This project is a tool for analyzing ELF files to produce manifests that describe information extracted from ELF libraries and binaries.
The project is divided into two main parts: a Rust library containing modules and functionalities for analyzing ELF files, and a binary for direct usage of the tool.
The library is organized into the following modules:
elf_utils: Utility functions for analyzing ELF files.dwarf_analysis: Analysis of ELF .debug_info section.api_detection: Searching for APIs in ELF symbols.plt_mapping: Mapping of .plt and .rela.plt sections.code_section_handler: Handling ELF code sections, disassembling the code of the APIs.cleanup: Cleaning of mangled function names.manifest_creation: Module for creating manifests.error: Definition of custom errors and result types.
The manifest-producer binary uses the library to perform analysis of ELF files. It is divided into three main parts:
- Acquisition of ELF file data and APIs provided by the user.
- Utilization of library functionalities for ELF file analysis.
- Utilization of library functionalities for the Manifest creation.
To use the manifest-producer tool, you can run the following command from the command line:
cargo run <ELF_file_path> <JSON_file_path><ELF_file_path> represents the path to the ELF file intended for analysis, while <JSON_file_path> denotes the path to the JSON file containing the list of APIs.
The project uses the following main dependencies:
- capstone - A disassembly framework with multiple architectures support.
- goblin - A crate for handling PE, ELF, and Mach-O binaries.
- serde_json - A JSON serialization and deserialization library for Rust.
- thiserror - A library for defining custom error types in Rust.
- object - A crate for working with object file formats.
- cpp_demangle - A demangler for C++ symbols.
- gimli - A library for working with the DWARF debugging format.
- memmap2 - A safe and easy-to-use wrapper around platform memory-mapped I/O APIs.
- rustc-demangle - A demangler for Rust symbols.
Released under the MIT License