美文网首页
Android 解析so文件

Android 解析so文件

作者: _凌浩雨 | 来源:发表于2018-07-03 11:00 被阅读22次
    1). so文件结构
    so文件结构.png
    2). elf文件的数据结构类
    public class ElfType32 {
        
        public elf32_rel rel;
        public elf32_rela rela;
        /**头部信息*/
        public elf32_hdr hdr;
        public List<elf32_sym> symList = new ArrayList<>();
        /**可能会有多个程序头*/
        public List<elf32_phdr> phdrList = new ArrayList<>();
        /**可能会有多个段头*/
        public List<elf32_shdr> shdrList = new ArrayList<>();
        /**可能会有多个字符串值*/
        public List<elf32_strtb> strtbList = new ArrayList<>();
        
        /**
         * typedef struct elf32_rel {
              Elf32_Addr    r_offset;
              Elf32_Word    r_info;
            } Elf32_Rel;
         */
        public class elf32_rel {
            public byte[] r_offset = new byte[4];
            public byte[] r_info = new byte[4];
            @Override
            public String toString(){
                return "r_offset: " + Util.bytesToHexString(r_offset) + ";r_info: " + Util.bytesToHexString(r_info);
            }
        }
        
        /**
         * typedef struct elf32_rela{
              Elf32_Addr    r_offset;
              Elf32_Word    r_info;
              Elf32_Sword   r_addend;
            } Elf32_Rela;
         */
        public class elf32_rela {
            public byte[] r_offset = new byte[4];
            public byte[] r_info = new byte[4];
            public byte[] r_addend = new byte[4];
            @Override
            public String toString(){
                return "r_offset: " + Util.bytesToHexString(r_offset) + ";r_info: " + Util.bytesToHexString(r_info)
                + ";r_addend: " + Util.bytesToHexString(r_info);
            }
        }
        
        /**
         * typedef struct elf32_sym{
              Elf32_Word    st_name;
              Elf32_Addr    st_value;
              Elf32_Word    st_size;
              unsigned char st_info;
              unsigned char st_other;
              Elf32_Half    st_shndx;
            } Elf32_Sym;
         */
        public static class elf32_sym {
            public byte[] st_name = new byte[4];
            public byte[] st_value = new byte[4];
            public byte[] st_size = new byte[4];
            public byte st_info;
            public byte st_other;
            public byte[] st_shndx = new byte[2];
            @Override
            public String toString(){
                return "st_name: " + Util.bytesToHexString(st_name) + "\nst_value: " + Util.bytesToHexString(st_value)
                        + "\nst_size: " + Util.bytesToHexString(st_size) + "\nst_info: " + (st_info/16)
                        + "\nst_other: " + (((short)st_other) & 0xF) + "\nst_shndx: " + Util.bytesToHexString(st_shndx);
            }
        }
        
        public void printSymList(){
            for(int i=0;i<symList.size();i++){
                System.out.println();
                System.out.println("The "+(i+1)+" Symbol Table:");
                System.out.println(symList.get(i).toString());
            }
        }
        
        // Bind字段--st_info
        public static final int STB_LOCAL = 0;
        public static final int STB_GLOBAL = 1;
        public static final int STB_WEAK = 2;
        // Type字段--st_other
        public static final int STB_NOTYPE = 0;
        public static final int STB_OBJECT = 1;
        public static final int STB_FUNC = 2;
        public static final int STB_SECTION = 3;
        public static final int STB_FILE = 4;
        /**
         * 这里需要注意的是还需要做一次转化
         *  #define ELF_ST_BIND(x)  ((x) >> 4)
         *  #define ELF_ST_TYPE(x)  (((unsigned int) x) & 0xf)
         */
        
        /**
         * typedef struct elf32_hdr{
              unsigned char e_ident[EI_NIDENT];
              Elf32_Half    e_type;
              Elf32_Half    e_machine;
              Elf32_Word    e_version;
              Elf32_Addr    e_entry;  // Entry point
              Elf32_Off e_phoff;
              Elf32_Off e_shoff;
              Elf32_Word    e_flags;
              Elf32_Half    e_ehsize;
              Elf32_Half    e_phentsize;
              Elf32_Half    e_phnum;
              Elf32_Half    e_shentsize;
              Elf32_Half    e_shnum;
              Elf32_Half    e_shstrndx;
            } Elf32_Ehdr;
         */
        public static class elf32_hdr {
            public byte[] e_ident = new byte[16];
            public byte[] e_type = new byte[2];
            public byte[] e_machine = new byte[2];
            public byte[] e_version = new byte[4];
            public byte[] e_entry = new byte[4];
            public byte[] e_phoff = new byte[4];
            public byte[] e_shoff = new byte[4];
            public byte[] e_flags = new byte[4];
            public byte[] e_ehsize = new byte[2];
            public byte[] e_phentsize = new byte[2];
            public byte[] e_phnum = new byte[2];
            public byte[] e_shentsize = new byte[2];
            public byte[] e_shnum = new byte[2];
            public byte[] e_shstrndx = new byte[2];
            @Override
            public String toString(){
                return  "magic: "+ Util.bytesToHexString(e_ident) + "\ne_type: "+ Util.bytesToHexString(e_type)
                        + "\ne_machine: " + Util.bytesToHexString(e_machine) + "\ne_version: "+ Util.bytesToHexString(e_version) 
                        + "\ne_entry: " + Util.bytesToHexString(e_entry) + "\ne_phoff: " + Util.bytesToHexString(e_phoff)
                        + "\ne_shoff: " + Util.bytesToHexString(e_shoff) + "\ne_flags: " + Util.bytesToHexString(e_flags)
                        + "\ne_ehsize: " + Util.bytesToHexString(e_ehsize) + "\ne_phentsize: " + Util.bytesToHexString(e_phentsize)
                        + "\ne_phnum: " + Util.bytesToHexString(e_phnum) + "\ne_shentsize: " + Util.bytesToHexString(e_shentsize)
                        + "\ne_shnum: " + Util.bytesToHexString(e_shnum) + "\ne_shstrndx: " + Util.bytesToHexString(e_shstrndx);
            }       
        }
        
        /**
         * typedef struct elf32_phdr{
              Elf32_Word    p_type;
              Elf32_Off p_offset;
              Elf32_Addr    p_vaddr;
              Elf32_Addr    p_paddr;
              Elf32_Word    p_filesz;
              Elf32_Word    p_memsz;
              Elf32_Word    p_flags;
              Elf32_Word    p_align;
            } Elf32_Phdr;
         */
        public static class elf32_phdr {
            public byte[] p_type = new byte[4];
            public byte[] p_offset = new byte[4];
            public byte[] p_vaddr = new byte[4];
            public byte[] p_paddr = new byte[4];
            public byte[] p_filesz = new byte[4];
            public byte[] p_memsz = new byte[4];
            public byte[] p_flags = new byte[4];
            public byte[] p_align = new byte[4];
            @Override
            public String toString(){
                return "p_type: " + Util.bytesToHexString(p_type) + "\np_offset: " + Util.bytesToHexString(p_offset)
                        + "\np_vaddr: " + Util.bytesToHexString(p_vaddr) + "\np_paddr: " + Util.bytesToHexString(p_paddr)
                        + "\np_filesz: " + Util.bytesToHexString(p_filesz) + "\np_memsz: " + Util.bytesToHexString(p_memsz)
                        + "\np_flags: " + Util.bytesToHexString(p_flags) + "\np_align: " + Util.bytesToHexString(p_align);
            }
    
        }
        
        public void printPhdrList(){
            for(int i=0;i<phdrList.size();i++){
                System.out.println();
                System.out.println("The "+(i+1)+" Program Header:");
                System.out.println(phdrList.get(i).toString());
            }
        }
    
        /**
         * typedef struct elf32_shdr {
              Elf32_Word    sh_name;
              Elf32_Word    sh_type;
              Elf32_Word    sh_flags;
              Elf32_Addr    sh_addr;
              Elf32_Off sh_offset;
              Elf32_Word    sh_size;
              Elf32_Word    sh_link;
              Elf32_Word    sh_info;
              Elf32_Word    sh_addralign;
              Elf32_Word    sh_entsize;
            } Elf32_Shdr;
         */
        public static class elf32_shdr {
            public byte[] sh_name = new byte[4];
            public byte[] sh_type = new byte[4];
            public byte[] sh_flags = new byte[4];
            public byte[] sh_addr = new byte[4];
            public byte[] sh_offset = new byte[4];
            public byte[] sh_size = new byte[4];
            public byte[] sh_link = new byte[4];
            public byte[] sh_info = new byte[4];
            public byte[] sh_addralign = new byte[4];
            public byte[] sh_entsize = new byte[4];
            @Override
            public String toString(){
                return "sh_name: " + Util.bytesToHexString(sh_name) + "\nsh_type: " + Util.bytesToHexString(sh_type)
                        + "\nsh_flags: " + Util.bytesToHexString(sh_flags) + "\nsh_add: " + Util.bytesToHexString(sh_addr)
                        + "\nsh_offset: " + Util.bytesToHexString(sh_offset) + "\nsh_size: " + Util.bytesToHexString(sh_size)
                        + "\nsh_link: " + Util.bytesToHexString(sh_link) + "\nsh_info: " + Util.bytesToHexString(sh_info)
                        + "\nsh_addralign: " + Util.bytesToHexString(sh_addralign) + "\nsh_entsize: " + Util.bytesToHexString(sh_entsize);
            }
    
