elftools 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c59b0333aab08b885d294a4d0295d6bac48eb11c
-  data.tar.gz: 79ce95770fcf3911db8c7260bc6009d8e3cf2839
+  metadata.gz: b2aa2517a78c13a631e9889e03e380b024c75585
+  data.tar.gz: 6d1de34194028eba0b787b148b648a518e6f0e1d
 SHA512:
-  metadata.gz: f1bf67e49c1d910509199fd1c4276760ecc022a9e88a1045ddd3aeccab62f258a176bc57b059b71eec3b74bde3d652d666b53284a701785df5c79a385dbfc8aa
-  data.tar.gz: e5b41464b5b6d092bbb0cf752b73594a8771d5c91840ee471fd0744ed7259d994c25a3a46d2e2d509907aef12b1e0c817a77b1d544f3c5bd01c350e2f3b4cd0a
+  metadata.gz: 4e3b9b1c4f4e0c7cf38efd85ae0c5c250e875fb50bda990286fcf0dc69684970b6eae99f6b2881a0938ea5597da6439ae46fa694823dc3e69322e202b60f622b
+  data.tar.gz: fff51965be7467711d36af1db1374370654a7d8a771ca8f4dcc48e38fd3daff3fe928dc2dd034f3d7ded3ecadb4e8304bdc8feb996623fc052c6eeea03251742

data/README.md

@@ -98,6 +98,21 @@ elf.segment_by_type(:interp).interp_name
 #=> "/lib64/ld-linux-x86-64.so.2"
 ```
 
+## Relocations
+```ruby
+elf = ELFTools::ELFFile.new(File.open('spec/files/amd64.elf'))
+# Use relocation to get plt names.
+rela_section = elf.sections_by_type(:rela).last
+rela_section.name
+#=> ".rela.plt"
+relocations = rela_section.relocations
+relocations.map { |r| '%x' % r.header.r_info }
+#=> ["100000007", "200000007", "300000007", "400000007", "500000007", "700000007"]
+symtab = elf.section_at(rela_section.header.sh_link) # get the symbol table section
+relocations.map { |r| symtab.symbol_at(r.symbol_index).name }
+#=> ["puts", "__stack_chk_fail", "printf", "__libc_start_main", "fgets", "scanf"]
+```
+
 # Why rbelftools
 
 1. Fully documented
@@ -117,7 +132,7 @@ elf.segment_by_type(:interp).interp_name
    **rbelftools** is designed to be a library for furthur usage.
    It will _not_ add any too trivial features.
    For example, to check if NX disabled, you can use
-   `elf.segment_by_type(:gnu_stack).executable?` but not `elf.nx?`
+   `!elf.segment_by_type(:gnu_stack).executable?` but not `elf.nx?`
 5. Section and segment parser
 
    Providing common sections and segments parser. For example, .symtab, .shstrtab

data/lib/elftools/constants.rb

@@ -1,6 +1,7 @@
 module ELFTools
   # Define constants from elf.h.
-  # Mostly refer from https://github.com/torvalds/linux/blob/master/include/uapi/linux/elf.h.
+  # Mostly refer from https://github.com/torvalds/linux/blob/master/include/uapi/linux/elf.h
+  # and binutils/elfcpp/elfcpp.h.
   module Constants
     # ELF magic header
     ELFMAG = "\x7FELF".freeze
@@ -42,53 +43,61 @@ module ELFTools
       PT_LOPROC       = 0x70000000
       PT_HIPROC       = 0x7fffffff
       PT_GNU_EH_FRAME = 0x6474e550
-      PT_GNU_STACK    = (PT_LOOS + 0x474e551)
+      PT_GNU_STACK    = 0x6474e551
+      PT_GNU_RELRO    = 0x6474e552 # Read only after relocation
     end
     include PT
 
     # Dynamic table types, records in +d_tag+.
     module DT
-      DT_NULL       = 0
-      DT_NEEDED     = 1
-      DT_PLTRELSZ   = 2
-      DT_PLTGOT     = 3
-      DT_HASH       = 4
-      DT_STRTAB     = 5
-      DT_SYMTAB     = 6
-      DT_RELA       = 7
-      DT_RELASZ     = 8
-      DT_RELAENT    = 9
-      DT_STRSZ      = 10
-      DT_SYMENT     = 11
-      DT_INIT       = 12
-      DT_FINI       = 13
-      DT_SONAME     = 14
-      DT_RPATH      = 15
-      DT_SYMBOLIC   = 16
-      DT_REL        = 17
-      DT_RELSZ      = 18
-      DT_RELENT     = 19
-      DT_PLTREL     = 20
-      DT_DEBUG      = 21
-      DT_TEXTREL    = 22
-      DT_JMPREL     = 23
-      DT_ENCODING   = 32
-      DT_LOOS       = 0x6000000d
-      DT_HIOS       = 0x6ffff000
-      DT_VALRNGLO   = 0x6ffffd00
-      DT_VALRNGHI   = 0x6ffffdff
-      DT_ADDRRNGLO  = 0x6ffffe00
-      DT_ADDRRNGHI  = 0x6ffffeff
-      DT_VERSYM     = 0x6ffffff0
-      DT_RELACOUNT  = 0x6ffffff9
-      DT_RELCOUNT   = 0x6ffffffa
-      DT_FLAGS_1    = 0x6ffffffb
-      DT_VERDEF     = 0x6ffffffc
-      DT_VERDEFNUM  = 0x6ffffffd
-      DT_VERNEED    = 0x6ffffffe
-      DT_VERNEEDNUM = 0x6fffffff
-      DT_LOPROC     = 0x70000000
-      DT_HIPROC     = 0x7fffffff
+      DT_NULL         = 0
+      DT_NEEDED       = 1
+      DT_PLTRELSZ     = 2
+      DT_PLTGOT       = 3
+      DT_HASH         = 4
+      DT_STRTAB       = 5
+      DT_SYMTAB       = 6
+      DT_RELA         = 7
+      DT_RELASZ       = 8
+      DT_RELAENT      = 9
+      DT_STRSZ        = 10
+      DT_SYMENT       = 11
+      DT_INIT         = 12
+      DT_FINI         = 13
+      DT_SONAME       = 14
