ELF API #282

Frank01001 · 2025-09-26T08:13:40Z

This draft PR introduces an API to inspect ELF files associated with the traced process — both the main binary and its libraries.
Libraries are parsed when loaded by the OS interpreter at process start, as well as when dynamically loaded at runtime via dlopen.

The new ELF inspection API provides access to detailed information such as:

Build ID
Sections and dynamic sections
Symbols
Program headers
GNU Properties
Runtime security mitigations (work in progress)

Current Status

✅ Python objects for relevant ELF structures
✅ Nanobind implementation for parsing ELF objects
✅ Parsing of libraries
✅ Parsing of security mitigations
✅ Reorganization into a single nanobind module (excluding symbols, which are to be kept separate)
✅ Documentation
⬜ Test suite

Notes

This PR is still in draft form — many features and improvements are ongoing.

This pr addresses #188

…vements to the general API

… of GNU Note Properties needed for runtime mitigation parsing

…retty printing.

…cognition of runtime mitigations when binary is running

…ations and pretty printing

Frank01001 added 10 commits August 23, 2025 11:49

feat: native code to parse sections

456df0a

feat: Implemented ELF class and python Section objects

3ab7005

Merge remote-tracking branch 'origin' into sections

afba25e

feat: symbols API + cached parsing

a5ae4ac

feat: finished binary and libs API

b0da8fd

feat: Partial implementation of parsing of dynamic sections and impro…

1e0c9fa

…vements to the general API

feat: Finished parsing of dynamic sections and libraries

ff955c8

fix: Addressed issues with dynamic sections after manual check

5e5a3a5

chore: good practice and fixes to pydoc on dynamic sections

028239c

feat: parsing of program headers

d607972

Frank01001 self-assigned this Sep 26, 2025

Frank01001 added the enhancement New feature or request label Sep 26, 2025

Frank01001 added 10 commits October 1, 2025 22:03

feat: major refactor and improvements to ELF API + introduced parsing…

6726b48

… of GNU Note Properties needed for runtime mitigation parsing

fix: typos causing exceptions and wrong tab

edb3ee5

feat: first implementation of Linux runtime mitigations parsing and p…

27f6acb

…retty printing.

fix: deduplicate GNU features from section and segment

dfa1c03

test: test binaries for mitigations

4554989

fix: fixes for broken filtering and typing mistake

63e885b

docs: first draft of ELF API documentation

5f46527

fix: fixes for compilation errors, symbols not being loaded and misre…

ed22db7

…cognition of runtime mitigations when binary is running

fix: pprint correction for NX mitigation

0793093

feat: finished draft of the documentation for the Linux Runtime Mitig…

f472bd4

…ations and pretty printing

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

ELF API #282

ELF API #282

Uh oh!

Frank01001 commented Sep 26, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

ELF API #282

Are you sure you want to change the base?

ELF API #282

Uh oh!

Conversation

Frank01001 commented Sep 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Current Status

Notes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Frank01001 commented Sep 26, 2025 •

edited

Loading