Giters

sqall01 / ZwoELF

An ELF parsing and manipulation library for Python

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Segment of type PT_DYNAMIC was not found

razaina opened this issue · comments

commented

Hi,

I tried to work on a stripped ELF32 Binary.

The output of the file command is:
file my_binary
/path/to/my_binary: ELF 32-bit LSB executable, version 1 (SYSV), statically linked, stripped

when I try to use the example "readELF.py" I got the following error:
python readELF.py /path/to/my_binary

Traceback (most recent call last):
File "readElf.py", line 18, in
test = ElfParser(x86File)
File "/media/Share/ElfParser/ZwoELF-master/ZwoELF/ElfParserLib.py", line 41, in init
self.parseElf(self.data, onlyParseHeader=onlyParseHeader)
File "/media/Share/ElfParser/ZwoELF-master/ZwoELF/ElfParserLib.py", line 1150, in parseElf
raise ValueError("Segment of type PT_DYNAMIC was not found.")
ValueError: Segment of type PT_DYNAMIC was not found.

It seems that the case of statically linked binaries was not taken into account?

Regards.

commented

Hi,

this is unfortunately correct :( . I had focused totally on dynamically linked binaries and realized that the parser does not work with statically linked binaries a few weeks ago when I gave a small talk about ELF obfuscation (someone pointed out that 'obviously' the PT_DYNAMIC segment is missing in statically linked binaries).

At the moment I am still working on recovering sections on stripped dynamically linked binaries (and because I do it in my free time, it does not progress as fast as I want it to). So, I do not know when I have time to look into statically linked binaries to add this feature to ZwoELF.

Regards.

commented

Hi,

In my case I am working on recovering sections on stripped statically linked binaries. But I am not yet familiar enough with the ELF file format :(.

I modified a bit ElfParserLib.py in order to not take in account all dynamic stuff when it is parsing or writting. Everything went well. I don't know if it was the good way...but....

I'm going to try to rebuild all the sections doing myElf.addNewSection(...).

Do you think that it should work?

Regards.

commented

addNewSection() should work when you give it all the needed data. But the problem here is that the parser does not have any information about possible sections. This must be done by you manually. Exactly this problem I am trying to solve for dynamically linked binaries.

Regards.

commented

@razaina hi you. you can share it?