+      DT_RPATH        = 15
+      DT_SYMBOLIC     = 16
+      DT_REL          = 17
+      DT_RELSZ        = 18
+      DT_RELENT       = 19
+      DT_PLTREL       = 20
+      DT_DEBUG        = 21
+      DT_TEXTREL      = 22
+      DT_JMPREL       = 23
+      DT_BIND_NOW     = 24
+      DT_INIT_ARRAY   = 25
+      DT_FINI_ARRAY   = 26
+      DT_INIT_ARRAYSZ = 27
+      DT_FINI_ARRAYSZ = 28
+      DT_RUNPATH      = 29
+      DT_FLAGS        = 30
+      DT_ENCODING     = 32
+      DT_LOOS         = 0x6000000d
+      DT_HIOS         = 0x6ffff000
+      DT_VALRNGLO     = 0x6ffffd00
+      DT_VALRNGHI     = 0x6ffffdff
+      DT_ADDRRNGLO    = 0x6ffffe00
+      DT_ADDRRNGHI    = 0x6ffffeff
+      DT_VERSYM       = 0x6ffffff0
+      DT_RELACOUNT    = 0x6ffffff9
+      DT_RELCOUNT     = 0x6ffffffa
+      DT_FLAGS_1      = 0x6ffffffb
+      DT_VERDEF       = 0x6ffffffc
+      DT_VERDEFNUM    = 0x6ffffffd
+      DT_VERNEED      = 0x6ffffffe
+      DT_VERNEEDNUM   = 0x6fffffff
+      DT_LOPROC       = 0x70000000
+      DT_HIPROC       = 0x7fffffff
     end
     include DT
 
@@ -178,5 +187,27 @@ module ELFTools
       end
     end
     include EM
+
+    # This module defines elf file types.
+    module ET
+      ET_NONE = 0
+      ET_REL  = 1
+      ET_EXEC = 2
+      ET_DYN  = 3
+      ET_CORE = 4
+      # Return the type name according to +e_type+ in ELF file header.
+      # @return [String] Type in string format.
+      def self.mapping(type)
+        case type
+        when Constants::ET_NONE then 'NONE'
+        when Constants::ET_REL then 'REL'
+        when Constants::ET_EXEC then 'EXEC'
+        when Constants::ET_DYN then 'DYN'
+        when Constants::ET_CORE then 'CORE'
+        else '<unknown>'
+        end
+      end
+    end
+    include ET
   end
 end

data/lib/elftools/dynamic.rb

@@ -14,18 +14,27 @@ module ELFTools
     #   header
     #   tag_start
     # @param [Block] block You can give a block.
-    # @return [Array<ELFTools::Dynamic::Tag>] Array of tags.
+    # @return [Enumerator<ELFTools::Dynamic::Tag>, Array<ELFTools::Dynamic::Tag>]
+    #   If block is not given, an enumerator will be returned.
+    #   Otherwise, return array of tags.
     def each_tags
+      return enum_for(:each_tags) unless block_given?
       arr = []
       0.step do |i|
         tag = tag_at(i)
-        yield tag if block_given?
+        yield tag
         arr << tag
         break if tag.header.d_tag == ELFTools::Constants::DT_NULL
       end
       arr
     end
-    alias tags each_tags
+
+    # Use {#tags} to get all tags.
+    # @return [Array<ELFTools::Dynamic::Tag>]
+    #   Array of tags.
+    def tags
+      each_tags.to_a
+    end
 
     # Get a tag of specific type.
     # @param [Integer, Symbol, String] type
@@ -53,10 +62,7 @@ module ELFTools
     #   #=> #<ELFTools::Dynamic::Tag:0x0055d3d2d91b28 @header={:d_tag=>3, :d_val=>6295552}>
     def tag_by_type(type)
       type = Util.to_constant(Constants::DT, type)
-      each_tags do |tag|
-        return tag if tag.header.d_tag == type
-      end
-      nil
+      each_tags.find { |tag| tag.header.d_tag == type }
     end
 
     # Get the +n+-th tag.
@@ -75,10 +81,10 @@ module ELFTools
       return if n < 0
       @tag_at_map ||= {}
       return @tag_at_map[n] if @tag_at_map[n]
-      dyn = ELF_Dyn.new(endian: endian)
+      dyn = Structs::ELF_Dyn.new(endian: endian)
       dyn.elf_class = header.elf_class
       stream.pos = tag_start + n * dyn.num_bytes
-      @tag_at_map[n] = Tag.new(dyn.read(stream), stream)
+      @tag_at_map[n] = Tag.new(dyn.read(stream), stream, method(:str_offset))
     end
 
     private
@@ -87,20 +93,68 @@ module ELFTools
       header.class.self_endian
     end
 
+    # Get the DT_STRTAB's +d_val+ offset related to file.
+    def str_offset
+      # TODO: handle DT_STRTAB not exitsts.
+      @str_offset ||= @offset_from_vma.call(tag_by_type(:strtab).header.d_val.to_i)
+    end
+
     # A tag class.
     class Tag
-      attr_reader :header # @return [ELFTools::ELF_Dyn] The dynamic tag header.
+      attr_reader :header # @return [ELFTools::Structs::ELF_Dyn] The dynamic tag header.
       attr_reader :stream # @return [File] Streaming object.
 
       # Instantiate a {ELFTools::Dynamic::Tag} object.
       # @param [ELF_Dyn] header The dynamic tag header.
       # @param [File] stream Streaming object.
-      def initialize(header, stream)
+      # @param [Method] str_offset
+      #   Call this method to get the string offset related
+      #   to file.
