Library to read and edit files in the following formats: Executable and Linking Format (ELF), Portable Executable (PE), MachO and OAT (Android Runtime)

Stars: ✭ 105 (+425%)

Mutual labels: mach-o, elf

Fcd

An optimizing decompiler

Stars: ✭ 622 (+3010%)

Mutual labels: mach-o, elf

Cave miner

Search for code cave in all binaries

Stars: ✭ 218 (+990%)

Mutual labels: mach-o, elf

Cwerg

A light-weight compiler backend

Stars: ✭ 207 (+935%)

Mutual labels: elf

stoomboot

An x86 real mode multiboot-ish ELF bootloader

Stars: ✭ 19 (-5%)

Mutual labels: elf

ocean

Programming language that compiles into a x86 ELF executable.

Stars: ✭ 164 (+720%)

Mutual labels: elf

golang-debugger-book

From a debugger's view, Let's explore the computer world! How does compiler, linker and debugger coordinate with each other around the program written in specific programming language? How does a debugger work? If we develop a debugger for go programming language, we must master go type system, runtime... and some Operating System internals. OK,…

Stars: ✭ 49 (+145%)

Mutual labels: elf

Automated-Malware-Analysis-List

My personal Automated Malware Analysis Sandboxes and Services

Stars: ✭ 20 (+0%)

Mutual labels: elf

byteripper

A tool to extract code from individual functions in a library.

Stars: ✭ 14 (-30%)

Mutual labels: elf

evilELF

Malicious use of ELF such as .so inject, func hook and so on.

Stars: ✭ 56 (+180%)

Mutual labels: elf

ELFDump

ELFDump is a C parser for ELF64 object files.

Stars: ✭ 15 (-25%)

Mutual labels: elf

C-Experiments

Experiments on C/C++ Exploits

Stars: ✭ 19 (-5%)

Mutual labels: elf

dirt

x86 assembler in scheme

Stars: ✭ 27 (+35%)

Mutual labels: elf

pakkero

Pakkero is a binary packer written in Go made for fun and educational purpose. Its main goal is to take in input a program file (elf binary, script, even appimage) and compress it, protect it from tampering and intrusion.

Stars: ✭ 143 (+615%)

Mutual labels: elf

gocave

Finding code caves in ELF files with GoLang

Stars: ✭ 22 (+10%)

Mutual labels: elf

goelftools

Library for parsing ELF files written in pure Go.

Stars: ✭ 26 (+30%)

Mutual labels: elf

HatVenom

HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.

Stars: ✭ 84 (+320%)

Mutual labels: elf

fileless-elf-exec

Execute ELF files without dropping them on disk

Stars: ✭ 237 (+1085%)

Mutual labels: elf

View All Similar Projects ➔

Symbol Collector

Collect system symbols from different devices like Android, macOS, Linux, etc. It involves a server that writes the symbols to Google cloud storage and a set of clients.

Uploading symbols

Client applications

Current clients are:

Android
macOS
Linux

The client applications will parse files and make sure they are valid ELF, Mach-O, Fat Binary, etc. Besides that, before uploading it to the server, it will make a HEAD request with the image build id to make sure this file is still missing, to avoid wasting time and bandwidth uploading redundant files.

Looking for system images in the filesystem and the HTTP requests happen in parallel, so to go through GBs and thousands of files takes only a few seconds. Finally, the client apps will upload its internal metrics to help reconcile the batch results and troubleshoot any issues.

cURL

Although using the client programs is strongly recommended, it's possible to upload files via HTTP.

For example, uploading a batch of Android symbols:

Create a batch:

export batchId=$(uuidgen)
export batchFriendlyName="Android 4.4.4 - Sony Xperia"
export batchType="Android"
export body='{"BatchFriendlyName":"'$batchFriendlyName'","BatchType":"'$batchType'"}'
export server=http://localhost:5000

curl -sD - --header "Content-Type: application/json" --request POST \
  --data "$body" \
  $server/symbol/batch/$batchId/start

Upload files:

curl -i \
  -F "libxamarin-app-arm64-v8a.so=@test/TestFiles/libxamarin-app-arm64-v8a.so" \
  -F "libxamarin-app.so=@test/TestFiles/libxamarin-app.so" \
  $server/symbol/batch/$batchId/upload

Close batch (without providing metrics):

curl -sD - --header "Content-Type: application/json" --request POST \
  --data "{}" \
  $server/symbol/batch/$batchId/close

Why are you doing this?

In order to stack unwind from a memory dump, every loaded image involved in the call stack needs to be available. Unwind information is not in the debug files but in the libraries instead. This project allows collecting these libraries so that native crash processing can be done on the backend as opposed to stackwalking on the client.

Releases

The Releases page in this repository include builds for Android (apk), native CLIs for macOS and Linux (self contained), and the server.

Building from source

Dependencies

This project includes an Android app, an ASP.NET Core server and a Console apps as CLI clients for macOS and Linux. The build script build.sh is focused on building all the components which means you'd need all the dependencies below.

Server and Console app

To build the Server, Libraries and the Console app (aka: everything except the Android app) you'll need:

.NET 6 SDK

Android app

To build the Android project you need:

JDK 11
.NET Android workload: dotnet workload install android

Resources

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

getsentry / symbol-collector

Programming Languages

Labels

Projects that are alternatives of or similar to symbol-collector

Symbol Collector

Uploading symbols

Client applications

cURL

Why are you doing this?

Releases

Building from source

Dependencies

Server and Console app

Android app

Resources