cle — Binary Loader #

find_loadable_containing(addr, skip_pseudo_objects=True)[source]#

Find the section or segment object the address belongs to. Sections will only be used if the corresponding object does not have segments.

Parameters:

addr – The address to test
skip_pseudo_objects – Skip objects that CLE adds during loading.

Returns:

The section or segment that the address belongs to, or None if the address does not belong to any section or segment.

find_section_next_to(addr, skip_pseudo_objects=True)[source]#

Find the next section after the given address.

Parameters:

addr (int) – The address to test.
skip_pseudo_objects (bool) – Skip objects that CLE adds during loading.

Returns:

The next section that goes after the given address, or None if there is no section after the address, or if section information is not available.

Return type:

find_symbol(thing, fuzzy=False)[source]#

Search for the symbol with the given name or address.

Parameters:

thing – Either the name or address of a symbol to look up
fuzzy – Set to True to return the first symbol before or at the given address

Returns:

A cle.backends.Symbol object if found, None otherwise.

property symbols#

find_all_symbols(name, exclude_imports=True, exclude_externs=False, exclude_forwards=True)[source]#

Iterate over all symbols present in the set of loaded binaries that have the given name

Parameters:

name – The name to search for
exclude_imports – Whether to exclude import symbols. Default True.
exclude_externs – Whether to exclude symbols in the extern object. Default False.
exclude_forwards – Whether to exclude forward symbols. Default True.

find_plt_stub_name(addr)[source]#: Return the name of the PLT stub starting at addr.

find_relevant_relocations(name)[source]#: Iterate through all the relocations referring to the symbol with the given name

perform_irelative_relocs(resolver_func)[source]#

Use this method to satisfy IRelative relocations in the binary that require execution of loaded code.

Note that this does NOT handle IFunc symbols, which must be handled separately. (this could be changed, but at the moment it’s desirable to support lazy IFunc resolution, since emulation is usually slow)

Parameters:: resolver_func – A callback function that takes an address, runs the code at that address, and returns the return value from the emulated function.

dynamic_load(spec)[source]#

Load a file into the address space. Note that the sematics of auto_load_libs and except_missing_libs apply at all times.

Parameters:: spec – The path to the file to load. May be an absolute path, a relative path, or a name to search in the load path.
Returns:: A list of all the objects successfully loaded, which may be empty if this object was previously loaded. If the object specified in spec failed to load for any reason, including the file not being found, return None.

get_loader_symbolic_constraints()[source]#: Do not use this method.

fast_memory_load_pointer(addr, size=None)[source]#

Perform a fast memory loading of a pointer.

Parameters:

addr (int) – Address to read from.
size (Optional[int]) – Size of the pointer. Default to machine-word size.

Return type:

Optional[int]

Returns:

A pointer or None if the address does not exist.

class cle.Clemory(arch, root=False)[source]#

Bases: ClemoryBase

An object representing a memory space.

Accesses can be made with [index] notation.

consecutive#

min_addr#

max_addr#

add_backer(start, data, overwrite=False)[source]#

Adds a backer to the memory.

Parameters:

start – The address where the backer should be loaded.
data – The backer itself. Can be either a bytestring or another Clemory.
overwrite – If True and the range overlaps any existing backer, the existing backer will be split up and the overlapping part will be replaced with the new backer.

split_backer(addr)[source]#: Ensures that addr is the start of a backer, if it is backed.

update_backer(start, data)[source]#

remove_backer(start)[source]#

backers(addr=0)[source]#

Iterate through each backer for this clemory and all its children, yielding tuples of (start_addr, backer) where each backer is a bytearray.

Parameters:: addr – An optional starting address - all backers before and not including this address will be skipped.

load(addr, n)[source]#

Read up to n bytes at address addr in memory and return a bytes object.

Reading will stop at the beginning of the first unallocated region found, or when n bytes have been read.

store(addr, data)[source]#

Write bytes from data at address addr.

Note: If the store runs off the end of a backer and into unbacked space, this function will update the backer but also raise KeyError.

find(data, search_min=None, search_max=None)[source]#

Find all occurances of a bytestring in memory.

Parameters:

data (bytes) – The bytestring to search for
search_min (int) – Optional: The first address to include as valid
search_max (int) – Optional: The last address to include as valid

Return Iterator[int]:

Iterates over addresses at which the bytestring occurs

close()#

pack(addr, fmt, *data)#: Use the struct module to pack data into memory at address addr with the format fmt.

pack_word(addr, data, size=None, signed=False, endness=None)#

Use the struct module to pack a single integer data into memory at the address addr.

You may override any of the attributes of the word being packed:

Parameters:

size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)
signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned
endness (archinfo.Endness) – The endian to use in packing/unpacking. Defaults to memory endness

read(nbytes)#

The stream-like function that reads up to a number of bytes starting from the current position and updates the current position. Use with seek().

Up to nbytes bytes will be read, halting at the beginning of the first unmapped region encountered.

seek(value)#

The stream-like function that sets the “file’s” current position. Use with read().

Parameters:: value – The position to seek to.

tell()#

unpack(addr, fmt)#: Use the struct module to unpack the data at address addr with the format fmt.

unpack_word(addr, size=None, signed=False, endness=None)#

Use the struct module to unpack a single integer from the address addr.

You may override any of the attributes of the word being extracted:

Parameters:

size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)
signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned
endness (archinfo.Endness) – The endian to use in packing/unpacking. Defaults to memory endness

class cle.ClemoryBase(arch)[source]#

Bases: object

load(addr, n)[source]#

store(addr, data)[source]#

backers(addr=0)[source]#

find(data, search_min=None, search_max=None)[source]#

unpack(addr, fmt)[source]#: Use the struct module to unpack the data at address addr with the format fmt.

unpack_word(addr, size=None, signed=False, endness=None)[source]#

Use the struct module to unpack a single integer from the address addr.

You may override any of the attributes of the word being extracted:

Parameters:

size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)
signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned
endness (archinfo.Endness) – The endian to use in packing/unpacking. Defaults to memory endness

pack(addr, fmt, *data)[source]#: Use the struct module to pack data into memory at address addr with the format fmt.

pack_word(addr, data, size=None, signed=False, endness=None)[source]#

Use the struct module to pack a single integer data into memory at the address addr.

You may override any of the attributes of the word being packed:

Parameters:

size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)
signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned
endness (archinfo.Endness) – The endian to use in packing/unpacking. Defaults to memory endness

read(nbytes)[source]#

The stream-like function that reads up to a number of bytes starting from the current position and updates the current position. Use with seek().

Up to nbytes bytes will be read, halting at the beginning of the first unmapped region encountered.

seek(value)[source]#

The stream-like function that sets the “file’s” current position. Use with read().

Parameters:: value – The position to seek to.

tell()[source]#

close()[source]#

class cle.ClemoryView(backer, start, end, offset=0)[source]#

Bases: ClemoryBase

backers(addr=0)[source]#

load(addr, n)[source]#

store(addr, data)[source]#

find(data, search_min=None, search_max=None)[source]#

close()#

pack(addr, fmt, *data)#: Use the struct module to pack data into memory at address addr with the format fmt.

pack_word(addr, data, size=None, signed=False, endness=None)#

Use the struct module to pack a single integer data into memory at the address addr.

You may override any of the attributes of the word being packed:

Parameters:

size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)
signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned
endness (archinfo.Endness) – The endian to use in packing/unpacking. Defaults to memory endness

read(nbytes)#

The stream-like function that reads up to a number of bytes starting from the current position and updates the current position. Use with seek().

Up to nbytes bytes will be read, halting at the beginning of the first unmapped region encountered.

seek(value)#

The stream-like function that sets the “file’s” current position. Use with read().

Parameters:: value – The position to seek to.

tell()#

unpack(addr, fmt)#: Use the struct module to unpack the data at address addr with the format fmt.

unpack_word(addr, size=None, signed=False, endness=None)#

Use the struct module to unpack a single integer from the address addr.

You may override any of the attributes of the word being extracted:

Parameters:

size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)
signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned
endness (archinfo.Endness) – The endian to use in packing/unpacking. Defaults to memory endness

class cle.ClemoryTranslator(backer, func)[source]#

Bases: ClemoryBase

Uses a function to translate between address spaces when accessing a child clemory. Intended to be used only as a stream object.

Parameters:: backer (ClemoryBase) –

load(addr, n)[source]#

store(addr, data)[source]#

backers(addr=0)[source]#

find(data, search_min=None, search_max=None)[source]#

close()#

pack(addr, fmt, *data)#: Use the struct module to pack data into memory at address addr with the format fmt.

pack_word(addr, data, size=None, signed=False, endness=None)#

Use the struct module to pack a single integer data into memory at the address addr.

You may override any of the attributes of the word being packed:

Parameters:

size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)
signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned
endness (archinfo.Endness) – The endian to use in packing/unpacking. Defaults to memory endness

read(nbytes)#

The stream-like function that reads up to a number of bytes starting from the current position and updates the current position. Use with seek().