+      def initialize(header, stream, str_offset)
         @header = header
         @stream = stream
+        @str_offset = str_offset
+      end
+
+      TYPE_WITH_NAME = [Constants::DT_NEEDED,
+                        Constants::DT_SONAME,
+                        Constants::DT_RPATH,
+                        Constants::DT_RUNPATH].freeze
+      # Return the content of this tag records.
+      #
+      # For normal tags, this method just return
+      # +header.d_val+. For tags with +header.d_val+
+      # in meaning of string offset (e.g. DT_NEEDED), this method would
+      # return the string it specified.
+      # Tags with type in {TYPE_WITH_NAME} are those tags with name.
+      # @return [Integer, String] The content this tag records.
+      # @example
+      #   dynamic = elf.segment_by_type(:dynamic)
+      #   dynamic.tag_by_type(:init).value
+      #   #=> 4195600 # 0x400510
+      #   dynamic.tag_by_type(:needed).value
+      #   #=> 'libc.so.6'
+      def value
+        name || header.d_val.to_i
+      end
+
+      # Is this tag has a name?
+      #
+      # The criteria here is if this tag's type is in {TYPE_WITH_NAME}.
+      # @return [Boolean] Is this tag has a name.
+      def name?
+        TYPE_WITH_NAME.include?(header.d_tag)
+      end
+
+      # Return the name of this tag.
+      #
+      # Only tags with name would return a name.
+      # Others would return +nil+.
+      # @return [String, NilClass] The name.
+      def name
+        return nil unless name?
+        Util.cstring(stream, @str_offset.call + header.d_val.to_i)
       end
-      # TODO: Get the name of tags, e.g. SONAME
-      # TODO: Handle (non)-PIE ELF correctly.
     end
   end
 end

data/lib/elftools/elf_file.rb

@@ -3,7 +3,7 @@ require 'elftools/exceptions'
 require 'elftools/lazy_array'
 require 'elftools/sections/sections'
 require 'elftools/segments/segments'
-require 'elftools/structures'
+require 'elftools/structs'
 
 module ELFTools
   # The main class for using elftools.
@@ -27,11 +27,11 @@ module ELFTools
     # Return the file header.
     #
     # Lazy loading.
-    # @retrn [ELFTools::ELF_Ehdr] The header.
+    # @retrn [ELFTools::Structs::ELF_Ehdr] The header.
     def header
-      return @header if @header
+      return @header if defined?(@header)
       stream.pos = 0
-      @header = ELF_Ehdr.new(endian: endian)
+      @header = Structs::ELF_Ehdr.new(endian: endian)
       @header.elf_class = elf_class
       @header.read(stream)
     end
@@ -65,6 +65,17 @@ module ELFTools
       ELFTools::Constants::EM.mapping(header.e_machine)
     end
 
+    # Return the ELF type according to +e_type+.
+    # @return [String] Type in string format.
+    # @example
+    #   ELFFile.new(File.open('spec/files/libc.so.6')).elf_type
+    #   #=> 'DYN'
+    #   ELFFile.new(File.open('spec/files/amd64.elf')).elf_type
+    #   #=> 'EXEC'
+    def elf_type
+      ELFTools::Constants::ET.mapping(header.e_type)
+    end
+
     #========= method about sections
 
     # Number of sections in this file.
@@ -87,13 +98,7 @@ module ELFTools
     #   elf.section_by_name('no such section')
     #   #=> nil
     def section_by_name(name)
-      @section_name_map ||= {}
-      return @section_name_map[name] if @section_name_map[name]
-      each_sections do |section|
-        @section_name_map[section.name] = section
-        return section if section.name == name
-      end
-      nil
+      each_sections.find { |sec| sec.name == name }
     end
 
     # Iterate all sections.
@@ -104,17 +109,24 @@ module ELFTools
     # since not all sections need to be created.
     # @param [Block] block
     #   Just like +Array#each+, you can give a block.
-    # @return [ Array<ELFTools::Sections::Section>]
-    #   The whole sections will be returned.
+    # @return [Enumerator<ELFTools::Sections::Section>, Array<ELFTools::Sections::Section>]
+    #   As +Array#each+, if block is not given, a enumerator will be returned,
+    #   otherwise, the whole sections will be returned.
     def each_sections
+      return enum_for(:each_sections) unless block_given?
       Array.new(num_sections) do |i|
         sec = section_at(i)
-        block_given? ? yield(sec) : sec
+        yield sec
+        sec
       end
     end
 
-    # Simply use {#sections} without giving block to get all sections.
-    alias sections each_sections
+    # Simply use {#sections} to get all sections.
+    # @return [Array<ELFTools::Sections::Section>]
+    #   Whole sections.
+    def sections
+      each_sections.to_a
+    end
 
     # Acquire the +n+-th section, 0-based.
     #
@@ -128,6 +140,26 @@ module ELFTools
       @sections[n]
     end
 
+    # Fetch all sections with specific type.
+    #
+    # The available types are listed in {ELFTools::Constants},
+    # start with +SHT_+.
+    # This method accept giving block.
+    # @param [Integer, Symbol, String] type
+    #   The type needed, similar format as {#segment_by_type}.
+    # @param [Block] block
+    #   Block will be yielded whenever find a section.
+    # @return [Array<ELFTools::Sections::section>] The target sections.
+    # @example
+    #   elf = ELFTools::ELFFile.new(File.open('spec/files/amd64.elf'))
+    #   elf.sections_by_type(:rela)
+    #   #=> [#<ELFTools::Sections::RelocationSection:0x00563cd3219970>,
+    #   #    #<ELFTools::Sections::RelocationSection:0x00563cd3b89d70>]
+    def sections_by_type(type, &block)
+      type = Util.to_constant(Constants::SHT, type)
+      Util.select_by_type(each_sections, type, &block)
+    end
+
     # Get the string table section.
     #
     # This section is acquired by using the +e_shstrndx+
@@ -156,18 +188,24 @@ module ELFTools
     # @return [Array<ELFTools::Segments::Segment>]
     #   Whole segments will be returned.
     def each_segments
+      return enum_for(:each_segments) unless block_given?
