threatflux-binary-analysis 0.2.0

Comprehensive binary analysis library with multi-format support, disassembly, and security analysis
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

use std::{env, fs};

pub type Result<T> = std::result::Result<T, Box<dyn std::error::Error>>;

#[allow(dead_code)]
pub fn read_binary_from_args() -> Result<Vec<u8>> {
    let mut args_iter = env::args();
    let program_name = args_iter.next().unwrap_or_else(|| "example".to_string());
    let file_path = args_iter.next();

    let data = if let Some(file_path) = file_path {
        println!("Analyzing binary file: {file_path}");
        fs::read(&file_path)?
    } else {
        println!("No binary file provided, using minimal ELF test data for demonstration");
        println!("Usage: {program_name} <binary_file>");
        println!();
        create_minimal_elf()
    };
    Ok(data)
}

#[allow(dead_code)]
pub fn create_minimal_elf() -> Vec<u8> {
    vec![
        // ELF Header
        0x7f, 0x45, 0x4c, 0x46, // Magic number
        0x02, // 64-bit
        0x01, // Little endian
        0x01, // Current version
        0x00, // Generic ABI
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // Padding
        0x02, 0x00, // Executable file
        0x3e, 0x00, // x86-64
        0x01, 0x00, 0x00, 0x00, // Version 1
        0x80, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, // Entry point
        0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // Program header offset
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // Section header offset
        0x00, 0x00, 0x00, 0x00, // Flags
        0x40, 0x00, // ELF header size
        0x38, 0x00, // Program header size
        0x01, 0x00, // Program header count
        0x40, 0x00, // Section header size
        0x00, 0x00, // Section header count
        0x00, 0x00, // Section name index
        // Program Header
        0x01, 0x00, 0x00, 0x00, // Type: LOAD
        0x05, 0x00, 0x00, 0x00, // Flags: R+X
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // Offset
        0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, // Virtual address
        0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, // Physical address
        0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // File size
        0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // Memory size
        0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // Alignment
        // Code section with simple x86-64 instructions
        0xb8, 0x3c, 0x00, 0x00, 0x00, // mov eax, 60 (sys_exit)
        0xbf, 0x00, 0x00, 0x00, 0x00, // mov edi, 0 (exit code)
        0x0f, 0x05, // syscall
    ]
}