Up to nbytes bytes will be read, halting at the beginning of the first unmapped region encountered.

seek(value)#

The stream-like function that sets the “file’s” current position. Use with read().

Parameters:: value – The position to seek to.

tell()#

unpack(addr, fmt)#: Use the struct module to unpack the data at address addr with the format fmt.

unpack_word(addr, size=None, signed=False, endness=None)#

Use the struct module to unpack a single integer from the address addr.

You may override any of the attributes of the word being extracted:

Parameters:

size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)
signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned
endness (archinfo.Endness) – The endian to use in packing/unpacking. Defaults to memory endness

class cle.UninitializedClemory(arch, size)[source]#

Bases: Clemory

A special kind of Clemory that acts as a placeholder for uninitialized and invalid memory. This is needed for the PAGEZERO segment for MachO binaries, which is 4GB worth of memory This does _not_ handle data being written to it, this is only for uninitialized memory that is technically occupied but should never be accessed

max_addr#

add_backer(start, data, overwrite=False)[source]#

Adds a backer to the memory.

Parameters:

start – The address where the backer should be loaded.
data – The backer itself. Can be either a bytestring or another Clemory.
overwrite – If True and the range overlaps any existing backer, the existing backer will be split up and the overlapping part will be replaced with the new backer.

split_backer(addr)[source]#: Ensures that addr is the start of a backer, if it is backed.

update_backer(start, data)[source]#

remove_backer(start)[source]#

backers(addr=0)[source]#: Technically this object has no real backer We could create a fake backer on demand, but that would be a waste of memory, and code like the function prolog discovery for MachO binaries would search 4GB worth of nullbytes for a prolog, which is a waste of time Instead we just return an empty byte array, which seems to pass the test cases :type addr: :param addr: :return:

load(addr, n)[source]#

Read up to n bytes at address addr in memory and return a bytes object.

Reading will stop at the beginning of the first unallocated region found, or when n bytes have been read.

store(addr, data)[source]#

Write bytes from data at address addr.

Note: If the store runs off the end of a backer and into unbacked space, this function will update the backer but also raise KeyError.

find(data, search_min=None, search_max=None)[source]#: The memory has no value, so matter what is searched for, it won’t be found. :type data: :param data: :type search_min: :param search_min: :type search_max: :param search_max: :return:

consecutive#

min_addr#

close()#

pack(addr, fmt, *data)#: Use the struct module to pack data into memory at address addr with the format fmt.

pack_word(addr, data, size=None, signed=False, endness=None)#

Use the struct module to pack a single integer data into memory at the address addr.

You may override any of the attributes of the word being packed:

Parameters:

size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)
signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned
endness (archinfo.Endness) – The endian to use in packing/unpacking. Defaults to memory endness

read(nbytes)#

The stream-like function that reads up to a number of bytes starting from the current position and updates the current position. Use with seek().

Up to nbytes bytes will be read, halting at the beginning of the first unmapped region encountered.

seek(value)#

The stream-like function that sets the “file’s” current position. Use with read().

Parameters:: value – The position to seek to.

tell()#

unpack(addr, fmt)#: Use the struct module to unpack the data at address addr with the format fmt.

unpack_word(addr, size=None, signed=False, endness=None)#

Use the struct module to unpack a single integer from the address addr.

You may override any of the attributes of the word being extracted:

Parameters:

size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)
signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned
endness (archinfo.Endness) – The endian to use in packing/unpacking. Defaults to memory endness

class cle.PatchedStream(stream, patches)[source]#

Bases: object

An object that wraps a readable stream, performing passthroughs on seek and read operations, except to make it seem like the data has actually been patched by the given patches.

read(*args, **kwargs)[source]#

seek(*args, **kwargs)[source]#

tell()[source]#

close()[source]#

class cle.AddressTranslator(rva, owner)[source]#

Bases: object

classmethod from_lva(lva, owner)[source]#: Loads address translator with LVA

classmethod from_mva(mva, owner)[source]#: Loads address translator with MVA

classmethod from_rva(rva, owner)[source]#: Loads address translator with RVA

classmethod from_raw(raw, owner)[source]#: Loads address translator with RAW address

classmethod from_linked_va(lva, owner)#: Loads address translator with LVA

classmethod from_va(mva, owner)#: Loads address translator with MVA

classmethod from_mapped_va(mva, owner)#: Loads address translator with MVA

classmethod from_relative_va(rva, owner)#: Loads address translator with RVA

to_lva()[source]#: VA -> LVA :rtype: int

to_mva()[source]#: RVA -> MVA :rtype: int

to_rva()[source]#: RVA -> RVA :rtype: int

to_raw()[source]#: RVA -> RAW :rtype: int

to_linked_va()#: VA -> LVA :rtype: int

to_va()#: RVA -> MVA :rtype: int

to_mapped_va()#: RVA -> MVA :rtype: int

to_relative_va()#: RVA -> RVA :rtype: int

cle.AT#: alias of AddressTranslator

class cle.Symbol(owner, name, relative_addr, size, sym_type)[source]#

Bases: object

Representation of a symbol from a binary file. Smart enough to rebase itself.

There should never be more than one Symbol instance representing a single symbol. To make sure of this, only use the cle.backends.Backend.get_symbol() to create new symbols.

Variables:

owner (cle.backends.Backend) – The object that contains this symbol
name (str) – The name of this symbol
addr (int) – The un-based address of this symbol, an RVA
size (int) – The size of this symbol
_type – The ABI-agnostic type of this symbol
resolved (bool) – Whether this import symbol has been resolved to a real symbol
resolvedby (None or cle.backends.Symbol) – The real symbol this import symbol has been resolve to
resolvewith (str) – The name of the library we must use to resolve this symbol, or None if none is required.

Parameters:

owner (Backend) –
name (str) –
relative_addr (int) –
size (int) –
sym_type (SymbolType) –

resolve(obj)[source]#

property type: SymbolType#: The ABI-agnostic SymbolType. Must be overridden by derived types.

property subtype: SymbolSubType#: A subclass’ ABI-specific types

property rebased_addr#: The address of this symbol in the global memory space

property linked_addr#

property is_function#: Whether this symbol is a function

is_static = False#

is_common = False#

is_import = False#

is_export = False#

is_local = False#

is_weak = False#

is_extern = False#

is_forward = False#

resolve_forwarder()[source]#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property owner_obj#

class cle.SymbolType(value)[source]#

Bases: Enum

ABI-agnostic symbol types

TYPE_OTHER = 0#

TYPE_NONE = 1#

TYPE_FUNCTION = 2#

TYPE_OBJECT = 3#

TYPE_SECTION = 4#

TYPE_TLS_OBJECT = 5#

class cle.SymbolSubType(value)[source]#

Bases: Enum

Abstract base class for ABI-specific symbol types

to_base_type()[source]#

A subclass’ ABI-specific mapping to :SymbolType:

Return type:: SymbolType

class cle.TE(*args, **kwargs)[source]#

Bases: Backend

A “Terse Executable” format image, commonly used as part of UEFI firmware drivers.

is_default = True#

classmethod is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.UefiFirmware(*args, **kwargs)[source]#

Bases: Backend

A UEFI firmware blob loader. Support is provided by the uefi_firmware package.

is_default = True#

classmethod is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

arch: Optional[archinfo.Arch]#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

Loading Interface#

class cle.loader.Loader(main_binary, auto_load_libs=True, concrete_target=None, force_load_libs=(), skip_libs=(), main_opts=None, lib_opts=None, ld_path=(), use_system_libs=True, ignore_import_version_numbers=True, case_insensitive=False, rebase_granularity=1048576, except_missing_libs=False, aslr=False, perform_relocations=True, load_debug_info=False, page_size=1, preload_libs=(), arch=None)[source]#

Bases: object

The loader loads all the objects and exports an abstraction of the memory of the process. What you see here is an address space with loaded and rebased binaries.

Parameters:: main_binary – The path to the main binary you’re loading, or a file-like object with the binary in it.

The following parameters are optional.

Parameters:

auto_load_libs – Whether to automatically load shared libraries that loaded objects depend on.
load_debug_info – Whether to automatically parse DWARF data and search for debug symbol files.
concrete_target – Whether to instantiate a concrete target for a concrete execution of the process. if this is the case we will need to instantiate a SimConcreteEngine that wraps the ConcreteTarget provided by the user.
force_load_libs – A list of libraries to load regardless of if they’re required by a loaded object.
skip_libs – A list of libraries to never load, even if they’re required by a loaded object.
main_opts – A dictionary of options to be used loading the main binary.
lib_opts – A dictionary mapping library names to the dictionaries of options to be used when loading them.
ld_path – A list of paths in which we can search for shared libraries.
use_system_libs – Whether or not to search the system load path for requested libraries. Default True.
ignore_import_version_numbers – Whether libraries with different version numbers in the filename will be considered equivalent, for example libc.so.6 and libc.so.0
case_insensitive – If this is set to True, filesystem loads will be done case-insensitively regardless of the case-sensitivity of the underlying filesystem.
rebase_granularity – The alignment to use for rebasing shared objects
except_missing_libs – Throw an exception when a shared library can’t be found.
aslr – Load libraries in symbolic address space. Do not use this option.
page_size – The granularity with which data is mapped into memory. Set to 0x1000 if you are working in an environment where data will always be memory mapped in a page-graunlar way.
preload_libs – Similar to force_load_libs but will provide for symbol resolution, with precedence over any dependencies.

