mauricelambert/ElfAnalyzer

This module parses and analyzes ELF file for Forensic and investigations.

ElfAnalyzer

Description

This module parses and analyzes ELF file for Forensic and investigations.

Parses:

• ELF identification
• ELF headers
• Program headers
• ELF sections
• ELF symbols tables
• Comment section
• Note sections
• Dynamic section

Requirements

This package require:

• python3
• python3 Standard Library

Optional

• matplotlib
• EntropyAnalysis

Matplotlib and EntropyAnalysis are not installed by ProgramExecutableAnalyzer because this package can be installed on server without GUI. You can install optinal required packages with the following command: python3 -m pip install matplotlib EntropyAnalysis

Installation

python3 -m pip install ElfAnalyzer

git clone "https://github.com/mauricelambert/ElfAnalyzer.git"
cd "ElfAnalyzer"
python3 -m pip install .

Usages

Command line

ElfAnalyzer              # Using CLI package executable
python3 -m ElfAnalyzer   # Using python module
python3 ElfAnalyzer.pyz  # Using python executable
ElfAnalyzer.exe          # Using python Windows executable

./ElfAnalyzer.pyz ./local/ElfFile
ElfAnalyzer.exe -u https://github.com/mauricelambert/FastRC4/releases/download/v0.0.1/librc4.so
./ElfAnalyzer.pyz -v ./local/ElfFile
python3 ElfAnalyzer.pyz -c ./local/ElfFile

Python script

from ElfAnalyzer import *

file = open("./local/ElfFile", "rb")
elfindent, elf_headers, programs_headers, elf_sections, symbols_tables, comments, note_sections, notes, dynamics, sections = parse_elffile(file)
cli(elfindent, elf_headers, programs_headers, elf_sections, symbols_tables, comments, notes, dynamics, sections)
file.close()

Links

• Pypi
• Github
• Documentation
• Python executable
• Python Windows executable

License

Licensed under the GPL, version 3.