67 lines
2.6 KiB
Markdown
67 lines
2.6 KiB
Markdown
SOAdvancedDissector
|
|
-------------------
|
|
|
|
SOAdvancedDissector is a Python(3) script that rely on _GNU readelf_, _c++filt_ and _vtable-dumper_ to extract symbols from Linux shared libraries (.so file).
|
|
|
|
Thanks to these symbols, the full class hierarchy is built allowing to link your code with the target library.
|
|
|
|
Nevertheless, extracted information is only the start of work. It needs to be reworked to find function type returns, attributes types, filter public/private functions/attributes/methods, add some class attributes and clean some unneeded symbols.
|
|
|
|
**Important** vtable-dumper has been forked, the original tool must not be used because it doesn't (for now) implements all needed features. Please use the one from https://github.com/soutade/vtable-dumper
|
|
|
|
|
|
Details
|
|
=======
|
|
|
|
A first pass is done thanks to _readelf_ + binary analysis to extract static information, it's mandatory. It scans _typeinfo_ and _vtable_ entries.
|
|
|
|
A second optional pass use _vtable-dumper_ which load the shared library allowing to read runtime vtable (which can be cleared in static file compiled with -fPIC) and find class hierarchy. This can be done apart, especially if shared library has been compiled for another platform (ARM).
|
|
|
|
|
|
Improvments
|
|
===========
|
|
|
|
This tool has been designed to do reverse engineering of a specific library (_librmsdk.so_ from Adobe) and even if I tried to do my best, it may doesn't cover all your cases. I won't do a long term support on it but feel free to send patches.
|
|
|
|
|
|
Usage
|
|
-----
|
|
|
|
SOAdvancedDissector.py [-h] -f TARGET -s SECTION_FILE -S SYMBOL_FILE [-V VTABLE_FILE] [-o OUTPUT_DIR] [-c] [-r]
|
|
|
|
-h, --help show this help message and exit
|
|
-f TARGET, --file TARGET
|
|
Target file
|
|
-s SECTION_FILE, --section-file SECTION_FILE
|
|
Section file (result from 'readelf --sections|c++filt')
|
|
-S SYMBOL_FILE, --symbol-file SYMBOL_FILE
|
|
Symbol file (result from 'readelf -sW|c++filt')
|
|
-V VTABLE_FILE, --vtable-file VTABLE_FILE
|
|
Dynamic vtable file (result from 'vtable-dumper --demangle|c++filt')
|
|
-o OUTPUT_DIR, --output-dir OUTPUT_DIR
|
|
output directory (default ./output)
|
|
-c, --clean-output-dir
|
|
Clean output directory before computing (instead update it)
|
|
-r, --print-raw-virtual-table
|
|
Print raw virtual table (debug purpose)
|
|
|
|
|
|
It's recommended to use _SOAdvancedDissector.sh_ script that do all tools extraction stuff.
|
|
|
|
|
|
Sources
|
|
-------
|
|
|
|
Sources can be found @ http://indefero.soutade.fr/p/soadvanceddissector
|
|
|
|
|
|
Copyright
|
|
---------
|
|
|
|
Grégory Soutadé
|
|
|
|
|
|
Licence
|
|
-------
|
|
|
|
GNU GPLv3 |