Variables:

memory (cle.memory.Clemory) – The loaded, rebased, and relocated memory of the program.
main_object – The object representing the main binary (i.e., the executable).
shared_objects – A dictionary mapping loaded library names to the objects representing them.
all_objects – A list containing representations of all the different objects loaded.
requested_names – A set containing the names of all the different shared libraries that were marked as a dependency by somebody.
initial_load_objects – A list of all the objects that were loaded as a result of the initial load request.

When reference is made to a dictionary of options, it requires a dictionary with zero or more of the following keys:

backend : “elf”, “pe”, “mach-o”, “blob” : which loader backend to use
arch : The archinfo.Arch object to use for the binary
base_addr : The address to rebase the object at
entry_point : The entry point to use for the object

More keys are defined on a per-backend basis.

memory: Optional[Clemory]#

main_object: Optional[Backend]#

tls: Optional[ThreadManager]#

all_objects: List[Backend]#

close()[source]#

property max_addr#: The maximum address loaded as part of any loaded object (i.e., the whole address space).

property min_addr#: The minimum address loaded as part of any loaded object (i.e., the whole address space).

property initializers#: Return a list of all the initializers that should be run before execution reaches the entry point, in the order they should be run.

property finalizers#: Return a list of all the finalizers that should be run before the program exits. I’m not sure what order they should be run in.

property linux_loader_object#: If the linux dynamic loader is present in memory, return it

property elfcore_object#: If a corefile was loaded, this returns the actual core object instead of the main binary

property extern_object#

Return the extern object used to provide addresses to unresolved symbols and angr internals.

Accessing this property will load this object into memory if it was not previously present.

proposed model for how multiple extern objects should work:

extern objects are a linked list. the one in loader._extern_object is the head of the list

each round of explicit loads generates a new extern object if it has unresolved dependencies. this object has exactly the size necessary to hold all its exports.

All requests for size are passed down the chain until they reach an object which has the space to service it or an object which has not yet been mapped. If all objects have been mapped and are full, a new extern object is mapped with a fixed size.

property kernel_object: KernelObject#

Return the object used to provide addresses to syscalls.

Accessing this property will load this object into memory if it was not previously present.

property all_elf_objects#: Return a list of every object that was loaded from an ELF file.

property all_pe_objects#: Return a list of every object that was loaded from an ELF file.

property missing_dependencies#: Return a set of every name that was requested as a shared object dependency but could not be loaded

property auto_load_libs#

describe_addr(addr)[source]#

Returns a textual description of what’s in memory at the provided address

Return type:: str

find_object(spec, extra_objects=())[source]#: If the given library specification has been loaded, return its object, otherwise return None.

find_object_containing(addr, membership_check=True)[source]#

Return the object that contains the given address, or None if the address is unmapped.

Parameters:

addr (int) – The address that should be contained in the object.
membership_check (bool) – Whether a membership check should be performed or not (True by default). This option can be set to False if you are certain that the target object does not have “holes”.

Returns:

The object or None.

find_segment_containing(addr, skip_pseudo_objects=True)[source]#

Find the section object that the address belongs to.

Parameters:

addr (int) – The address to test
skip_pseudo_objects (bool) – Skip objects that CLE adds during loading.

Returns:

The section that the address belongs to, or None if the address does not belong to any section, or if section information is not available.

Return type:

cle.Segment

find_section_containing(addr, skip_pseudo_objects=True)[source]#

Find the section object that the address belongs to.

Parameters:

addr (int) – The address to test.
skip_pseudo_objects (bool) – Skip objects that CLE adds during loading.

Returns:

The section that the address belongs to, or None if the address does not belong to any section, or if section information is not available.

Return type:

find_loadable_containing(addr, skip_pseudo_objects=True)[source]#

Find the section or segment object the address belongs to. Sections will only be used if the corresponding object does not have segments.

Parameters:

addr – The address to test
skip_pseudo_objects – Skip objects that CLE adds during loading.

Returns:

The section or segment that the address belongs to, or None if the address does not belong to any section or segment.

find_section_next_to(addr, skip_pseudo_objects=True)[source]#

Find the next section after the given address.

Parameters:

addr (int) – The address to test.
skip_pseudo_objects (bool) – Skip objects that CLE adds during loading.

Returns:

The next section that goes after the given address, or None if there is no section after the address, or if section information is not available.

Return type:

See : https://github.com/CyberGrandChallenge/libcgcef/blob/master/cgc_executable_format.md

find_symbol(thing, fuzzy=False)[source]#

Search for the symbol with the given name or address.

Parameters:

thing – Either the name or address of a symbol to look up
fuzzy – Set to True to return the first symbol before or at the given address

Returns:

A cle.backends.Symbol object if found, None otherwise.

property symbols#

find_all_symbols(name, exclude_imports=True, exclude_externs=False, exclude_forwards=True)[source]#

Iterate over all symbols present in the set of loaded binaries that have the given name

Parameters:

name – The name to search for
exclude_imports – Whether to exclude import symbols. Default True.
exclude_externs – Whether to exclude symbols in the extern object. Default False.
exclude_forwards – Whether to exclude forward symbols. Default True.

find_plt_stub_name(addr)[source]#: Return the name of the PLT stub starting at addr.

find_relevant_relocations(name)[source]#: Iterate through all the relocations referring to the symbol with the given name

perform_irelative_relocs(resolver_func)[source]#

Use this method to satisfy IRelative relocations in the binary that require execution of loaded code.

Parameters:: resolver_func – A callback function that takes an address, runs the code at that address, and returns the return value from the emulated function.

dynamic_load(spec)[source]#

Load a file into the address space. Note that the sematics of auto_load_libs and except_missing_libs apply at all times.

Parameters:: spec – The path to the file to load. May be an absolute path, a relative path, or a name to search in the load path.
Returns:: A list of all the objects successfully loaded, which may be empty if this object was previously loaded. If the object specified in spec failed to load for any reason, including the file not being found, return None.

get_loader_symbolic_constraints()[source]#: Do not use this method.

fast_memory_load_pointer(addr, size=None)[source]#

Perform a fast memory loading of a pointer.

Parameters:

addr (int) – Address to read from.
size (Optional[int]) – Size of the pointer. Default to machine-word size.

Return type:

Optional[int]

Returns:

A pointer or None if the address does not exist.

Backends#

class cle.backends.FunctionHintSource[source]#

Bases: object

Enums that describe the source of function hints.

EH_FRAME = 0#

EXTERNAL_EH_FRAME = 1#

class cle.backends.FunctionHint(addr, size, source)[source]#

Bases: object

Describes a function hint.

Variables:

addr (int) – Address of the function.
size (int) – Size of the function.
source (int) – Source of this hint.

addr#

size#

source#

class cle.backends.ExceptionHandling(start_addr, size, handler_addr=None, type_=None, func_addr=None)[source]#

Bases: object

Describes an exception handling.

Exception handlers are usually language-specific. In C++, it is usually implemented as try {} catch {} blocks.

Variables:

start_addr (int) – The beginning of the try block.
size (int) – Size of the try block.
handler_addr (Optional[int]) – Address of the exception handler code.
type – Type of the exception handler. Optional.
func_addr (Optional[int]) – Address of the function. Optional.

start_addr#

size#

handler_addr#

type#

func_addr#

class cle.backends.Backend(binary, binary_stream, loader=None, is_main_bin=False, entry_point=None, arch=None, base_addr=None, force_rebase=False, has_memory=True, **kwargs)[source]#

Bases: object

Main base class for CLE binary objects.

An alternate interface to this constructor exists as the static method cle.loader.Loader.load_object()

Variables:

binary – The path to the file this object is loaded from
binary_basename – The basename of the filepath, or a short representation of the stream it was loaded from
is_main_bin – Whether this binary is loaded as the main executable
segments – A listing of all the loaded segments in this file
sections – A listing of all the demarked sections in the file
sections_map – A dict mapping from section name to section
imports – A mapping from symbol name to import relocation
resolved_imports – A list of all the import symbols that are successfully resolved
relocs – A list of all the relocations in this binary
irelatives – A list of tuples representing all the irelative relocations that need to be performed. The first item in the tuple is the address of the resolver function, and the second item is the address of where to write the result. The destination address is an RVA.
jmprel – A mapping from symbol name to the address of its jump slot relocation, i.e. its GOT entry.
arch (archinfo.arch.Arch) – The architecture of this binary
os (str) – The operating system this binary is meant to run under
mapped_base (int) – The base address of this object in virtual memory
deps – A list of names of shared libraries this binary depends on
linking – ‘dynamic’ or ‘static’
linked_base – The base address this object requests to be loaded at
pic (bool) – Whether this object is position-independent
execstack (bool) – Whether this executable has an executable stack
provides (str) – The name of the shared library dependancy that this object resolves
symbols (list) – A list of symbols provided by this object, sorted by address
has_memory – Whether this backend is backed by a Clemory or not. As it stands now, a backend should still define min_addr and max_addr even if has_memory is False.