       Array.new(num_segments) do |i|
         seg = segment_at(i)
-        block_given? ? yield(seg) : seg
+        yield seg
+        seg
       end
     end
 
-    # Simply use {#segments} without giving block to get all segments.
-    alias segments each_segments
+    # Simply use {#segments} to get all segments.
+    # @return [Array<ELFTools::Segments::Segment>]
+    #   Whole segments.
+    def segments
+      each_segments.to_a
+    end
 
     # Get the first segment with +p_type=type+.
     # The available types are listed in {ELFTools::Constants},
-    # starts with +PT_+.
+    # start with +PT_+.
     #
     # Notice: this method will return the first segment found,
     # to found all segments with specific type you can use {#segments_by_type}.
@@ -208,21 +246,22 @@ module ELFTools
     #   #=> nil # no such segment exists
     def segment_by_type(type)
       type = Util.to_constant(Constants::PT, type)
-      each_segments do |seg|
-        return seg if seg.header.p_type == type
-      end
-      nil
+      each_segments.find { |seg| seg.header.p_type == type }
     end
 
     # Fetch all segments with specific type.
+    #
     # If you want to find only one segment,
     # use {#segment_by_type} instead.
+    # This method accept giving block.
     # @param [Integer, Symbol, String] type
     #   The type needed, same format as {#segment_by_type}.
+    # @param [Block] block
+    #   Block will be yielded whenever find a segement.
     # @return [Array<ELFTools::Segments::Segment>] The target segments.
-    def segments_by_type(type)
+    def segments_by_type(type, &block)
       type = Util.to_constant(Constants::PT, type)
-      segments.select { |segment| segment.header.p_type == type }
+      Util.select_by_type(each_segments, type, &block)
     end
 
     # Acquire the +n+-th segment, 0-based.
@@ -237,6 +276,25 @@ module ELFTools
       @segments[n]
     end
 
+    # Get the offset related to file, given virtual memory address.
+    #
+    # This method should work no matter ELF is a PIE or not.
+    # This method refers from (actually equals to) binutils/readelf.c#offset_from_vma.
+    # @param [Integer] vma The address need query.
+    # @return [Integer] Offset related to file.
+    # @example
+    #   elf = ELFTools::ELFFile.new(File.open('/bin/cat'))
+    #   elf.offset_from_vma(0x401337)
+    #   #=> 4919 # 0x1337
+    def offset_from_vma(vma, size = 0)
+      segments_by_type(:load) do |seg|
+        if vma >= (seg.header.p_vaddr & -seg.header.p_align) &&
+           vma + size <= seg.header.p_vaddr + seg.header.p_filesz
+          return vma - seg.header.p_vaddr + seg.header.p_offset
+        end
+      end
+    end
+
     private
 
     def identify
@@ -259,19 +317,20 @@ module ELFTools
 
     def create_section(n)
       stream.pos = header.e_shoff + n * header.e_shentsize
-      shdr = ELF_Shdr.new(endian: endian)
+      shdr = Structs::ELF_Shdr.new(endian: endian)
       shdr.elf_class = elf_class
       shdr.read(stream)
       Sections::Section.create(shdr, stream,
+                               offset_from_vma: method(:offset_from_vma),
                                strtab: method(:strtab_section),
                                section_at: method(:section_at))
     end
 
     def create_segment(n)
       stream.pos = header.e_phoff + n * header.e_phentsize
-      phdr = ELF_Phdr[elf_class].new(endian: endian)
+      phdr = Structs::ELF_Phdr[elf_class].new(endian: endian)
       phdr.elf_class = elf_class
-      Segments::Segment.create(phdr.read(stream), stream)
+      Segments::Segment.create(phdr.read(stream), stream, offset_from_vma: method(:offset_from_vma))
     end
   end
 end

data/lib/elftools/note.rb

@@ -1,4 +1,4 @@
-require 'elftools/structures'
+require 'elftools/structs'
 require 'elftools/util'
 
 module ELFTools
@@ -10,10 +10,10 @@ module ELFTools
   # {ELFTools::Segments::NoteSegment} since some methods assume some attributes already
   # exist.
   module Note
-    # Since size of {ELFTools::ELF_Nhdr} will not change no
+    # Since size of {ELFTools::Structs::ELF_Nhdr} will not change no
     # matter what endian and what arch, we can do this here.
     # This value should equal to 12.
-    SIZE_OF_NHDR = ELF_Nhdr.new(endian: :little).num_bytes
+    SIZE_OF_NHDR = Structs::ELF_Nhdr.new(endian: :little).num_bytes
 
     # Iterate all notes in a note section or segment.
     #
@@ -68,13 +68,13 @@ module ELFTools
     end
 
     def create_note(cur)
-      nhdr = ELF_Nhdr.new(endian: endian).read(stream)
+      nhdr = Structs::ELF_Nhdr.new(endian: endian).read(stream)
       ELFTools::Note::Note.new(nhdr, stream, cur)
     end
 
     # Class of a note.
     class Note
-      attr_reader :header # @return [ELFTools::ELF_Nhdr] Note header.
+      attr_reader :header # @return [ELFTools::Structs::ELF_Nhdr] Note header.
       attr_reader :stream # @return [File] Streaming object.
       attr_reader :offset # @return [Integer] Address of this note start, includes note header.
 

data/lib/elftools/sections/relocation_section.rb

@@ -0,0 +1,108 @@
+require 'elftools/constants'
+require 'elftools/sections/section'
+require 'elftools/structs'
+
+module ELFTools
+  module Sections
+    # Class of note section.
