Allow to query RISC-V ELF binaries #23
Conversation
|
I think it makes sense to remove 98d980e from this PR. The reason I made that commit is because I struggled for a few hours to set up a development environment, until the combination of Nix flakes and poetry2nix saved the day. However, LIEF ( ldd _lief.so
linux-vdso.so.1 (0x00007ffff7fc6000)
libstdc++.so.6 => not found
libm.so.6 => /nix/store/dbwp0scbb0rk78m636sb7cvycz8xzgyh-glibc-2.39-52/lib/libm.so.6 (0x00007ffff771d000)
libc.so.6 => /nix/store/dbwp0scbb0rk78m636sb7cvycz8xzgyh-glibc-2.39-52/lib/libc.so.6 (0x00007ffff752f000)
/nix/store/dbwp0scbb0rk78m636sb7cvycz8xzgyh-glibc-2.39-52/lib64/ld-linux-x86-64.so.2 (0x00007ffff7fc8000)The only solution I was able to find for making |
|
I'll take a look. Originally I had flake.nix (i'm +1 a lot into Nix) but using non-published wheels was pretty onerous for LIEF. Can we split out the Nix stuff into a separate PR and just focus on the risc-v please? |
| @@ -233,6 +238,8 @@ def mode(binary: lief_ext.Binary) -> int: | |||
| def arch(binary: lief_ext.Binary) -> int: | |||
| if binary.header.machine_type == lief.ELF.ARCH.x86_64: | |||
| return cast(int, capstone.CS_ARCH_X86) | |||
| elif binary.header.machine_type == lief.ELF.ARCH.RISCV: | |||
There was a problem hiding this comment.
Change should really be what is in this file + the examples.
There was a problem hiding this comment.
Should I add the case for RISC-V 32 bit? I think that capstone and LIEF support it.
There was a problem hiding this comment.
sure if you can test it. :)
The Makefile examples are used in the GitHub CI via the Python tests
There was a problem hiding this comment.
Yeah I tried to run the tests locally but they failed because I am on NixOS and I don't have binaries like /bin/ls and /usr/bin/ruby.
The only "test" I did was executing the RISC-V ELF in QEMU and running a few queries on it.
Yes, I completely agree. Also, I don't know why pandas takes forever to compile (30+ minutes on my old ThinkPad L380). I get that it depends on numpy and scipy, but still... Do you know a better way to let the linker find |
|
You can change those to run |
|
Ping me when you think it's ready for a review. |
|
@fzakaria I cleaned up the README for the RISC-V example. Tell me if it's ok for you. I wanted to add a few scripts that could be run with poetry run, but then I realized this project is configured to use setuptools as its build system, not Poetry. |
|
Finally got NixOS working enough to review this -- will try by EOD. |
| @@ -0,0 +1,41 @@ | |||
| .section .text | |||
There was a problem hiding this comment.
probably intead of assembly could be cross-compiled C file with qemu to run.
This is fine though for now.
This PR addresses #22
RISC-V ELF binaries can now be analyzed like x86_64 ELF binaries.
Examples
Select the first 5 instructions in the entire ELF.
sqlelf examples/hello-riscv/exe --sql "SELECT * FROM elf_instructions LIMIT 5;"List the sections of an ELF file and sort them by binary size, in descending order.
sqlelf examples/hello-riscv/exe --sql "SELECT * FROM elf_sections ORDER BY size DESC"Find the 10 largest unexported symbols of the
.bsssection by binary size.