public int ReadHeader(byte[] xData, elfHeaders el) { // Reading Magic Number for (int i = 0; i < 4; i++) { el.ident[i] = (char)xData[i]; } // Reading architecture format el.ident[4] = (char)xData[4]; // Endian identifier el.ident[5] = (char)xData[5]; // original version for ELF el.ident[6] = (char)xData[6]; el.ident[10] = (char)xData[16]; // checking whether the elf is executable or relocatable or shared el.type = BitConverter.ToUInt16(xData, 16); // instruction set architecture el.machine = BitConverter.ToUInt16(xData, 18); // version el.version = BitConverter.ToUInt32(xData, 20); // memory address entry point el.entry = BitConverter.ToUInt32(xData, 24); // changes from here... el.phoff = BitConverter.ToUInt32(xData, (int)elfEnum.phoff); el.sphoff = BitConverter.ToUInt32(xData, (int)elfEnum.sphoff); el.flag = BitConverter.ToUInt32(xData, (int)elfEnum.flag); el.ehsize = BitConverter.ToUInt16(xData, (int)elfEnum.ehsize); el.phentsize = BitConverter.ToUInt16(xData, (int)elfEnum.phentsize); el.phnum = BitConverter.ToUInt16(xData, (int)elfEnum.phnum); el.shentsize = BitConverter.ToUInt16(xData, (int)elfEnum.shentsize); el.shnum = BitConverter.ToUInt16(xData, (int)elfEnum.shnum); el.shstrndx = BitConverter.ToUInt16(xData, (int)elfEnum.shstrndx); if (el.ident[0] != '\x7F' || el.ident[1] != 'E' || el.ident[2] != 'L' || el.ident[3] != 'F') { return(-1); } if (el.ident[4] == 2) { return(-1); // not targetting x64 at this time :) } return(0); }
private byte[] ParseELFData(byte[] xData, elfHeaders el) { // starting with core program programHeader ph = new programHeader(); Exe_Format exeFormat = new Exe_Format(); exeFormat.entryAddr = el.entry; Console.WriteLine("Entry address : " + exeFormat.entryAddr.ToString()); exeFormat.numSegments = el.phnum; exeFormat.segmentList = new Exe_Segment[el.phnum]; byte[] xReadData = null; int temp = 0; for (int i = 0; i < el.phnum; i++) { ph.type = BitConverter.ToUInt16(xData, 0x34 + (0x20 * i)); exeFormat.segmentList[i].offsetInFile = ph.offset = BitConverter.ToUInt16(xData, 0x34 + (temp = +4) + (0x20 * i)); exeFormat.segmentList[i].startAddress = ph.vaddr = BitConverter.ToUInt32(xData, 0x34 + (temp = +4) + (0x20 * i)); ph.paddr = BitConverter.ToUInt32(xData, 0x34 + (temp = +4) + (0x20 * i)); exeFormat.segmentList[i].lengthInFile = ph.fileSize = BitConverter.ToUInt16(xData, 0x34 + (temp = +4) + (0x20 * i)); exeFormat.segmentList[i].sizeInMemory = ph.memSize = BitConverter.ToUInt16(xData, 0x34 + (temp = +4) + (0x20 * i)); exeFormat.segmentList[i].protFlags = ph.flags = BitConverter.ToUInt16(xData, 0x34 + (temp = +4) + (0x20 * i)); ph.alignment = BitConverter.ToUInt16(xData, BitConverter.ToUInt16(xData, 0x34 + (temp = +4) + (0x20 * i))); if (ph.type == 1) { //xReadData = new byte[exeFormat.segmentList[i].lengthInFile]; //for (int j = (int)exeFormat.entryAddr; j < exeFormat.entryAddr + exeFormat.segmentList[i].lengthInFile; j++) //{ // xReadData[j - (int)exeFormat.entryAddr] = xData[j]; //} //break; } } // Reading section header sectionHeader sh = new sectionHeader(); temp = 0; for (int i = 0; i < el.shnum; i++) { sh.sh_name = BitConverter.ToUInt16(xData, (int)el.sphoff + (el.shentsize * i)); sh.sh_type = BitConverter.ToUInt16(xData, (int)el.sphoff + 4 + (el.shentsize * i)); sh.sh_flags = BitConverter.ToUInt16(xData, (int)el.sphoff + 8 + (el.shentsize * i)); sh.sh_Addr = BitConverter.ToUInt32(xData, (int)el.sphoff + 12 + (el.shentsize * i)); sh.sh_offset = BitConverter.ToUInt32(xData, (int)el.sphoff + 16 + (el.shentsize * i)); sh.sh_size = BitConverter.ToUInt16(xData, (int)el.sphoff + 20 + (el.shentsize * i)); sh.sh_link = BitConverter.ToUInt16(xData, (int)el.sphoff + 24 + (el.shentsize * i)); sh.sh_info = BitConverter.ToUInt16(xData, (int)el.sphoff + 28 + (el.shentsize * i)); sh.sh_addralign = BitConverter.ToUInt16(xData, (int)el.sphoff + 32 + (el.shentsize * i)); sh.sh_entsize = BitConverter.ToUInt16(xData, (int)el.sphoff + 36 + (el.shentsize * i)); } //xReadData = new byte[0x180]; //for (int j = 0x2F0; j < 0x470; j++) //{ // xReadData[j - 0x2F0] = xData[j]; //} return(xReadData); }