+    # Note section records notes
+    class RelocationSection < Section
+      # Is this relocation a RELA or REL type.
+      # @return [Boolean] If is RELA.
+      def rela?
+        header.sh_type == Constants::SHT_RELA
+      end
+
+      # Number of relocations in this section.
+      # @return [Integer] The number.
+      def num_relocations
+        header.sh_size / header.sh_entsize
+      end
+
+      # Acquire the +n+-th relocation, 0-based.
+      #
+      # relocations are lazy loaded.
+      # @param [Integer] n The index.
+      # @return [ELFTools::Relocation, NilClass]
+      #   The target relocation.
+      #   If +n+ is out of bound, +nil+ is returned.
+      def relocation_at(n)
+        @relocations ||= LazyArray.new(num_relocations, &method(:create_relocation))
+        @relocations[n]
+      end
+
+      # Iterate all relocations.
+      #
+      # All relocations are lazy loading, the relocation
+      # only be created whenever accessing it.
+      # @param [Block] block
+      #   Just like +Array#each+, you can give a block.
+      # @return [Enumerator<ELFTools::Relocation>, Array<ELFTools::Relocation>]
+      #   If block is not given, an enumerator will be returned.
+      #   Otherwise, the whole relocations will be returned.
+      def each_relocations
+        return enum_for(:each_relocations) unless block_given?
+        Array.new(num_relocations) do |i|
+          rel = relocation_at(i)
+          yield rel
+          rel
+        end
+      end
+
+      # Simply use {#relocations} to get all relocations.
+      # @return [Array<ELFTools::Relocation>]
+      #   Whole relocations.
+      def relocations
+        each_relocations.to_a
+      end
+
+      private
+
+      def create_relocation(n)
+        stream.pos = header.sh_offset + n * header.sh_entsize
+        klass = rela? ? Structs::ELF_Rela : Structs::ELF_Rel
+        rel = klass.new(endian: header.class.self_endian)
+        rel.elf_class = header.elf_class
+        rel.read(stream)
+        Relocation.new(rel, stream)
+      end
+    end
+  end
+
+  # A relocation entry.
+  #
+  # Can be either a REL or RELA relocation.
+  # XXX: move this to an independent file?
+  class Relocation
+    attr_reader :header # @return [ELFTools::Structs::ELF_Rel, ELFTools::Structs::ELF_Rela] Rel(a) header.
+    attr_reader :stream # @return [File] Streaming object.
+
+    # Instantiate a {Relocation} object.
+    def initialize(header, stream)
+      @header = header
+      @stream = stream
+    end
+
+    # +r_info+ contains sym and type, use two methods
+    # to access them easier.
+    # @return [Integer] sym infor.
+    def r_info_sym
+      header.r_info >> mask_bit
+    end
+    alias symbol_index r_info_sym
+
+    # +r_info+ contains sym and type, use two methods
+    # to access them easier.
+    # @return [Integer] type infor.
+    def r_info_type
+      header.r_info & ((1 << mask_bit) - 1)
+    end
+    alias type r_info_type
+
+    private
+
+    def mask_bit
+      header.elf_class == 32 ? 8 : 32
+    end
+  end
+end

data/lib/elftools/sections/section.rb

@@ -3,11 +3,11 @@ module ELFTools
   module Sections
     # Base class of sections.
     class Section
-      attr_reader :header # @return [ELFTools::ELF_Shdr] Section header.
+      attr_reader :header # @return [ELFTools::Structs::ELF_Shdr] Section header.
       attr_reader :stream # @return [File] Streaming object.
 
       # Instantiate a {Section} object.
-      # @param [ELFTools::ELF_Shdr] header
+      # @param [ELFTools::Structs::ELF_Shdr] header
       #   The section header object.
       # @param [File] stream
       #   The streaming object for further dump.
@@ -15,10 +15,20 @@ module ELFTools
       #   The string table object. For fetching section names.
       #   If +Proc+ if given, it will call at the first
       #   time access +#name+.
-      def initialize(header, stream, strtab: nil, **_kwagrs)
+      # @param [Method] offset_from_vma
+      #   The method to get offset of file, given virtual memory address.
+      def initialize(header, stream, offset_from_vma: nil, strtab: nil, **_kwargs)
         @header = header
         @stream = stream
         @strtab = strtab
+        @offset_from_vma = offset_from_vma
+      end
+
+      # Return +header.sh_type+ in a simplier way.
+      # @return [Integer]
+      #   The type, meaning of types are defined in {Constants::SHT}.
+      def type
+        header.sh_type
       end
 
       # Get name of this section.

data/lib/elftools/sections/sections.rb

@@ -5,6 +5,7 @@ require 'elftools/sections/section'
 require 'elftools/sections/dynamic_section'
 require 'elftools/sections/note_section'
 require 'elftools/sections/null_section'
+require 'elftools/sections/relocation_section'
 require 'elftools/sections/str_tab_section'
 require 'elftools/sections/sym_tab_section'
 
@@ -14,7 +15,7 @@ module ELFTools
     # Class methods of {Sections::Section}.
     class << Section
       # Use different class according to +header.sh_type+.
-      # @param [ELFTools::ELF_Shdr] header Section header.
+      # @param [ELFTools::Structs::ELF_Shdr] header Section header.
