize); + printf("e_phnum: 0x%08x\n", header->e_phnum); + printf("e_shentsize: 0x%08x\n", header->e_shentsize); + printf("e_shnum: 0x%08x\n", header->e_shnum); + printf("e_shstrndx: 0x%08x\n", header->e_shstrndx); + } +} + +void check_sec32(struct Elf32_Ehdr* header, FILE* fp) +{ + fseek(fp, header->e_phoff, SEEK_SET); + + /* + * Browse thru program header table (e_phnum items) from e_phoff (program header offset) + * if its stack and has executable bit then we know NX isnt there + */ + for (size_t i=0; i < header->e_phnum; i++) + { + struct Elf32_Phdr p_header; + fread (&p_header, 1, sizeof(struct Elf32_Phdr), fp); + if (p_header.p_type == PT_GNU_STACK) + { + if (p_header.p_flags & PF_X) + { + nx = false; + } + else + { + nx = true; + } + } + } } void display_elf64(struct Elf64_Ehdr* header) @@ -149,6 +270,12 @@ unsigned char read_elf_obj_size(FILE* fp) return local_elf_obj_size; } +void display_sec_common() +{ + printf("\nNX %s\n", nx ? "enabled" : "disabled"); + printf("PIE %s\n", pie ? "enabled" : "disabled"); +} + int main(int argc, char* argv[]) { // Argument processing @@ -192,6 +319,7 @@ int main(int argc, char* argv[]) return -EINVAL; } display_elf32(&elf32_header); + check_sec32(&elf32_header, elf_file); break; case 0x02: struct Elf64_Ehdr elf64_header = {0}; @@ -207,5 +335,7 @@ int main(int argc, char* argv[]) return -EINVAL; } + display_sec_common(); + return EXIT_SUCCESS; } diff --git a/makefile b/makefile index 33629db..5f5a248 100644 --- a/makefile +++ b/makefile @@ -4,5 +4,10 @@ all: install: sudo cp helpelf /usr/bin/helpelf +test: + make + gcc -m32 main.c + ./helpelf a.out + clean: rm helpelf