Parameters:

loader (Loader) –
arch (Arch | None) –

is_default = False#

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: Dict[str, Relocation]#

relocs: List[Relocation]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

arch: Optional[Arch]#

close()[source]#

set_arch(arch)[source]#

property image_base_delta#

property entry#

property segments: Regions#

property sections#

property symbols_by_addr#

rebase(new_base)[source]#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()[source]#

Apply all resolved relocations to memory.

contains_addr(addr)[source]#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

find_loadable_containing(addr)[source]#

find_segment_containing(addr)[source]#: Returns the segment that contains addr, or None.

find_section_containing(addr)[source]#: Returns the section that contains addr or None.

addr_to_offset(addr)[source]#

offset_to_addr(offset)[source]#

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property finalizers#: Stub function. Like initializers, but with finalizers.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

thread_registers(thread=None)[source]#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

initial_register_values()[source]#: Deprecated

get_symbol(name)[source]#: Stub function. Implement to find the symbol with name name.

static extract_soname(path)[source]#: Extracts the shared object identifier from the path, or returns None if it cannot.

classmethod is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)[source]#: Check if a stream of bytes contains the same magic number as the main object

cle.backends.register_backend(name, cls)[source]#

class cle.backends.ELF(*args, addend=None, debug_symbols=None, discard_section_headers=False, discard_program_headers=False, **kwargs)[source]#

Bases: MetaELF

The main loader class for statically loading ELF executables. Uses the pyreadelf library where useful.

Useful backend options:

debug_symbols: Provides the path to a separate file which contains the binary’s debug symbols
discard_section_headers: Do not parse section headers. Use this if they are corrupted or malicious.
discard_program_headers: Do not parse program headers. Use this if the binary is for a platform whose ELF
loader only looks at section headers, but whose toolchain generates program headers anyway.

is_default = True#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

variables: Optional[List[Variable]]#

compilation_units: Optional[List[CompilationUnit]]#

close()[source]#

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)[source]#: Check if a stream of bytes contains the same magic number as the main object

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

static extract_arch(reader)[source]#

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property finalizers#: Stub function. Like initializers, but with finalizers.

property symbols_by_name#

get_symbol(symid, symbol_table=None)[source]#

Gets a Symbol object for the specified symbol.

Parameters:: symid – Either an index into .dynsym or the name of a symbol.

rebase(new_base)[source]#: Rebase backend’s regions to the new base where they were mapped by the loader

addr_to_offset(addr)#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

property image_base_delta#

initial_register_values()#: Deprecated

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

property plt#: Maps names to addresses.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

relocate()#

Apply all resolved relocations to memory.

property reverse_plt#: Maps addresses to names.

property sections#

property segments: Regions#

set_arch(arch)#

supported_filetypes = ['elf']#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.ELFCore(*args, executable=None, remote_file_mapping=None, remote_file_mapper=None, **kwargs)[source]#

Bases: ELF

Loader class for ELF core files.

One key pain point when analyzing a core dump generated on a remote machine is that the paths to binaries are absolute (and may not exist or be the same on your local machine).

If you specify both remote_file_mapping and remote_file_mapper, remote_file_mapping is applied first, then the result is passed to remote_file_mapper.

Parameters:

executable – Optional path to the main binary of the core dump. If not supplied, ELFCore will attempt to figure it out automatically from the core dump.
remote_file_mapping – Optional dict that maps specific file names in the core dump to other file names.
remote_file_mapper – Optional function that is used to map every file name in the core dump to whatever is returned from this function.

is_default = True#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

thread_registers(thread=None)[source]#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_arch(reader)#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(symid, symbol_table=None)#

Gets a Symbol object for the specified symbol.

Parameters:: symid – Either an index into .dynsym or the name of a symbol.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

property plt#: Maps names to addresses.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property reverse_plt#: Maps addresses to names.

property sections#

property segments: Regions#

set_arch(arch)#

supported_filetypes = ['elf']#

property symbols_by_addr#

property symbols_by_name#

loader: Loader#

variables: Optional[List[Variable]]#

compilation_units: Optional[List[CompilationUnit]]#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.MetaELF(*args, **kwargs)[source]#

Bases: Backend

A base class that implements functions used by all backends that can load an ELF.

supported_filetypes = ['elf']#

property plt#: Maps names to addresses.

property reverse_plt#: Maps addresses to names.

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

static extract_soname(path)[source]#: Extracts the shared object identifier from the path, or returns None if it cannot.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

classmethod is_compatible(stream)#: Determine quickly whether this backend can load an object from this stream

is_default = False#

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.PE(*args, **kwargs)[source]#

Bases: Backend

Representation of a PE (i.e. Windows) binary.

is_default = True#

property segments: Regions#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

classmethod check_magic_compatibility(stream)[source]#: Check if a stream of bytes contains the same magic number as the main object

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

close()[source]#

get_symbol(name)[source]#: Look up the symbol with the given name. Symbols can be looked up by ordinal with the name "ordinal.%d" % num

addr_to_offset(addr)#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.Blob(*args, offset=None, segments=None, **kwargs)[source]#

Bases: Backend

Representation of a binary blob, i.e. an executable in an unknown file format.

is_default = True#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

function_name(addr)[source]#: Blobs don’t support function names.

contains_addr(addr)[source]#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

in_which_segment(addr)[source]#: Blobs don’t support segments.

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

addr_to_offset(addr)#

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.CGC(binary, binary_stream, *args, **kwargs)[source]#

Bases: ELF

Backend to support the CGC elf format used by the Cyber Grand Challenge competition.

is_default = True#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

supported_filetypes = ['cgc']#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_arch(reader)#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(symid, symbol_table=None)#

Gets a Symbol object for the specified symbol.

Parameters:: symid – Either an index into .dynsym or the name of a symbol.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

property plt#: Maps names to addresses.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property reverse_plt#: Maps addresses to names.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

property symbols_by_name#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

variables: Optional[List[Variable]]#

compilation_units: Optional[List[CompilationUnit]]#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.BackedCGC(*args, memory_backer=None, register_backer=None, writes_backer=None, permissions_map=None, current_allocation_base=None, **kwargs)[source]#

Bases: CGC

This is a backend for CGC executables that allows user provide a memory backer and a register backer as the initial state of the running binary.

is_default = True#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

thread_registers(thread=None)[source]#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_arch(reader)#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(symid, symbol_table=None)#

Gets a Symbol object for the specified symbol.

Parameters:: symid – Either an index into .dynsym or the name of a symbol.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

property plt#: Maps names to addresses.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property reverse_plt#: Maps addresses to names.

property sections#

property segments: Regions#

set_arch(arch)#

supported_filetypes = ['cgc']#

property symbols_by_addr#

property symbols_by_name#

loader: Loader#

variables: Optional[List[Variable]]#

compilation_units: Optional[List[CompilationUnit]]#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.Hex(*args, **kwargs)[source]#

Bases: Backend

A loader for Intel Hex Objects See https://en.wikipedia.org/wiki/Intel_HEX

is_default = True#

static parse_record(line)[source]#

static coalesce_regions(regions)[source]#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

class cle.backends.Minidump(*args, **kwargs)[source]#

Bases: Backend

is_default = True#

close()[source]#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)[source]#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

get_thread_registers_by_id(thread_id)[source]#

class cle.backends.MachO(*args, **kwargs)[source]#

Bases: Backend

Mach-O binaries for CLE

is_default = True#

MH_MAGIC_64 = 4277009103#

MH_CIGAM_64 = 3489328638#

MH_MAGIC = 4277009102#

MH_CIGAM = 3472551422#

symbols: sortedcontainers.SortedKeyList[Symbol]#

lc_function_starts: Optional[List[int]]#

export_blob: Optional[bytes]#

binding_blob: Optional[bytes]#

lazy_binding_blob: Optional[bytes]#

weak_binding_blob: Optional[bytes]#

rebase_blob: Optional[bytes]#

strtab: Optional[bytes]#

ncmds: int#

sizeofcmds: int#

property macho_base: int#

property min_addr: int#: This returns the lowest virtual address contained in any loaded segment of the binary.

classmethod is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

is_thumb_interworking(address)[source]#: Returns true if the given address is a THUMB interworking address

decode_thumb_interworking(address)[source]#: Decodes a thumb interworking address

find_segment_by_name(name)[source]#

do_binding()[source]#

get_string(start)[source]#: Loads a string from the string table

parse_lc_str(f, start, limit=None)[source]#

Parses a lc_str data structure

Parameters:: limit (int | None) –

S = ~S#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

get_symbol_by_address_fuzzy(address)[source]#: Locates a symbol by checking the given address against sym.addr, sym.bind_xrefs and sym.symbol_stubs

get_symbol(name, include_stab=False, fuzzy=False)[source]#

Returns all symbols matching name.

Note that especially when include_stab=True there may be multiple symbols with the same name, therefore this method always returns an array.

