search

sqall01 / ZwoELF

An ELF parsing and manipulation library for Python
GNU General Public License v2.0
74 stars 26 forks source link

Segment of type PT_DYNAMIC was not found #3

Open razaina opened 10 years ago

razaina commented 10 years ago

Hi,

I tried to work on a stripped ELF32 Binary.

The output of the file command is: file my_binary
/path/to/my_binary: ELF 32-bit LSB executable, version 1 (SYSV), statically linked, stripped

when I try to use the example "readELF.py" I got the following error: python readELF.py /path/to/my_binary

Traceback (most recent call last): File "readElf.py", line 18, in test = ElfParser(x86File) File "/media/Share/ElfParser/ZwoELF-master/ZwoELF/ElfParserLib.py", line 41, in init self.parseElf(self.data, onlyParseHeader=onlyParseHeader) File "/media/Share/ElfParser/ZwoELF-master/ZwoELF/ElfParserLib.py", line 1150, in parseElf raise ValueError("Segment of type PT_DYNAMIC was not found.") ValueError: Segment of type PT_DYNAMIC was not found.

It seems that the case of statically linked binaries was not taken into account?

Regards.

sqall01 commented 10 years ago

Hi,

this is unfortunately correct :( . I had focused totally on dynamically linked binaries and realized that the parser does not work with statically linked binaries a few weeks ago when I gave a small talk about ELF obfuscation (someone pointed out that 'obviously' the PT_DYNAMIC segment is missing in statically linked binaries).

At the moment I am still working on recovering sections on stripped dynamically linked binaries (and because I do it in my free time, it does not progress as fast as I want it to). So, I do not know when I have time to look into statically linked binaries to add this feature to ZwoELF.

Regards.

razaina commented 10 years ago

Hi,

In my case I am working on recovering sections on stripped statically linked binaries. But I am not yet familiar enough with the ELF file format :(.

I modified a bit ElfParserLib.py in order to not take in account all dynamic stuff when it is parsing or writting. Everything went well. I don't know if it was the good way...but....

I'm going to try to rebuild all the sections doing myElf.addNewSection(...).

Do you think that it should work?

Regards.

sqall01 commented 10 years ago

addNewSection() should work when you give it all the needed data. But the problem here is that the parser does not have any information about possible sections. This must be done by you manually. Exactly this problem I am trying to solve for dynamically linked binaries.

Regards.

datthanhphu commented 6 years ago

@razaina hi you. you can share it?