GoogleCodeExporter
commented
9 years ago Eeeh... ELF64 is supported since a long while:
{{
$ file /bin/ls
/bin/ls: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically
linked (uses shared libs), for GNU/Linux 2.6.24,
BuildID[sha1]=0x37cdd635587f519989044055623abff939002027, stripped
$ pyew /bin/ls
ELF Information
Entry Point at 0x2690
Code Analysis ...
Analyzing address 0x0000a9b0 - 0 in queue / 158 total
0000 7F 45 4C 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............
0010 02 00 3E 00 01 00 00 00 A4 45 40 00 00 00 00 00 ..>......E@.....
0020 40 00 00 00 00 00 00 00 70 96 01 00 00 00 00 00 @.......p.......
0030 00 00 00 00 40 00 38 00 09 00 40 00 1C 00 1B 00 ....@.8...@.....
0040 06 00 00 00 05 00 00 00 40 00 00 00 00 00 00 00 ........@.......
0050 40 00 40 00 00 00 00 00 40 00 40 00 00 00 00 00 @.@.....@.@.....
0060 F8 01 00 00 00 00 00 00 F8 01 00 00 00 00 00 00 ................
0070 08 00 00 00 00 00 00 00 03 00 00 00 04 00 00 00 ................
0080 38 02 00 00 00 00 00 00 38 02 40 00 00 00 00 00 8.......8.@.....
0090 38 02 40 00 00 00 00 00 1C 00 00 00 00 00 00 00 8.@.............
00A0 1C 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................
00B0 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 ................
00C0 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 ..@.......@.....
00D0 8C 8D 01 00 00 00 00 00 8C 8D 01 00 00 00 00 00 ................
00E0 00 00 20 00 00 00 00 00 01 00 00 00 06 00 00 00 .. .............
00F0 F0 8D 01 00 00 00 00 00 F0 8D 61 00 00 00 00 00 ..........a.....
0100 F0 8D 61 00 00 00 00 00 80 07 00 00 00 00 00 00 ..a.............
0110 F0 14 00 00 00 00 00 00 00 00 20 00 00 00 00 00 .......... .....
0120 02 00 00 00 06 00 00 00 18 8E 01 00 00 00 00 00 ................
0130 18 8E 61 00 00 00 00 00 18 8E 61 00 00 00 00 00 ..a.......a.....
0140 C0 01 00 00 00 00 00 00 C0 01 00 00 00 00 00 00 ................
0150 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00 ................
0160 54 02 00 00 00 00 00 00 54 02 40 00 00 00 00 00 T.......T.@.....
0170 54 02 40 00 00 00 00 00 44 00 00 00 00 00 00 00 T.@.....D.......
0180 44 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 D...............
0190 50 E5 74 64 04 00 00 00 94 67 01 00 00 00 00 00 P.td.....g......
01A0 94 67 41 00 00 00 00 00 94 67 41 00 00 00 00 00 .gA......gA.....
01B0 C4 06 00 00 00 00 00 00 C4 06 00 00 00 00 00 00 ................
01C0 04 00 00 00 00 00 00 00 51 E5 74 64 06 00 00 00 ........Q.td....
01D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01F0 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 ................
[0x00000000]> len(pyew.functions)
158
[0x00000000]> s ep
[0x00002690:0x00402690]> c
0x00002690 ; FUNCTION start
0x00002690 (02) 4157 PUSH R15
0x00002692 (02) 4156 PUSH R14
0x00002694 (02) 4155 PUSH R13
0x00002696 (02) 4154 PUSH R12
0x00002698 (0a) 49bc0000000000000080 MOV R12, 0x8000000000000000
0x000026a2 (01) 55 PUSH RBP
0x000026a3 (02) 89fd MOV EBP, EDI
0x000026a5 (01) 53 PUSH RBX
0x000026a6 (03) 4889f3 MOV RBX, RSI
0x000026a9 (07) 4881ec48040000 SUB RSP, 0x448
0x000026b0 (03) 488b3e MOV RDI, [RSI]
0x000026b3 (09) 64488b042528000000 MOV RAX, [FS:0x28]
0x000026bc (08) 4889842438040000 MOV [RSP+0x438], RAX
0x000026c4 (02) 31c0 XOR EAX, EAX
0x000026c6 (05) e8e5aa0000 CALL 0x0000d1b0 ; 1 sub_0000d1b0
0x000026cb (05) beb9604100 MOV ESI, 0x4160b9
0x000026d0 (05) bf06000000 MOV EDI, 0x6
0x000026d5 (05) e826feffff CALL 0x00002500 ; 2 sub_00002500
0x000026da (05) be10194100 MOV ESI, 0x411910 ; '/usr/share/locale'
0x000026df (05) bff4184100 MOV EDI, 0x4118f4 ; 'coreutils'
0x000026e4 (05) e8a7faffff CALL 0x00002190 ; 3 sub_00002190
0x000026e9 (05) bff4184100 MOV EDI, 0x4118f4 ; 'coreutils'
0x000026ee (05) e85dfaffff CALL 0x00002150 ; 4 sub_00002150
0x000026f3 (05) bfb09f4000 MOV EDI, 0x409fb0 ; 5 sub_00009fb0
0x000026f8 (0a) c7053e6e210002000000 MOV DWORD [RIP+0x216e3e], 0x2
0x00002702 (05) e899f00000 CALL 0x000117a0 ; 6 sub_000117a0
0x00002707 (06) 8b051f6e2100 MOV EAX, [RIP+0x216e1f]
0x0000270d (0a) c705d16e210000000000 MOV DWORD [RIP+0x216ed1], 0x0
0x00002717 (07) c605ce6e210001 MOV BYTE [RIP+0x216ece], 0x1
0x0000271e (0b) 48c705c76e210000000000 MOV QWORD [RIP+0x216ec7], 0x0
0x00002729 (07) 4c8925d06e2100 MOV [RIP+0x216ed0], R12
0x00002730 (0b) 48c705cd6e2100ffffffff MOV QWORD [RIP+0x216ecd],
0xffffffffffffffff
0x0000273b (03) 83f802 CMP EAX, 0x2
0x0000273e (07) c605e370210000 MOV BYTE [RIP+0x2170e3], 0x0
0x00002745 (06) 0f8465080000 JZ 0x00002fb0 ; 7
0x00002745
----------------------------------------------------------------------
0x0000274b (03) 83f803 CMP EAX, 0x3
0x0000274e (02) 742f JZ 0x0000277f ; 8
0x0000274e
----------------------------------------------------------------------
}}
Have you noticed any problem with ELF64 files? Which problem?
Original comment by joxean.p...@gmail.com on 17 May 2013 at 7:38
Original issue reported on code.google.com by
hugo.g...@gmail.comon 16 May 2013 at 8:10