Parameters:

name – the name of the symbol
include_stab – Include debugging symbols NOT RECOMMENDED
fuzzy – Replace exact match with “contains”-style match

get_symbol_by_insertion_order(idx)[source]#

Parameters:: idx (int) – idx when this symbol was inserted
Return type:: AbstractMachOSymbol
Returns:

get_segment_by_name(name)[source]#: Searches for a MachOSegment with the given name and returns it :type name: :param name: Name of the sought segment :return: MachOSegment or None

class cle.backends.NamedRegion(name, start, end, is_readable=True, is_writable=True, is_executable=False, **kwargs)[source]#

Bases: Backend

A NamedRegion represents a region of memory that has a name, a location, but no static content.

This region also has permissions; with no memory, these obviously don’t do anything on their own, but they help inform any other code that relies on CLE (e.g., angr)

This can be used as a placeholder for memory that should exist in CLE’s view, but for which it does not need data, like RAM, MMIO, etc

is_default = False#

has_memory = False#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

function_name(addr)[source]#: NamedRegions don’t support function names.

contains_addr(addr)[source]#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.Jar(jar_path, binary_stream, entry_point=None, entry_point_params=('java.lang.String[]',), jni_libs=None, jni_libs_ld_path=None, **kwargs)[source]#

Bases: Soot

Backend for lifting JARs to Soot.

is_default = True#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

get_manifest(binary_path=None)[source]#

Load the MANIFEST.MF file

Returns:: A dict of meta info
Return type:: dict

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

property classes#

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_soot_class(cls_name, none_if_missing=False)#

Get Soot class object.

Parameters:: cls_name (str) – Name of the class.
Returns:: The class object.
Return type:: pysoot.soot.SootClass

get_soot_method(thing, class_name=None, params=(), none_if_missing=False)#

Get Soot method object.

Parameters:

thing – Descriptor or the method, or name of the method.
class_name (str) – Name of the class. If not specified, class name can be parsed from method_name.

Returns:

Soot method that satisfy the criteria.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

static is_zip_archive(stream)#

property main_methods#

Find all Main methods in this binary.

Returns:: All main methods in each class.
Return type:: iterator

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.Apk(apk_path, binary_stream, entry_point=None, entry_point_params=(), android_sdk=None, supported_jni_archs=None, jni_libs=None, jni_libs_ld_path=None, **options)[source]#

Bases: Soot

Backend for lifting Apk’s to Soot.

is_default = True#

get_callbacks(class_name, callback_names)[source]#

Get callback methods from the name of callback methods.

Parameters:

class_name (str) – Name of the class.
callback_names (List[str]) – Name list of the callbacks.

Returns:

The method object which is callback.

Return type:

list[pysoot.sootir.soot_method.SootMethod]

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

property classes#

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_soot_class(cls_name, none_if_missing=False)#

Get Soot class object.

Parameters:: cls_name (str) – Name of the class.
Returns:: The class object.
Return type:: pysoot.soot.SootClass

get_soot_method(thing, class_name=None, params=(), none_if_missing=False)#

Get Soot method object.

Parameters:

thing – Descriptor or the method, or name of the method.
class_name (str) – Name of the class. If not specified, class name can be parsed from method_name.

Returns:

Soot method that satisfy the criteria.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

static is_zip_archive(stream)#

property main_methods#

Find all Main methods in this binary.

Returns:: All main methods in each class.
Return type:: iterator

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

class cle.backends.Soot(*args, entry_point=None, entry_point_params=(), input_format=None, additional_jars=None, additional_jar_roots=None, jni_libs_ld_path=None, jni_libs=None, android_sdk=None, **kwargs)[source]#

Bases: Backend

The basis backend for lifting and loading bytecode from JARs and APKs to Soot IR.

Note that self.min_addr will be 0 and self.max_addr will be 1. Hopefully no other object will be mapped at address 0.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property entry#

property classes#

get_soot_class(cls_name, none_if_missing=False)[source]#

Get Soot class object.

Parameters:: cls_name (str) – Name of the class.
Returns:: The class object.
Return type:: pysoot.soot.SootClass

get_soot_method(thing, class_name=None, params=(), none_if_missing=False)[source]#

Get Soot method object.

Parameters:

thing – Descriptor or the method, or name of the method.
class_name (str) – Name of the class. If not specified, class name can be parsed from method_name.

Returns:

Soot method that satisfy the criteria.

property main_methods#

Find all Main methods in this binary.

Returns:: All main methods in each class.
Return type:: iterator

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

classmethod is_compatible(stream)#: Determine quickly whether this backend can load an object from this stream

is_default = False#

static is_zip_archive(stream)[source]#

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.XBE(*args, **kwargs)[source]#

Bases: Backend

The main loader class for statically loading XBE executables.

is_default = True#

close()[source]#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.StaticArchive(*args, **kwargs)[source]#

Bases: Backend

classmethod is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

is_default = True#

arch: Optional[archinfo.Arch]#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.Region(offset, vaddr, filesize, memsize)[source]#

Bases: object

A region of memory that is mapped in the object’s file.

Variables:

offset – The offset into the file the region starts.
vaddr – The virtual address.
filesize – The size of the region in the file.
memsize – The size of the region when loaded into memory.

Parameters:

vaddr (int) –
filesize (int) –
memsize (int) –

When used next to each other, addr and offset refer to virtual memory address and file offset, respectively.

vaddr: int#

memsize: int#

filesize: int#

contains_addr(addr)[source]#: Does this region contain this virtual address?

contains_offset(offset)[source]#: Does this region contain this offset into the file?

addr_to_offset(addr)[source]#: Convert a virtual memory address into a file offset

offset_to_addr(offset)[source]#: Convert a file offset into a virtual memory address

property max_addr#: The maximum virtual address of this region

property min_addr#: The minimum virtual address of this region

property max_offset#: The maximum file offset of this region

min_offset()[source]#: The minimum file offset of this region

property is_readable: bool#

property is_writable: bool#

property is_executable: bool#

class cle.backends.Segment(offset, vaddr, filesize, memsize)[source]#

Bases: Region

Parameters:

vaddr (int) –
filesize (int) –
memsize (int) –

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property is_executable: bool#

property is_readable: bool#

property is_writable: bool#

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

memsize: int#

filesize: int#

class cle.backends.Section(name, offset, vaddr, size)[source]#

Bases: Region

Simple representation of a loaded section.

Variables:: name (str) – The name of the section
Parameters:: vaddr (int) –

property is_readable#: Whether this section has read permissions

property is_writable#: Whether this section has write permissions

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property is_executable#: Whether this section has execute permissions

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

memsize: int#

filesize: int#

property only_contains_uninitialized_data#: Whether this section is initialized to zero after the executable is loaded.

class cle.backends.Regions(lst=None)[source]#

Bases: object

A container class acting as a list of regions (sections or segments). Additionally, it keeps an sorted list of all regions that are mapped into memory to allow fast lookups.

We assume none of the regions overlap with others.

property raw_list: List[Region]#

Get the internal list. Any change to it is not tracked, and therefore _sorted_list will not be updated. Therefore you probably does not want to modify the list.

Returns:: The internal list container.
Return type:: list

property max_addr: int | None#

Get the highest address of all regions.

Returns:: The highest address of all regions, or None if there is no region available.
Return type:: int or None

append(region)[source]#

Append a new Region instance into the list.

Parameters:: region (Region) – The region to append.

remove(region)[source]#

Remove an existing Region instance from the list.

Parameters:: region (Region) – The region to remove.
Return type:: None

find_region_containing(addr)[source]#

Find the region that contains a specific address. Returns None if none of the regions covers the address.

Parameters:: addr (int) – The address.
Return type:: Optional[Region]
Returns:: The region that covers the specific address, or None if no such region is found.

find_region_next_to(addr)[source]#

Find the next region after the given address.

Parameters:: addr (int) – The address to test.
Return type:: Optional[Region]
Returns:: The next region that goes after the given address, or None if there is no section after the address,

class cle.backends.Symbol(owner, name, relative_addr, size, sym_type)[source]#

Bases: object

Representation of a symbol from a binary file. Smart enough to rebase itself.

There should never be more than one Symbol instance representing a single symbol. To make sure of this, only use the cle.backends.Backend.get_symbol() to create new symbols.

Variables:

owner (cle.backends.Backend) – The object that contains this symbol
name (str) – The name of this symbol
addr (int) – The un-based address of this symbol, an RVA
size (int) – The size of this symbol
_type – The ABI-agnostic type of this symbol
resolved (bool) – Whether this import symbol has been resolved to a real symbol
resolvedby (None or cle.backends.Symbol) – The real symbol this import symbol has been resolve to
resolvewith (str) – The name of the library we must use to resolve this symbol, or None if none is required.

