delf is an ELF 64 dump tool.
pipx install delf
Or:
git clone https://github.com/terminaldweller/delf
cd delf
poetry install
You can then run it with poetry shell
or poetry run
.
For a list of available options just run delf --help
:
$ delf --help
usage: delf [-h] [--dbg] [--obj OBJ] [--header] [--symboltable] [--phdrs] [--shdrs] [--symbolindex] [--stentries] [--objcode] [--test] [--test2] [--listdso] [--funcs] [--objs] [--dynsym] [--dlpath] [--phdynent]
[--section SECTION] [--dumpfunc DUMPFUNC] [--dumpfuncasm DUMPFUNCASM] [--textasm] [--dynsecents] [--reladyn] [--relaplt] [--rodata] [--disass DISASS] [--disassp DISASSP] [--got] [--gotplt]
[--noclor]
options:
-h, --help show this help message and exit
--dbg debug
--obj OBJ path to the executbale, shared object or object you want to load in bruiser
--header dump headers
--symboltable dump symbol table
--phdrs dump program haeders
--shdrs dump section haeders
--symbolindex dump symbol index
--stentries dump section table entries
--objcode dump objects
--test test switch
--test2 test switch 2
--listdso list DSOs
--funcs dump functions
--objs dump objects
--dynsym dump dynamic symbol table
--dlpath dump dynamic linker path
--phdynent dump ph PT_DYNAMIC entries
--section SECTION dump a section
--dumpfunc DUMPFUNC dump a functions machine code
--dumpfuncasm DUMPFUNCASM
dump a functions assembly code
--textasm disassemble the text section
--dynsecents dynamic section entries
--reladyn .rela.dyn entries
--relaplt .rela.plt entries
--rodata dump .rodata
--disass DISASS disassembls a section by name in section headers
--disassp DISASSP disassembls a section by index in program headers
--got dump .got section
--gotplt dump .got.plt section
--noclor dont use color
$ delf --obj ./main --shdrs
idx sh_name sh_type sh_flags sh_addr sh_offset sh_size sh_link sh_info sh_addralign sh_entsize
0 '' 'NULL' 0 0 0 0 0 0 0 0
1 '.interp' 'PROGBITS' 2 792 792 28 0 0 1 0
2 '.note.gnu.property' 'NOTE' 2 824 824 32 0 0 8 0
3 '.note.gnu.build-id' 'NOTE' 2 856 856 36 0 0 4 0
4 '.note.ABI-tag' 'NOTE' 2 892 892 32 0 0 4 0
5 '.gnu.hash' 'GNU_HASH' 2 928 928 36 6 0 8 0
6 '.dynsym' 'DYNSYM' 2 968 968 144 7 1 8 24
7 '.dynstr' 'STRTAB' 2 1112 1112 136 0 0 1 0
8 '.gnu.version' 'VERSYM' 2 1248 1248 12 6 0 2 2
9 '.gnu.version_r' 'VERNEED' 2 1264 1264 48 7 1 8 0
10 '.rela.dyn' 'RELA' 2 1312 1312 192 6 0 8 24
11 '.init' 'PROGBITS' 6 4096 4096 23 0 0 4 0
12 '.plt' 'PROGBITS' 6 4128 4128 16 0 0 16 16
13 '.plt.got' 'PROGBITS' 6 4144 4144 8 0 0 8 8
14 '.text' 'PROGBITS' 6 4160 4160 262 0 0 16 0
15 '.fini' 'PROGBITS' 6 4424 4424 9 0 0 4 0
16 '.rodata' 'PROGBITS' 18 8192 8192 4 0 0 4 4
17 '.eh_frame_hdr' 'PROGBITS' 2 8196 8196 44 0 0 4 0
18 '.eh_frame' 'PROGBITS' 2 8240 8240 172 0 0 8 0
19 '.init_array' 'INIT_ARRAY' 3 15872 11776 8 0 0 8 8
20 '.fini_array' 'FINI_ARRAY' 3 15880 11784 8 0 0 8 8
21 '.dynamic' 'DYNAMIC' 3 15888 11792 432 7 0 8 16
22 '.got' 'PROGBITS' 3 16320 12224 40 0 0 8 8
