threatflux-binary-analysis 0.2.0

Comprehensive binary analysis library with multi-format support, disassembly, and security analysis
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

#![allow(clippy::uninlined_format_args)]
pub fn create_test_elf() -> Vec<u8> {
    let mut data = vec![0u8; 2048];

    let elf_header = [
        0x7f, 0x45, 0x4c, 0x46, // EI_MAG
        0x02, // 64-bit
        0x01, // little endian
        0x01, // version
        0x00, // osabi
        0x00, // abiversion
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // padding
        0x02, 0x00, // ET_EXEC
        0x3e, 0x00, // x86_64
        0x01, 0x00, 0x00, 0x00, // version
        0x00, 0x10, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, // entry
        0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // phoff
        0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // shoff
        0x00, 0x00, 0x00, 0x00, // flags
        0x40, 0x00, // ehsize
        0x38, 0x00, // phentsize
        0x02, 0x00, // phnum
        0x40, 0x00, // shentsize
        0x04, 0x00, // shnum
        0x03, 0x00, // shstrndx
    ];
    data[..64].copy_from_slice(&elf_header);

    let ph_load = [
        0x01, 0x00, 0x00, 0x00, // PT_LOAD
        0x05, 0x00, 0x00, 0x00, // flags R|X
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // offset
        0x00, 0x10, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, // vaddr
        0x00, 0x10, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, // paddr
        0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // filesz
        0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // memsz
        0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // align
    ];
    let ph_gnu_stack = [0u8; 56];
    data[64..120].copy_from_slice(&ph_load);
    data[120..176].copy_from_slice(&ph_gnu_stack);

    let sh_null = [0u8; 64];
    let sh_text = [
        0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x10, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00,
    ];
    let sh_shstrtab = [0u8; 64];
    data[1024..1088].copy_from_slice(&sh_null);
    data[1088..1152].copy_from_slice(&sh_text);
    data[1152..1216].copy_from_slice(&sh_shstrtab);

    let shstrtab = b"\0.text\0shstrtab\0";
    data[768..768 + shstrtab.len()].copy_from_slice(shstrtab);

    let instructions = [
        0x48, 0x89, 0xe5, 0x48, 0x83, 0xec, 0x10, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x48, 0x83, 0xc4,
        0x10, 0x5d, 0xc3,
    ];
    data[512..512 + instructions.len()].copy_from_slice(&instructions);

    data
}