Parameters:

owner (Backend) –
name (str) –
relative_addr (int) –
size (int) –
sym_type (SymbolType) –

resolve(obj)[source]#

property type: SymbolType#: The ABI-agnostic SymbolType. Must be overridden by derived types.

property subtype: SymbolSubType#: A subclass’ ABI-specific types

property rebased_addr#: The address of this symbol in the global memory space

property linked_addr#

property is_function#: Whether this symbol is a function

is_static = False#

is_common = False#

is_import = False#

is_export = False#

is_local = False#

is_weak = False#

is_extern = False#

is_forward = False#

resolve_forwarder()[source]#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property owner_obj#

class cle.backends.SymbolType(value)[source]#

Bases: Enum

ABI-agnostic symbol types

TYPE_OTHER = 0#

TYPE_NONE = 1#

TYPE_FUNCTION = 2#

TYPE_OBJECT = 3#

TYPE_SECTION = 4#

TYPE_TLS_OBJECT = 5#

class cle.backends.SymbolSubType(value)[source]#

Bases: Enum

Abstract base class for ABI-specific symbol types

to_base_type()[source]#

A subclass’ ABI-specific mapping to :SymbolType:

Return type:: SymbolType

class cle.backends.UefiFirmware(*args, **kwargs)[source]#

Bases: Backend

A UEFI firmware blob loader. Support is provided by the uefi_firmware package.

is_default = True#

classmethod is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

arch: Optional[archinfo.Arch]#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.TE(*args, **kwargs)[source]#

Bases: Backend

A “Terse Executable” format image, commonly used as part of UEFI firmware drivers.

is_default = True#

classmethod is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.backend.FunctionHintSource[source]#

Bases: object

Enums that describe the source of function hints.

EH_FRAME = 0#

EXTERNAL_EH_FRAME = 1#

class cle.backends.backend.FunctionHint(addr, size, source)[source]#

Bases: object

Describes a function hint.

Variables:

addr (int) – Address of the function.
size (int) – Size of the function.
source (int) – Source of this hint.

addr#

size#

source#

class cle.backends.backend.ExceptionHandling(start_addr, size, handler_addr=None, type_=None, func_addr=None)[source]#

Bases: object

Describes an exception handling.

Exception handlers are usually language-specific. In C++, it is usually implemented as try {} catch {} blocks.

Variables:

start_addr (int) – The beginning of the try block.
size (int) – Size of the try block.
handler_addr (Optional[int]) – Address of the exception handler code.
type – Type of the exception handler. Optional.
func_addr (Optional[int]) – Address of the function. Optional.

start_addr#

size#

handler_addr#

type#

func_addr#

class cle.backends.backend.Backend(binary, binary_stream, loader=None, is_main_bin=False, entry_point=None, arch=None, base_addr=None, force_rebase=False, has_memory=True, **kwargs)[source]#

Bases: object

Main base class for CLE binary objects.

An alternate interface to this constructor exists as the static method cle.loader.Loader.load_object()

Variables:

binary – The path to the file this object is loaded from
binary_basename – The basename of the filepath, or a short representation of the stream it was loaded from
is_main_bin – Whether this binary is loaded as the main executable
segments – A listing of all the loaded segments in this file
sections – A listing of all the demarked sections in the file
sections_map – A dict mapping from section name to section
imports – A mapping from symbol name to import relocation
resolved_imports – A list of all the import symbols that are successfully resolved
relocs – A list of all the relocations in this binary
irelatives – A list of tuples representing all the irelative relocations that need to be performed. The first item in the tuple is the address of the resolver function, and the second item is the address of where to write the result. The destination address is an RVA.
jmprel – A mapping from symbol name to the address of its jump slot relocation, i.e. its GOT entry.
arch (archinfo.arch.Arch) – The architecture of this binary
os (str) – The operating system this binary is meant to run under
mapped_base (int) – The base address of this object in virtual memory
deps – A list of names of shared libraries this binary depends on
linking – ‘dynamic’ or ‘static’
linked_base – The base address this object requests to be loaded at
pic (bool) – Whether this object is position-independent
execstack (bool) – Whether this executable has an executable stack
provides (str) – The name of the shared library dependancy that this object resolves
symbols (list) – A list of symbols provided by this object, sorted by address
has_memory – Whether this backend is backed by a Clemory or not. As it stands now, a backend should still define min_addr and max_addr even if has_memory is False.

Parameters:

loader (Loader) –
arch (Arch | None) –

is_default = False#

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: Dict[str, Relocation]#

relocs: List[Relocation]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

arch: Optional[Arch]#

close()[source]#

set_arch(arch)[source]#

property image_base_delta#

property entry#

property segments: Regions#

property sections#

property symbols_by_addr#

rebase(new_base)[source]#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()[source]#

Apply all resolved relocations to memory.

contains_addr(addr)[source]#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

find_loadable_containing(addr)[source]#

find_segment_containing(addr)[source]#: Returns the segment that contains addr, or None.

find_section_containing(addr)[source]#: Returns the section that contains addr or None.

addr_to_offset(addr)[source]#

offset_to_addr(offset)[source]#

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property finalizers#: Stub function. Like initializers, but with finalizers.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

thread_registers(thread=None)[source]#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

initial_register_values()[source]#: Deprecated

get_symbol(name)[source]#: Stub function. Implement to find the symbol with name name.

static extract_soname(path)[source]#: Extracts the shared object identifier from the path, or returns None if it cannot.

classmethod is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)[source]#: Check if a stream of bytes contains the same magic number as the main object

cle.backends.backend.register_backend(name, cls)[source]#

class cle.backends.symbol.SymbolType(value)[source]#

Bases: Enum

ABI-agnostic symbol types

TYPE_OTHER = 0#

TYPE_NONE = 1#

TYPE_FUNCTION = 2#

TYPE_OBJECT = 3#

TYPE_SECTION = 4#

TYPE_TLS_OBJECT = 5#

class cle.backends.symbol.SymbolSubType(value)[source]#

Bases: Enum

Abstract base class for ABI-specific symbol types

to_base_type()[source]#

A subclass’ ABI-specific mapping to :SymbolType:

Return type:: SymbolType

class cle.backends.symbol.Symbol(owner, name, relative_addr, size, sym_type)[source]#

Bases: object

Representation of a symbol from a binary file. Smart enough to rebase itself.

There should never be more than one Symbol instance representing a single symbol. To make sure of this, only use the cle.backends.Backend.get_symbol() to create new symbols.

Variables:

owner (cle.backends.Backend) – The object that contains this symbol
name (str) – The name of this symbol
addr (int) – The un-based address of this symbol, an RVA
size (int) – The size of this symbol
_type – The ABI-agnostic type of this symbol
resolved (bool) – Whether this import symbol has been resolved to a real symbol
resolvedby (None or cle.backends.Symbol) – The real symbol this import symbol has been resolve to
resolvewith (str) – The name of the library we must use to resolve this symbol, or None if none is required.

Parameters:

owner (Backend) –
name (str) –
relative_addr (int) –
size (int) –
sym_type (SymbolType) –

resolve(obj)[source]#

property type: SymbolType#: The ABI-agnostic SymbolType. Must be overridden by derived types.

property subtype: SymbolSubType#: A subclass’ ABI-specific types

property rebased_addr#: The address of this symbol in the global memory space

property linked_addr#

property is_function#: Whether this symbol is a function

is_static = False#

is_common = False#

is_import = False#

is_export = False#

is_local = False#

is_weak = False#

is_extern = False#

is_forward = False#

resolve_forwarder()[source]#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property owner_obj#

class cle.backends.regions.Regions(lst=None)[source]#

Bases: object

A container class acting as a list of regions (sections or segments). Additionally, it keeps an sorted list of all regions that are mapped into memory to allow fast lookups.

We assume none of the regions overlap with others.

property raw_list: List[Region]#

Get the internal list. Any change to it is not tracked, and therefore _sorted_list will not be updated. Therefore you probably does not want to modify the list.

Returns:: The internal list container.
Return type:: list

property max_addr: int | None#

Get the highest address of all regions.

Returns:: The highest address of all regions, or None if there is no region available.
Return type:: int or None

append(region)[source]#

Append a new Region instance into the list.

Parameters:: region (Region) – The region to append.

remove(region)[source]#

Remove an existing Region instance from the list.

Parameters:: region (Region) – The region to remove.
Return type:: None

find_region_containing(addr)[source]#

Find the region that contains a specific address. Returns None if none of the regions covers the address.

Parameters:: addr (int) – The address.
Return type:: Optional[Region]
Returns:: The region that covers the specific address, or None if no such region is found.

find_region_next_to(addr)[source]#

Find the next region after the given address.

Parameters:: addr (int) – The address to test.
Return type:: Optional[Region]
Returns:: The next region that goes after the given address, or None if there is no section after the address,

class cle.backends.region.Region(offset, vaddr, filesize, memsize)[source]#

Bases: object

A region of memory that is mapped in the object’s file.

Variables:

offset – The offset into the file the region starts.
vaddr – The virtual address.
filesize – The size of the region in the file.
memsize – The size of the region when loaded into memory.

Parameters:

vaddr (int) –
filesize (int) –
memsize (int) –

When used next to each other, addr and offset refer to virtual memory address and file offset, respectively.

vaddr: int#

memsize: int#

filesize: int#

contains_addr(addr)[source]#: Does this region contain this virtual address?

contains_offset(offset)[source]#: Does this region contain this offset into the file?

addr_to_offset(addr)[source]#: Convert a virtual memory address into a file offset

offset_to_addr(offset)[source]#: Convert a file offset into a virtual memory address

property max_addr#: The maximum virtual address of this region

property min_addr#: The minimum virtual address of this region

property max_offset#: The maximum file offset of this region

min_offset()[source]#: The minimum file offset of this region

property is_readable: bool#

property is_writable: bool#

property is_executable: bool#

class cle.backends.region.Segment(offset, vaddr, filesize, memsize)[source]#

Bases: Region

Parameters:

vaddr (int) –
filesize (int) –
memsize (int) –

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property is_executable: bool#

property is_readable: bool#

property is_writable: bool#

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

memsize: int#

filesize: int#

class cle.backends.region.EmptySegment(vaddr, memsize, is_readable=True, is_writable=True, is_executable=False)[source]#

Bases: Segment

A segment with no static content, and permissions

Parameters:

vaddr (int) –
memsize (int) –

property is_executable#

property is_writable#

property is_readable#

property only_contains_uninitialized_data#: Whether this section is initialized to zero after the executable is loaded.

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

memsize: int#

filesize: int#

class cle.backends.region.Section(name, offset, vaddr, size)[source]#

Bases: Region

Simple representation of a loaded section.

Variables:: name (str) – The name of the section
Parameters:: vaddr (int) –

property is_readable#: Whether this section has read permissions

property is_writable#: Whether this section has write permissions

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property is_executable#: Whether this section has execute permissions

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

memsize: int#

filesize: int#

property only_contains_uninitialized_data#: Whether this section is initialized to zero after the executable is loaded.

class cle.backends.elf.ELF(*args, addend=None, debug_symbols=None, discard_section_headers=False, discard_program_headers=False, **kwargs)[source]#

Bases: MetaELF

The main loader class for statically loading ELF executables. Uses the pyreadelf library where useful.

Useful backend options:

debug_symbols: Provides the path to a separate file which contains the binary’s debug symbols
discard_section_headers: Do not parse section headers. Use this if they are corrupted or malicious.
discard_program_headers: Do not parse program headers. Use this if the binary is for a platform whose ELF
loader only looks at section headers, but whose toolchain generates program headers anyway.

is_default = True#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

variables: Optional[List[Variable]]#

compilation_units: Optional[List[CompilationUnit]]#

close()[source]#

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)[source]#: Check if a stream of bytes contains the same magic number as the main object

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

static extract_arch(reader)[source]#

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property finalizers#: Stub function. Like initializers, but with finalizers.

property symbols_by_name#

get_symbol(symid, symbol_table=None)[source]#

Gets a Symbol object for the specified symbol.

Parameters:: symid – Either an index into .dynsym or the name of a symbol.

rebase(new_base)[source]#: Rebase backend’s regions to the new base where they were mapped by the loader

addr_to_offset(addr)#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

property image_base_delta#

initial_register_values()#: Deprecated

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

property plt#: Maps names to addresses.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

relocate()#

Apply all resolved relocations to memory.

property reverse_plt#: Maps addresses to names.

property sections#

property segments: Regions#

set_arch(arch)#

supported_filetypes = ['elf']#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.elf.MetaELF(*args, **kwargs)[source]#

Bases: Backend

A base class that implements functions used by all backends that can load an ELF.

supported_filetypes = ['elf']#

property plt#: Maps names to addresses.

property reverse_plt#: Maps addresses to names.

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

static extract_soname(path)[source]#: Extracts the shared object identifier from the path, or returns None if it cannot.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

classmethod is_compatible(stream)#: Determine quickly whether this backend can load an object from this stream

is_default = False#

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.elf.ELFCore(*args, executable=None, remote_file_mapping=None, remote_file_mapper=None, **kwargs)[source]#

Bases: ELF

Loader class for ELF core files.

One key pain point when analyzing a core dump generated on a remote machine is that the paths to binaries are absolute (and may not exist or be the same on your local machine).

If you specify both remote_file_mapping and remote_file_mapper, remote_file_mapping is applied first, then the result is passed to remote_file_mapper.

Parameters:

executable – Optional path to the main binary of the core dump. If not supplied, ELFCore will attempt to figure it out automatically from the core dump.
remote_file_mapping – Optional dict that maps specific file names in the core dump to other file names.
remote_file_mapper – Optional function that is used to map every file name in the core dump to whatever is returned from this function.

is_default = True#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

thread_registers(thread=None)[source]#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_arch(reader)#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(symid, symbol_table=None)#

Gets a Symbol object for the specified symbol.

Parameters:: symid – Either an index into .dynsym or the name of a symbol.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

property plt#: Maps names to addresses.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property reverse_plt#: Maps addresses to names.

property sections#

property segments: Regions#

set_arch(arch)#

supported_filetypes = ['elf']#

property symbols_by_addr#

property symbols_by_name#

loader: Loader#

variables: Optional[List[Variable]]#

compilation_units: Optional[List[CompilationUnit]]#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.elf.elf.ELFSymbol(owner, symb)[source]#

Bases: Symbol

Represents a symbol for the ELF format.

Variables:

binding (str) – The binding of this symbol as an ELF enum string
section – The section associated with this symbol, or None
_subtype – The ELFSymbolType of this symbol

is_static = False#

is_common = False#

is_weak = False#

is_local = False#

is_import = False#

is_export = False#

is_extern = False#

is_forward = False#

property is_function#: Whether this symbol is a function

property linked_addr#

property owner_obj#

property rebased_addr#: The address of this symbol in the global memory space

resolve(obj)#

resolve_forwarder()#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property type: SymbolType#: The ABI-agnostic SymbolType. Must be overridden by derived types.

property subtype: ELFSymbolType#: A subclass’ ABI-specific types

class cle.backends.elf.elf.ELF(*args, addend=None, debug_symbols=None, discard_section_headers=False, discard_program_headers=False, **kwargs)[source]#

Bases: MetaELF

The main loader class for statically loading ELF executables. Uses the pyreadelf library where useful.

Useful backend options:

debug_symbols: Provides the path to a separate file which contains the binary’s debug symbols
discard_section_headers: Do not parse section headers. Use this if they are corrupted or malicious.
discard_program_headers: Do not parse program headers. Use this if the binary is for a platform whose ELF
loader only looks at section headers, but whose toolchain generates program headers anyway.

is_default = True#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

variables: Optional[List[Variable]]#

compilation_units: Optional[List[CompilationUnit]]#

close()[source]#

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)[source]#: Check if a stream of bytes contains the same magic number as the main object

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

static extract_arch(reader)[source]#

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property finalizers#: Stub function. Like initializers, but with finalizers.

property symbols_by_name#

get_symbol(symid, symbol_table=None)[source]#

Gets a Symbol object for the specified symbol.

Parameters:: symid – Either an index into .dynsym or the name of a symbol.

rebase(new_base)[source]#: Rebase backend’s regions to the new base where they were mapped by the loader

addr_to_offset(addr)#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

property image_base_delta#

initial_register_values()#: Deprecated

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

property plt#: Maps names to addresses.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

relocate()#

Apply all resolved relocations to memory.

property reverse_plt#: Maps addresses to names.

property sections#

property segments: Regions#

set_arch(arch)#

supported_filetypes = ['elf']#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.elf.elfcore.ELFCore(*args, executable=None, remote_file_mapping=None, remote_file_mapper=None, **kwargs)[source]#

Bases: ELF

Loader class for ELF core files.

One key pain point when analyzing a core dump generated on a remote machine is that the paths to binaries are absolute (and may not exist or be the same on your local machine).

If you specify both remote_file_mapping and remote_file_mapper, remote_file_mapping is applied first, then the result is passed to remote_file_mapper.

Parameters:

executable – Optional path to the main binary of the core dump. If not supplied, ELFCore will attempt to figure it out automatically from the core dump.
remote_file_mapping – Optional dict that maps specific file names in the core dump to other file names.
remote_file_mapper – Optional function that is used to map every file name in the core dump to whatever is returned from this function.

is_default = True#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

thread_registers(thread=None)[source]#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_arch(reader)#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(symid, symbol_table=None)#

Gets a Symbol object for the specified symbol.

Parameters:: symid – Either an index into .dynsym or the name of a symbol.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

property plt#: Maps names to addresses.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property reverse_plt#: Maps addresses to names.

property sections#

property segments: Regions#

set_arch(arch)#

supported_filetypes = ['elf']#

property symbols_by_addr#

property symbols_by_name#

loader: Loader#

variables: Optional[List[Variable]]#

compilation_units: Optional[List[CompilationUnit]]#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

References

class cle.backends.elf.lsda.ExceptionTableHeader(lp_start, ttype_encoding, ttype_offset, call_site_encoding, call_site_table_len)[source]#

Bases: object

lp_start#

ttype_encoding#

ttype_offset#

call_site_encoding#

call_site_table_len#

class cle.backends.elf.lsda.CallSiteEntry(cs_start, cs_len, cs_lp, cs_action)[source]#

Bases: object

cs_start#

cs_len#

cs_lp#

cs_action#

class cle.backends.elf.lsda.LSDAExceptionTable(stream, bits, little_endian=True)[source]#

Bases: object

LSDA exception table parser.

