LukasWoodtli · June 16, 2022 09:24
diff --git a/elf_parser_hachoir.py b/elf_parser_hachoir.py
 # This is just a small example. There are better tools to use when dealing with ELF files.
 from hachoir.core.endian import LITTLE_ENDIAN
 from hachoir.field import Parser, Bytes, UInt8, Enum, PaddingBytes, FieldSet, UInt16, UInt32
 from hachoir.stream import FileInputStream


 class Ident(FieldSet):
    endian = LITTLE_ENDIAN

    EI_NIDENT = 16

    # static_size = EI_NIDENT

    def createFields(self):
        yield Bytes(self, "magic", 4, r"ELF magic header \x7fELF")
        yield Enum(UInt8(self, "EI_CLASS"), {0: "ELFCLASSNONE", 1: "ELFCLASS32", 2: "ELFCLASS64"})
        yield Enum(UInt8(self, "EI_DATA"), {0: "ELFDATANONE", 1: "ELFDATA2LSB", 2: "ELFDATA2MSB"})
        yield Enum(UInt8(self, "EI_VERSION"), {0: "EV_NONE", 1: "EV_CURRENT"})
        yield Enum(UInt8(self, "EI_OSABI"), {0: "ELFOSABI_SYSV",
                                             1: "ELFOSABI_HPUX",
                                             2: "ELFOSABI_NETBSD",
                                             3: "ELFOSABI_LINUX",
                                             6: "ELFOSABI_SOLARIS",
                                             8: "ELFOSABI_IRIX",
                                             9: "ELFOSABI_FREEBSD",
                                             10: "ELFOSABI_TRU64",
                                             97: "ELFOSABI_ARM",
                                             255: "ELFOSABI_STANDALONE, embedded"})
        yield UInt8(self, "EI_ABIVERSION")

        yield PaddingBytes(self, "EI_PAD", 7)


 class ElfHeader(Parser):
    endian = LITTLE_ENDIAN

    def createFields(self):
        yield Ident(self, "ident")
        yield Enum(UInt16(self, "e_type"),
                   {0: "ET_NONE",
                    1: "ET_REL",
                    2: "ET_EXEC",
                    3: "ET_DYN",
                    4: "ET_CORE",
                    5: "ET_NUM",
                    0xfe00: "ET_LOOS",
                    0xfeff: "ET_HIOS",
                    0xff00: "ET_LOPROC",
                    0xffff: "ET_HIPROC"})
        yield UInt16(self, "e_machine")
        yield UInt32(self, "e_version")


 def display_tree(parent):
    for field in parent:
        print(f"{field.path}: {field.value} ({field.display})")
        if field.is_field_set:
            display_tree(field)


 stream = FileInputStream("/usr/bin/ls")

 root = ElfHeader(stream, "header")

 print(str(root["/ident"]))

 #display_tree(root)
	# This is just a small example. There are better tools to use when dealing with ELF files.
	from hachoir.core.endian import LITTLE_ENDIAN
	from hachoir.field import Parser, Bytes, UInt8, Enum, PaddingBytes, FieldSet, UInt16, UInt32
	from hachoir.stream import FileInputStream


	class Ident(FieldSet):
	endian = LITTLE_ENDIAN

	EI_NIDENT = 16

	# static_size = EI_NIDENT

	def createFields(self):
	yield Bytes(self, "magic", 4, r"ELF magic header \x7fELF")
	yield Enum(UInt8(self, "EI_CLASS"), {0: "ELFCLASSNONE", 1: "ELFCLASS32", 2: "ELFCLASS64"})
	yield Enum(UInt8(self, "EI_DATA"), {0: "ELFDATANONE", 1: "ELFDATA2LSB", 2: "ELFDATA2MSB"})
	yield Enum(UInt8(self, "EI_VERSION"), {0: "EV_NONE", 1: "EV_CURRENT"})
	yield Enum(UInt8(self, "EI_OSABI"), {0: "ELFOSABI_SYSV",
	1: "ELFOSABI_HPUX",
	2: "ELFOSABI_NETBSD",
	3: "ELFOSABI_LINUX",
	6: "ELFOSABI_SOLARIS",
	8: "ELFOSABI_IRIX",
	9: "ELFOSABI_FREEBSD",
	10: "ELFOSABI_TRU64",
	97: "ELFOSABI_ARM",
	255: "ELFOSABI_STANDALONE, embedded"})
	yield UInt8(self, "EI_ABIVERSION")

	yield PaddingBytes(self, "EI_PAD", 7)


	class ElfHeader(Parser):
	endian = LITTLE_ENDIAN

	def createFields(self):
	yield Ident(self, "ident")
	yield Enum(UInt16(self, "e_type"),
	{0: "ET_NONE",
	1: "ET_REL",
	2: "ET_EXEC",
	3: "ET_DYN",
	4: "ET_CORE",
	5: "ET_NUM",
	0xfe00: "ET_LOOS",
	0xfeff: "ET_HIOS",
	0xff00: "ET_LOPROC",
	0xffff: "ET_HIPROC"})
	yield UInt16(self, "e_machine")
	yield UInt32(self, "e_version")


	def display_tree(parent):
	for field in parent:
	print(f"{field.path}: {field.value} ({field.display})")
	if field.is_field_set:
	display_tree(field)


	stream = FileInputStream("/usr/bin/ls")

	root = ElfHeader(stream, "header")

	print(str(root["/ident"]))

	#display_tree(root)