       # @param [File] stream Streaming object.
       # @return [ELFTools::Sections::Section]
       #   Return object dependes on +header.sh_type+.
@@ -23,6 +24,7 @@ module ELFTools
                 when Constants::SHT_DYNAMIC then DynamicSection
                 when Constants::SHT_NULL then NullSection
                 when Constants::SHT_NOTE then NoteSection
+                when Constants::SHT_RELA, Constants::SHT_REL then RelocationSection
                 when Constants::SHT_STRTAB then StrTabSection
                 when Constants::SHT_SYMTAB, Constants::SHT_DYNSYM then SymTabSection
                 else Section

data/lib/elftools/sections/str_tab_section.rb

@@ -1,4 +1,5 @@
 require 'elftools/sections/section'
+require 'elftools/util'
 
 module ELFTools
   module Sections
@@ -11,16 +12,7 @@ module ELFTools
       #   Usually from +shdr.sh_name+ or +sym.st_name+.
       # @return [String] The name without null bytes.
       def name_at(offset)
-        stream.pos = header.sh_offset + offset
-        # read until "\x00"
-        ret = ''
-        loop do
-          c = stream.read(1)
-          return nil if c.nil? # reach EOF
-          break if c == "\x00"
-          ret += c
-        end
-        ret
+        Util.cstring(stream, header.sh_offset + offset)
       end
     end
   end

data/lib/elftools/sections/sym_tab_section.rb

@@ -9,7 +9,7 @@ module ELFTools
       # Instantiate a {SymTabSection} object.
       # There's a +section_at+ lambda for {SymTabSection}
       # to easily fetch other sections.
-      # @param [ELFTools::ELF_Shdr] header
+      # @param [ELFTools::Structs::ELF_Shdr] header
       #   See {Section#initialize} for more information.
       # @param [File] stream
       #   See {Section#initialize} for more information.
@@ -36,7 +36,7 @@ module ELFTools
       #
       # Symbols are lazy loaded.
       # @param [Integer] n The index.
-      # @return [ELFTools:Symbol, NilClass]
+      # @return [ELFTools::Symbol, NilClass]
       #   The target symbol.
       #   If +n+ is out of bound, +nil+ is returned.
       def symbol_at(n)
@@ -87,20 +87,21 @@ module ELFTools
 
       def create_symbol(n)
         stream.pos = header.sh_offset + n * header.sh_entsize
-        sym = ELF_sym[header.elf_class].new(endian: header.class.self_endian)
+        sym = Structs::ELF_sym[header.elf_class].new(endian: header.class.self_endian)
         sym.read(stream)
         Symbol.new(sym, stream, symstr: method(:symstr))
       end
     end
 
     # Class of symbol.
+    #
     # XXX: Should this class be defined in an independent file?
     class Symbol
-      attr_reader :header # @return [ELFTools::ELF32_sym, ELFTools::ELF64_sym] Section header.
+      attr_reader :header # @return [ELFTools::Structs::ELF32_sym, ELFTools::Structs::ELF64_sym] Section header.
       attr_reader :stream # @return [File] Streaming object.
 
       # Instantiate a {ELFTools::Symbol} object.
-      # @param [ELFTools::ELF32_sym, ELFTools::ELF64_sym] header
+      # @param [ELFTools::Structs::ELF32_sym, ELFTools::Structs::ELF64_sym] header
       #   The symbol header.
       # @param [File] stream The streaming object.
       # @param [ELFTools::Sections::StrTabSection, Proc] symstr

data/lib/elftools/segments/segment.rb

@@ -2,17 +2,27 @@ module ELFTools
   module Segments
     # Base class of segments.
     class Segment
-      attr_reader :header # @return [ELFTools::ELF32_Phdr, ELFTools::ELF64_Phdr] Program header.
+      attr_reader :header # @return [ELFTools::Structs::ELF32_Phdr, ELFTools::Structs::ELF64_Phdr] Program header.
       attr_reader :stream # @return [File] Streaming object.
 
       # Instantiate a {Segment} object.
-      # @param [ELFTools::ELF32_Phdr, ELFTools::ELF64_Phdr] header
+      # @param [ELFTools::Structs::ELF32_Phdr, ELFTools::Structs::ELF64_Phdr] header
       #   Program header.
       # @param [File] stream
       #   Streaming object.
-      def initialize(header, stream)
+      # @param [Method] offset_from_vma
+      #   The method to get offset of file, given virtual memory address.
+      def initialize(header, stream, offset_from_vma: nil)
         @header = header
         @stream = stream
+        @offset_from_vma = offset_from_vma
+      end
+
+      # Return +header.p_type+ in a simplier way.
+      # @return [Integer]
+      #   The type, meaning of types are defined in {Constants::PT}.
+      def type
+        header.p_type
       end
 
       # The content in this segment.

data/lib/elftools/segments/segments.rb

@@ -12,7 +12,7 @@ module ELFTools
     # Class methods of {Segments::Segment}.
     class << Segment
       # Use different class according to +header.p_type+.
-      # @param [ELFTools::ELF32_Phdr, ELFTools::ELF64_Phdr] header Program header of a segment.
+      # @param [ELFTools::Structs::ELF32_Phdr, ELFTools::Structs::ELF64_Phdr] header Program header of a segment.
       # @param [File] stream Streaming object.
       # @return [ELFTools::Segments::Segment]
       #   Return object dependes on +header.p_type+.

data/lib/elftools/structs.rb

@@ -0,0 +1,155 @@
+require 'bindata'
+module ELFTools
+  # Define ELF related structures in this module.
+  #
+  # Structures are fetch from https://github.com/torvalds/linux/blob/master/include/uapi/linux/elf.h.
+  # Using the bindata gem to make these structures support 32/64 bits and
+  # little/big endian simultaneously.
+  module Structs
+    # The base structure to define common methods.
+    class ELFStruct < BinData::Record
+      CHOICE_SIZE_T = {
+        selection: :elf_class, choices: { 32 => :uint32, 64 => :uint64 }
+      }.freeze
+
+      attr_accessor :elf_class # @return [Integer] 32 or 64.
+
+      # Hacking to get endian of current class
+      # @return [Symbol, NilClass] +:little+ or +:big+.
+      def self.self_endian
+        bindata_name[-2..-1] == 'ge' ? :big : :little
+      end
+    end
+
+    # ELF header structure.