        }
        
        /****************sh_type********************/
        public static final int SHT_NULL = 0;
        public static final int SHT_PROGBITS = 1;
        public static final int SHT_SYMTAB = 2;
        public static final int SHT_STRTAB = 3;
        public static final int SHT_RELA = 4;
        public static final int SHT_HASH = 5;
        public static final int SHT_DYNAMIC = 6;
        public static final int SHT_NOTE = 7;
        public static final int SHT_NOBITS = 8;
        public static final int SHT_REL = 9;
        public static final int SHT_SHLIB = 10;
        public static final int SHT_DYNSYM = 11;
        public static final int SHT_NUM = 12;
        public static final int SHT_LOPROC = 0x70000000;
        public static final int SHT_HIPROC = 0x7fffffff;
        public static final int SHT_LOUSER = 0x80000000;
        public static final int SHT_HIUSER = 0xffffffff;
        public static final int SHT_MIPS_LIST = 0x70000000;
        public static final int SHT_MIPS_CONFLICT = 0x70000002;
        public static final int SHT_MIPS_GPTAB = 0x70000003;
        public static final int SHT_MIPS_UCODE = 0x70000004;
        
        /*****************sh_flag***********************/
        public static final int SHF_WRITE = 0x1;
        public static final int SHF_ALLOC = 0x2;
        public static final int SHF_EXECINSTR = 0x4;
        public static final int SHF_MASKPROC = 0xf0000000;
        public static final int SHF_MIPS_GPREL = 0x10000000;
        
        public void printShdrList(){
            for(int i=0;i<shdrList.size();i++){
                System.out.println();
                System.out.println("The "+(i+1)+" Section Header:");
                System.out.println(shdrList.get(i));
            }
        }
    
        public static class elf32_strtb{
            public byte[] str_name;
            public int len;
            
            @Override
            public String toString(){
                return "str_name:"+str_name
                        +"len:"+len;
            }
        }   
    }
    
    3). 解析
    public class ParseMain {
        public final static String FILE_PATH = "so/libhello-jni.so";
        public static void main(String[] args) {
            // 读取二进制数据
            byte[] soBytes = getBytesFromFile(FILE_PATH);
            
            System.out.println("parse elf header ... ");
            ParseSoUtil.parseHeader(soBytes);
            System.out.println("======================================");
            
            System.out.println("parse program header ... ");
            ParseSoUtil.parseProgramHeaderList(soBytes);
            System.out.println("======================================");
            
            System.out.println("parse Section header ... ");
            ParseSoUtil.parseSectionHeaderList(soBytes);
            System.out.println("======================================");
            
            System.out.println("parse Symbol Table ... ");
            ParseSoUtil.parseSymbolTable(soBytes);
            System.out.println("======================================");
            
            System.out.println("parse String Table ... ");
            ParseSoUtil.parseStringTable(soBytes);
            System.out.println("======================================");
        }
        
        /**
         * 读取二进制数据
         * @param filePath 文件路径
         * @return
         */
        private static byte[] getBytesFromFile(String filePath) {
            byte[] soBytes = null;
            InputStream is = null;
            ByteArrayOutputStream baos = new ByteArrayOutputStream();
            try {
                is = new FileInputStream(filePath);
                byte[] bytes = new byte[1024];
                int len = 0;
                while((len = is.read(bytes)) != -1) {
                    baos.write(bytes, 0, len);
                }
                soBytes =  baos.toByteArray();
            } catch (Exception e) {
                e.printStackTrace();
            } finally {
                try {
                    baos.close();
                    is.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
            return soBytes;
        }
    }
    

    #参考文章

    Android逆向之旅---SO(ELF)文件格式详解

    #代码下载

    相关文章

      网友评论

          本文标题:Android 解析so文件

          本文链接:https://www.haomeiwen.com/subject/rcsduftx.html