23 '.got.plt' 'PROGBITS' 3 16360 12264 24 0 0 8 8
24 '.data' 'PROGBITS' 3 16384 12288 16 0 0 8 0
25 '.bss' 'NOBITS' 3 16400 12304 8 0 0 1 0
26 '.comment' 'PROGBITS' 48 0 12304 39 0 0 1 1
27 '.debug_aranges' 'PROGBITS' 0 0 12352 240 0 0 16 0
28 '.debug_info' 'PROGBITS' 0 0 12592 1393 0 0 1 0
29 '.debug_abbrev' 'PROGBITS' 0 0 13985 398 0 0 1 0
30 '.debug_line' 'PROGBITS' 0 0 14383 463 0 0 1 0
31 '.debug_str' 'PROGBITS' 48 0 14846 944 0 0 1 1
32 '.debug_line_str' 'PROGBITS' 48 0 15790 265 0 0 1 1
33 '.debug_rnglists' 'PROGBITS' 0 0 16055 66 0 0 1 0
34 '.symtab' 'SYMTAB' 0 0 16128 864 35 19 8 24
35 '.strtab' 'STRTAB' 0 0 16992 467 0 0 1 0
36 '.shstrtab' 'STRTAB' 0 0 17459 368 0 0 1 0
$ delf --obj ./main --phdrs
idx p_type p_flags p_offset p_vaddr p_paddr p_filesz p_memsz p_flags2 p_align
0 'PHDR' 'WR' 64 64 64 728 728 0 '0x8'
1 'INTERP' 'XW' 792 792 792 28 28 0 '0x1'
2 'LOAD' 'X' 0 0 0 1504 1504 0 '0x1000'
3 'LOAD' 'X' 4096 4096 4096 337 337 0 '0x1000'
4 'LOAD' 'X' 8192 8192 8192 220 220 0 '0x1000'
5 'LOAD' 'X' 11776 15872 15872 528 536 0 '0x1000'
6 'DYNAMIC' 'W' 11792 15888 15888 432 432 0 '0x8'
7 'NOTE' 'R' 824 824 824 32 32 0 '0x8'
8 'NOTE' 'R' 856 856 856 68 68 0 '0x4'
9 None 'XW' 824 824 824 32 32 0 '0x8'
10 'GNU_EH_FRAME' '' 8196 8196 8196 44 44 0 '0x4'
11 'GNU_STACK' 'X' 0 0 0 0 0 0 '0x10'
12 'GNU_RELRO' 'W' 11776 15872 15872 512 512 0 '0x1'
$ delf --obj ./main --section .interp
000000 : 2f 6c 69 62 36 34 2f 6c 64 2d 6c 69 6e 75 78 2d /lib64/ld-linux-
000010 : 78 38 36 2d 36 34 2e 73 6f 2e 32 00 x86-64.so.2
$ delf --obj ./main --disass .text
0x0 xor ebp, ebp
0x2 mov r9, rdx
0x5 pop rsi
0x6 mov rdx, rsp
0x9 and rsp, 0xfffffffffffffff0
0xd push rax
0xe push rsp
0xf xor r8d, r8d
0x12 xor ecx, ecx
0x14 lea rdi, [rip + 0xd5]
0x1b call qword ptr [rip + 0x2f5f]
0x21 hlt
0x22 nop word ptr cs:[rax + rax]
0x2c nop dword ptr [rax]
0x30 lea rdi, [rip + 0x2f99]
0x37 lea rax, [rip + 0x2f92]
0x3e cmp rax, rdi
0x41 je 0x58
0x43 mov rax, qword ptr [rip + 0x2f3e]
0x4a test rax, rax
0x4d je 0x58
0x4f jmp rax
0x51 nop dword ptr [rax]
0x58 ret
0x59 nop dword ptr [rax]
0x60 lea rdi, [rip + 0x2f69]
0x67 lea rsi, [rip + 0x2f62]
0x6e sub rsi, rdi
0x71 mov rax, rsi
0x74 shr rsi, 0x3f
0x78 sar rax, 3
0x7c add rsi, rax
0x7f sar rsi, 1
0x82 je 0x98
0x84 mov rax, qword ptr [rip + 0x2f0d]
0x8b test rax, rax
0x8e je 0x98
0x90 jmp rax
0x92 nop word ptr [rax + rax]
0x98 ret
0x99 nop dword ptr [rax]
0xa0 endbr64
0xa4 cmp byte ptr [rip + 0x2f25], 0
0xab jne 0xd8
0xad push rbp
0xae cmp qword ptr [rip + 0x2eea], 0
0xb6 mov rbp, rsp
0xb9 je 0xc7
0xbb mov rdi, qword ptr [rip + 0x2f06]
0xc2 call 0xfffffffffffffff0
0xc7 call 0x30
0xcc mov byte ptr [rip + 0x2efd], 1
0xd3 pop rbp
0xd4 ret
0xd5 nop dword ptr [rax]
0xd8 ret
0xd9 nop dword ptr [rax]
0xe0 endbr64
0xe4 jmp 0x60
0xe9 nop dword ptr [rax]
0xf0 push rbp
0xf1 mov rbp, rsp
0xf4 mov dword ptr [rbp - 4], 0
0xfb mov dword ptr [rbp - 8], edi
0xfe mov qword ptr [rbp - 0x10], rsi
0x102 xor eax, eax
0x104 pop rbp
0x105 ret