+    class ELF_Ehdr < ELFStruct
+      endian :big_and_little
+      struct :e_ident do
+        string :magic, read_length: 4
+        int8 :ei_class
+        int8 :ei_data
+        int8 :ei_version
+        int8 :ei_osabi
+        int8 :ei_abiversion
+        string :ei_padding, read_length: 7 # no use
+      end
+      uint16 :e_type
+      uint16 :e_machine
+      uint32 :e_version
+      # entry point
+      choice :e_entry, **CHOICE_SIZE_T
+      choice :e_phoff, **CHOICE_SIZE_T
+      choice :e_shoff, **CHOICE_SIZE_T
+      uint32 :e_flags
+      uint16 :e_ehsize # size of this header
+      uint16 :e_phentsize # size of each segment
+      uint16 :e_phnum # number of segments
+      uint16 :e_shentsize # size of each section
+      uint16 :e_shnum # number of sections
+      uint16 :e_shstrndx # index of string table section
+    end
+
+    # Section header structure.
+    class ELF_Shdr < ELFStruct
+      endian :big_and_little
+      uint32 :sh_name
+      uint32 :sh_type
+      choice :sh_flags, **CHOICE_SIZE_T
+      choice :sh_addr, **CHOICE_SIZE_T
+      choice :sh_offset, **CHOICE_SIZE_T
+      choice :sh_size, **CHOICE_SIZE_T
+      uint32 :sh_link
+      uint32 :sh_info
+      choice :sh_addralign, **CHOICE_SIZE_T
+      choice :sh_entsize, **CHOICE_SIZE_T
+    end
+
+    # Program header structure for 32bit.
+    class ELF32_Phdr < ELFStruct
+      endian :big_and_little
+      uint32 :p_type
+      uint32 :p_offset
+      uint32 :p_vaddr
+      uint32 :p_paddr
+      uint32 :p_filesz
+      uint32 :p_memsz
+      uint32 :p_flags
+      uint32 :p_align
+    end
+
+    # Program header structure for 64bit.
+    class ELF64_Phdr < ELFStruct
+      endian :big_and_little
+      uint32 :p_type
+      uint32 :p_flags
+      uint64 :p_offset
+      uint64 :p_vaddr
+      uint64 :p_paddr
+      uint64 :p_filesz
+      uint64 :p_memsz
+      uint64 :p_align
+    end
+    ELF_Phdr = {
+      32 => ELF32_Phdr,
+      64 => ELF64_Phdr
+    }.freeze
+
+    # Symbol structure for 32bit.
+    class ELF32_sym < ELFStruct
+      endian :big_and_little
+      uint32 :st_name
+      uint32 :st_value
+      uint32 :st_size
+      uint8 :st_info
+      uint8 :st_other
+      uint16 :st_shndx
+    end
+
+    # Symbol structure for 64bit.
+    class ELF64_sym < ELFStruct
+      endian :big_and_little
+      uint32 :st_name  # Symbol name, index in string tbl
+      uint8 :st_info   # Type and binding attributes
+      uint8 :st_other  # No defined meaning, 0
+      uint16 :st_shndx # Associated section index
+      uint64 :st_value # Value of the symbol
+      uint64 :st_size  # Associated symbol size
+    end
+    ELF_sym = {
+      32 => ELF32_sym,
+      64 => ELF64_sym
+    }.freeze
+
+    # Note header.
+    class ELF_Nhdr < ELFStruct
+      endian :big_and_little
+      uint32 :n_namesz # Name size
+      uint32 :n_descsz # Content size
+      uint32 :n_type   # Content type
+    end
+
+    # Dynamic tag header.
+    class ELF_Dyn < ELFStruct
+      endian :big_and_little
+      choice :d_tag, selection: :elf_class, choices: { 32 => :int32, 64 => :int64 }
+      # This is an union type named +d_un+ in original source,
+      # simplify it to be +d_val+ here.
+      choice :d_val, **CHOICE_SIZE_T
+    end
+
+    # Rel header in .rel section.
+    class ELF_Rel < ELFStruct
+      endian :big_and_little
+      choice :r_offset, **CHOICE_SIZE_T
+      choice :r_info, **CHOICE_SIZE_T
+    end
+
+    # Rela header in .rela section.
+    class ELF_Rela < ELFStruct
+      endian :big_and_little
+      choice :r_offset, **CHOICE_SIZE_T
+      choice :r_info, **CHOICE_SIZE_T
+      choice :r_addend, selection: :elf_class, choices: { 32 => :int32, 64 => :int64 }
+    end
+  end
+end

data/lib/elftools/util.rb

@@ -45,6 +45,48 @@ module ELFTools
         raise ArgumentError, "No constants in #{module_name} named \"#{val}\"" unless mod.const_defined?(val)
         mod.const_get(val)
       end
+
+      # Read from stream until reach a null-byte.
+      # @param [File] stream Streaming object
+      # @param [Integer] offset Start from here.
+      # @return [String] Result string will never contain null byte.
+      # @example
+      #   Util.cstring(File.open('/bin/cat'), 0)
+      #   #=> "\x7FELF\x02\x01\x01"
+      def cstring(stream, offset)
+        stream.pos = offset
+        # read until "\x00"
+        ret = ''
+        loop do
+          c = stream.read(1)
+          return nil if c.nil? # reach EOF
+          break if c == "\x00"
+          ret += c
+        end
+        ret
+      end
+
+      # Select objects from enumerator with +.type+ property
+      # equals to +type+.
+      #
+      # Different from naive +Array#select+ is this method
+      # will yield block whenever find a desired object.
+      #
+      # This method is used to simplify the same logic in methods
+      # {ELFFile#sections_by_type}, {ELFFile#segments_by_type}, etc.
+      # @param [Enumerator] enum An enumerator for further select.
+      # @param [Object] type The type you want.
+      # @return [Array<Object>]
+      #   The return value will be objects in +enum+ with attribute
+      #   +.type+ equals to +type+.
