WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Oblivionsage/elfpeek

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
assets
assets
 
 
include
include
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

elfpeek

elfpeek logo

C Linux ELF32 | ELF64 License Stars

No Dependencies Minimal RE Tool

Minimal ELF inspector with interactive REPL for quick binary analysis

elfpeek demo

Features

  • Interactive REPL with readline support (history, line editing)
  • Dynamic colored prompt - shows current file: (elfpeek:ls)
  • Colored hexdump - null (gray), printable (green), control (red), high bytes (yellow)
  • Colored sections - executable (green), writable (yellow), read-only (cyan)
  • ELF32/ELF64 support with little/big endian
  • Address resolver - maps VA to segment, section, file offset, nearest symbol
  • Symbol tables - both .dynsym and .symtab
  • No dependencies - only glibc and <elf.h>

Build

make

Optional: Install libreadline-dev for command history in REPL.

Usage

Interactive Mode

./elfpeek

One-shot Mode

./elfpeek /bin/ls           # show headers, sections, symbols
./elfpeek /bin/ls 0x6760    # resolve address

Commands

Command Alias Description
open <path> o Open ELF file
close Close current file
info i Show ELF header
sections s List section headers
phdr p List program headers
entry e Show entry point
symbols [dyn|sym] sym Dump symbol tables
resolve <addr> r Resolve virtual address
dump <.sec|@off> [n] d Hex dump (section or offset)
help ? Show help
quit q Exit

Color Coding

Sections:

  • Green = executable (.text, .plt)
  • Yellow = writable (.data, .bss)
  • Cyan = read-only (.rodata)

Hexdump:

  • Gray = null bytes (00)
  • Green = printable ASCII (20-7E)
  • Red = control characters (01-1F)
  • Yellow = high bytes (80-FF)

Why?

Not a replacement for readelf or objdump. Just a quick, focused tool for common RE questions:

  • What's the binary layout?
  • Which segment/section contains this address?
  • What's the file offset for this VA?
  • What bytes are at this location?
  • Which function owns this address?

Also serves as readable ELF parsing example in C. Handles stripped and segment-only binaries gracefully.

Test Binaries

tests/ contains sample ELF files:

File Description
elf32_le.bin 32-bit little-endian (i386)
elf32_be.bin 32-bit big-endian (PowerPC)
elf64_be.bin 64-bit big-endian (PowerPC64)
elf64_le_pie.bin PIE executable
elf64_le_static.bin Statically linked
elf64_le_dynsym_only.bin Stripped, dynsym only
elf64_le_so.bin Shared object
elf64_le_segments_only.bin No section headers

TODO

  • strings command - extract printable strings
  • relocs command - show relocations
  • got/plt analysis
  • Disassembly with capstone

License

MIT

About

Minimal ELF inspector written in C for quick binary layout inspection

Topics

c linux cli reverse-engineering elf binary-analysis security-tools elf-parser

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

9 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages