search

fzakaria / sqlelf

Explore ELF objects through the power of SQL
MIT License
240 stars 8 forks source link

Allow to query RISC-V ELF binaries #23

Open jackdbd opened 3 days ago

jackdbd commented 3 days ago

This PR addresses #22

RISC-V ELF binaries can now be analyzed like x86_64 ELF binaries.

Examples

Select the first 5 instructions in the entire ELF.

poetry run sqlelf examples/hello-riscv/exe --sql "SELECT * FROM elf_instructions LIMIT 5;"

List the sections of an ELF file and sort them by binary size, in descending order.

poetry run sqlelf examples/hello-riscv/exe --sql "SELECT * FROM elf_sections ORDER BY size DESC"

Find the 10 largest unexported symbols of the .bss section by binary size.

poetry run sqlelf examples/hello-riscv/exe --sql \
"SELECT 
  name,
  section,
  size,
  type,
  value
FROM elf_symbols
WHERE exported = FALSE
ORDER BY size DESC
LIMIT 10;"
jackdbd commented 3 days ago

I think it makes sense to remove 98d980e from this PR.

The reason I made that commit is because I struggled for a few hours to set up a development environment, until the combination of Nix flakes and poetry2nix saved the day.

However, LIEF (_lief.so to be precise) requires libstdc++.so.6, and I couldn't figure out how to make the linker find it.

 ldd _lief.so
        linux-vdso.so.1 (0x00007ffff7fc6000)
        libstdc++.so.6 => not found
        libm.so.6 => /nix/store/dbwp0scbb0rk78m636sb7cvycz8xzgyh-glibc-2.39-52/lib/libm.so.6 (0x00007ffff771d000)
        libc.so.6 => /nix/store/dbwp0scbb0rk78m636sb7cvycz8xzgyh-glibc-2.39-52/lib/libc.so.6 (0x00007ffff752f000)
        /nix/store/dbwp0scbb0rk78m636sb7cvycz8xzgyh-glibc-2.39-52/lib64/ld-linux-x86-64.so.2 (0x00007ffff7fc8000)

The only solution I was able to find for making ldd happy was to set LD_LIBRARY_PATH to a location in my nix store.

fzakaria commented 2 days ago

I'll take a look. Originally I had flake.nix (i'm +1 a lot into Nix) but using non-published wheels was pretty onerous for LIEF. (They have a challenging build process).

Can we split out the Nix stuff into a separate PR and just focus on the risc-v please?

jackdbd commented 2 days ago

Can we split out the Nix stuff into a separate PR and just focus on the risc-v please?

Yes, I completely agree.

Also, I don't know why pandas takes forever to compile (30+ minutes on my old ThinkPad L380). I get that it depends on numpy and scipy, but still...

Do you know a better way to let the linker find libstdc++.so.6?

fzakaria commented 2 days ago

You can change those to run which first to find them I guess. I should test this on my NixOS laptop