+      def select_by_type(enum, type)
+        enum.select do |sec|
+          if sec.type == type
+            yield sec if block_given?
+            true
+          end
+        end
+      end
     end
     extend ClassMethods
   end

data/lib/elftools/version.rb

@@ -1,3 +1,3 @@
 module ELFTools
-  VERSION = '0.1.0'.freeze
+  VERSION = '0.2.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: elftools
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - david942j
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-16 00:00:00.000000000 Z
+date: 2017-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bindata
@@ -114,6 +114,7 @@ files:
 - lib/elftools/sections/dynamic_section.rb
 - lib/elftools/sections/note_section.rb
 - lib/elftools/sections/null_section.rb
+- lib/elftools/sections/relocation_section.rb
 - lib/elftools/sections/section.rb
 - lib/elftools/sections/sections.rb
 - lib/elftools/sections/str_tab_section.rb
@@ -123,7 +124,7 @@ files:
 - lib/elftools/segments/note_segment.rb
 - lib/elftools/segments/segment.rb
 - lib/elftools/segments/segments.rb
-- lib/elftools/structures.rb
+- lib/elftools/structs.rb
 - lib/elftools/util.rb
 - lib/elftools/version.rb
 homepage: https://github.com/david942j/rbelftools

data/lib/elftools/structures.rb

@@ -1,133 +0,0 @@
-require 'bindata'
-module ELFTools
-  # The base structure to define common methods.
-  class ELFStruct < BinData::Record
-    CHOICE_SIZE_T = {
-      selection: :elf_class, choices: { 32 => :uint32, 64 => :uint64 }
-    }.freeze
-
-    attr_accessor :elf_class # @return [Integer] 32 or 64.
-
-    # Hacking to get endian of current class
-    # @return [Symbol, NilClass] +:little+ or +:big+.
-    def self.self_endian
-      bindata_name[-2..-1] == 'ge' ? :big : :little
-    end
-  end
-
-  # ELF header structure.
-  class ELF_Ehdr < ELFStruct
-    endian :big_and_little
-    struct :e_ident do
-      string :magic, read_length: 4
-      int8 :ei_class
-      int8 :ei_data
-      int8 :ei_version
-      int8 :ei_osabi
-      int8 :ei_abiversion
-      string :ei_padding, read_length: 7 # no use
-    end
-    uint16 :e_type
-    uint16 :e_machine
-    uint32 :e_version
-    # entry point
-    choice :e_entry, **CHOICE_SIZE_T
-    choice :e_phoff, **CHOICE_SIZE_T
-    choice :e_shoff, **CHOICE_SIZE_T
-    uint32 :e_flags
-    uint16 :e_ehsize # size of this header
-    uint16 :e_phentsize # size of each segment
-    uint16 :e_phnum # number of segments
-    uint16 :e_shentsize # size of each section
-    uint16 :e_shnum # number of sections
-    uint16 :e_shstrndx # index of string table section
-  end
-
-  # Section header structure.
-  class ELF_Shdr < ELFStruct
-    endian :big_and_little
-    uint32 :sh_name
-    uint32 :sh_type
-    choice :sh_flags, **CHOICE_SIZE_T
-    choice :sh_addr, **CHOICE_SIZE_T
-    choice :sh_offset, **CHOICE_SIZE_T
-    choice :sh_size, **CHOICE_SIZE_T
-    uint32 :sh_link
-    uint32 :sh_info
-    choice :sh_addralign, **CHOICE_SIZE_T
-    choice :sh_entsize, **CHOICE_SIZE_T
-  end
-
-  # Program header structure for 32bit.
-  class ELF32_Phdr < ELFStruct
-    endian :big_and_little
-    uint32 :p_type
-    uint32 :p_offset
-    uint32 :p_vaddr
-    uint32 :p_paddr
-    uint32 :p_filesz
-    uint32 :p_memsz
-    uint32 :p_flags
-    uint32 :p_align
-  end
-
-  # Program header structure for 64bit.
-  class ELF64_Phdr < ELFStruct
-    endian :big_and_little
-    uint32 :p_type
-    uint32 :p_flags
-    uint64 :p_offset
-    uint64 :p_vaddr
-    uint64 :p_paddr
-    uint64 :p_filesz
-    uint64 :p_memsz
-    uint64 :p_align
-  end
-  ELF_Phdr = {
-    32 => ELF32_Phdr,
-    64 => ELF64_Phdr
-  }.freeze
-
-  # Symbol structure for 32bit.
-  class ELF32_sym < ELFStruct
-    endian :big_and_little
-    uint32 :st_name
-    uint32 :st_value
-    uint32 :st_size
-    uint8 :st_info
-    uint8 :st_other
-    uint16 :st_shndx
-  end
-
-  # Symbol structure for 64bit.
-  class ELF64_sym < ELFStruct
-    endian :big_and_little
-    uint32 :st_name  # Symbol name, index in string tbl
-    uint8 :st_info   # Type and binding attributes
-    uint8 :st_other  # No defined meaning, 0
-    uint16 :st_shndx # Associated section index
-    uint64 :st_value # Value of the symbol
-    uint64 :st_size  # Associated symbol size
-  end
-  ELF_sym = {
-    32 => ELF32_sym,
-    64 => ELF64_sym
-  }.freeze
-
-  # Note header.
-  class ELF_Nhdr < ELFStruct
-    endian :big_and_little
-    uint32 :n_namesz # Name size
-    uint32 :n_descsz # Content size
-    uint32 :n_type   # Content type
-  end
-
-  # Dynamic tag header.
-  class ELF_Dyn < ELFStruct
-    endian :big_and_little
-    choice :d_tag, selection: :elf_class, choices: { 32 => :int32, 64 => :int64 }
-    # This is an union type named +d_un+ in original source,
-    # simplify it to be +d_val+ here.
-    choice :d_val, **CHOICE_SIZE_T
-  end
-end