Tuesday, August 13, 2013

How to extract a single function from a ELF file

Simple bash script to disassemble a single function from a ELF file:
#!/bin/bash

SECTION=$1
IN=$2

i=`nm -S --size-sort $IN | grep "\<$SECTION\>" | \
        awk '{print toupper($1),toupper($2)}'`
echo "$i" | while read line; do
        start=${line%% *}
        size=${line##* }
        end=`echo "obase=16; ibase=16; $start + $size" | bc -l`
        objdump -d --section=.text \
                   --start-address="0x$start" \
                   --stop-address="0x$end" $IN
done
We may also want to generate a "binary" dump of the function (i.e., to do a binary copy of the function to a separate file); in this case the script becomes the following:
#!/bin/bash

SECTION=$1
IN=$2

i=`nm -S --size-sort $IN | grep "\<$SECTION\>" |
        awk '{print toupper($1),toupper($2)}'`
echo "$i" | while read line; do
        start=${line%% *}
        size=${line##* }
        end=`echo "obase=16; ibase=16; $start + $size" | bc -l`
        objdump -d --section=.text \
                   --start-address="0x$start" \
                   --stop-address="0x$end" $IN | \
                grep '[0-9a-f]:' | \
                cut -f2 -d: | \
                cut -f1-7 -d' ' | \
                tr -s ' ' | \
                tr '\t' ' ' | \
                sed 's/ $//g' | \
                sed 's/ /\\x/g' | \
                paste -d '' -s | \
                sed 's/^/"/' | \
                sed 's/$/"/g' | \
                sed 's:.*:echo -ne &:' | /bin/bash
done
Enjoy!

No comments:

Post a Comment