TODO: Much of this class should be eventually moved to pyelftools.

parse_lsda(address, offset)[source]#

class cle.backends.elf.metaelf.MetaELF(*args, **kwargs)[source]#

Bases: Backend

A base class that implements functions used by all backends that can load an ELF.

supported_filetypes = ['elf']#

property plt#: Maps names to addresses.

property reverse_plt#: Maps addresses to names.

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

static extract_soname(path)[source]#: Extracts the shared object identifier from the path, or returns None if it cannot.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

classmethod is_compatible(stream)#: Determine quickly whether this backend can load an object from this stream

is_default = False#

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.elf.metaelf.Relro(value)[source]#

Bases: Enum

An enumeration.

NONE = 0#

PARTIAL = 1#

FULL = 2#

cle.backends.elf.metaelf.maybedecode(string)[source]#

cle.backends.elf.symbol.maybedecode(string)[source]#

class cle.backends.elf.symbol.ELFSymbol(owner, symb)[source]#

Bases: Symbol

Represents a symbol for the ELF format.

Variables:

binding (str) – The binding of this symbol as an ELF enum string
section – The section associated with this symbol, or None
_subtype – The ELFSymbolType of this symbol

is_static = False#

is_common = False#

is_weak = False#

is_local = False#

is_import = False#

is_export = False#

is_extern = False#

is_forward = False#

property is_function#: Whether this symbol is a function

property linked_addr#

property owner_obj#

property rebased_addr#: The address of this symbol in the global memory space

resolve(obj)#

resolve_forwarder()#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property type: SymbolType#: The ABI-agnostic SymbolType. Must be overridden by derived types.

property subtype: ELFSymbolType#: A subclass’ ABI-specific types

class cle.backends.elf.symbol_type.ELFSymbolType(value)[source]#

Bases: SymbolSubType

ELF-specific symbol types

STT_NOTYPE = (0, None)#

STT_OBJECT = (1, None)#

STT_FUNC = (2, None)#

STT_SECTION = (3, None)#

STT_FILE = (4, None)#

STT_COMMON = (5, None)#

STT_TLS = (6, None)#

STT_LOOS = (10, None)#

STT_HIOS = (12, None)#

STT_LOPROC = (13, None)#

STT_HIPROC = (15, None)#

STT_GNU_IFUNC = (10, 'gnu')#

property elf_value#

property os_proc#

property is_custom_os_proc#

cle.backends.elf.regions.maybedecode(string)[source]#

class cle.backends.elf.regions.ELFSegment(readelf_seg, relro=False)[source]#

Bases: Segment

Represents a segment for the ELF format.

property is_readable#

property is_writable#

property is_executable#

property is_relro#

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

memsize: int#

filesize: int#

class cle.backends.elf.regions.ELFSection(readelf_sec, remap_offset=0)[source]#

Bases: Section

SHF_WRITE = 1#

SHF_ALLOC = 2#

SHF_EXECINSTR = 4#

SHF_STRINGS = 32#

SHT_NULL = 'SHT_NULL'#

property is_readable#: Whether this section has read permissions

property is_active#

property is_writable#: Whether this section has write permissions

property occupies_memory#

property is_executable#: Whether this section has execute permissions

property is_strings#

property only_contains_uninitialized_data#: Whether this section is initialized to zero after the executable is loaded.

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

memsize: int#

filesize: int#

class cle.backends.elf.hashtable.ELFHashTable(symtab, stream, offset, arch)[source]#

Bases: object

Functions to do lookup from a HASH section of an ELF file.

Information: http://docs.oracle.com/cd/E23824_01/html/819-0690/chapter6-48031.html

get(k)[source]#

Perform a lookup. Returns a pyelftools Symbol object, or None if there is no match.

Parameters:: k – The string to look up.

static elf_hash(key)[source]#

class cle.backends.elf.hashtable.GNUHashTable(symtab, stream, offset, arch)[source]#

Bases: object

Functions to do lookup from a GNU_HASH section of an ELF file.

Information: https://blogs.oracle.com/ali/entry/gnu_hash_elf_sections

get(k)[source]#

Perform a lookup. Returns a pyelftools Symbol object, or None if there is no match.

Parameters:: k – The string to look up

static gnu_hash(key)[source]#

class cle.backends.elf.variable.Variable(elf_object)[source]#

Bases: object

Variable for DWARF from a DW_TAG_variable or DW_TAG_formal_parameter

Variables:

name (str) – The name of the variable
relative_addr – The relative addr (base addr depends on the type)
lexical_block – For a local variable, the lexical block where the variable is declared

Parameters:

elf_object (ELF) –

static from_die(die, expr_parser, elf_object, lexical_block=None)[source]#

Parameters:

die (DIE) –
elf_object (ELF) –
lexical_block (LexicalBlock | None) –

rebased_addr_from_cfa(cfa)[source]#

The address of this variable in the global memory.

Parameters:: cfa (int) – The canonical frame address as described by the DWARF standard.

property rebased_addr#

property addr#: Please use ‘relative_addr’ or ‘rebased_addr’ instead.

property type: VariableType#

property sort: str#

class cle.backends.elf.variable.MemoryVariable(elf_object, relative_addr)[source]#

Bases: Variable

This includes all variables that are not on the stack and not in a register. So all global variables, and also local static variables in C!

Parameters:: elf_object (ELF) –

property rebased_addr#

property sort: str#

property addr#: Please use ‘relative_addr’ or ‘rebased_addr’ instead.

static from_die(die, expr_parser, elf_object, lexical_block=None)#

Parameters:

die (DIE) –
elf_object (ELF) –
lexical_block (LexicalBlock | None) –

rebased_addr_from_cfa(cfa)#

The address of this variable in the global memory.

Parameters:: cfa (int) – The canonical frame address as described by the DWARF standard.

property type: VariableType#

class cle.backends.elf.variable.StackVariable(elf_object, relative_addr)[source]#

Bases: Variable

Stack Variable from DWARF.

Parameters:: elf_object (ELF) –

rebased_addr_from_cfa(cfa)[source]#

The address of this variable in the global memory.

Parameters:: cfa (int) – The canonical frame address as described by the DWARF standard.

property sort: str#

property addr#: Please use ‘relative_addr’ or ‘rebased_addr’ instead.

static from_die(die, expr_parser, elf_object, lexical_block=None)#

Parameters:

die (DIE) –
elf_object (ELF) –
lexical_block (LexicalBlock | None) –

property rebased_addr#

property type: VariableType#

class cle.backends.elf.variable.RegisterVariable(elf_object, register_addr)[source]#

Bases: Variable

Parameters:: elf_object (ELF) –

property sort: str#

property addr#: Please use ‘relative_addr’ or ‘rebased_addr’ instead.

static from_die(die, expr_parser, elf_object, lexical_block=None)#

Parameters:

die (DIE) –
elf_object (ELF) –
lexical_block (LexicalBlock | None) –

property rebased_addr#

rebased_addr_from_cfa(cfa)#

The address of this variable in the global memory.

Parameters:: cfa (int) – The canonical frame address as described by the DWARF standard.

property type: VariableType#

class cle.backends.elf.subprogram.LexicalBlock(low_pc, high_pc)[source]#

Bases: object

A lexical block is a sequence of source statements, e.g. a while/for loop or an if statement or some bracketed block.

Corresponds to a DW_TAG_LexicalBlock in DWARF.

Parameters:

super_block – The lexical block which contains this block
low_pc – The relative start address of the block
high_pc – The relative end address of the block

Variables:

low_pc – The relative start address of the subprogram
high_pc – The relative end address of the subprogram
child_blocks – Lexical blocks inside this block (only direct childs)

class cle.backends.elf.subprogram.Subprogram(name, low_pc, high_pc)[source]#

Bases: LexicalBlock

DW_TAG_subprogram for DWARF. The behavior is mostly inherited from LexicalBlock to avoid redundancy.

Parameters:

name (str) – The name of the function/program
low_pc – The relative start address of the subprogram
high_pc – The relative end address of the subprogram

Variables:

name – The name of the function/program
local_variables – All local variables in a Subprogram (they may reside in serveral child blocks)

class cle.backends.elf.variable_type.VariableType(name, byte_size, elf_object)[source]#

Bases: object

Entry class for DW_TAG_xxx_type

Parameters:

name (str) – name of the type
byte_size (int) – amount of bytes the type take in memory
elf_object – elf object to reference to (useful for pointer,…)

Variables:

name – name of the type
byte_size – amount of bytes the type take in memory

static read_from_die(die, elf_object)[source]#

entry method to read a DW_TAG_xxx_type

Parameters:: die (DIE) –

static supported_die(die)[source]#

Return type:: bool
Parameters:: die (DIE) –

class cle.backends.elf.variable_type.PointerType(byte_size, elf_object, referenced_offset)[source]#

Bases: VariableType

Entry class for DW_TAG_pointer_type. It is inherited from VariableType

Parameters:

byte_size (int) – amount of bytes the type take in memory
elf_object – elf object to reference to (useful for pointer,…)
referenced_offset (int) – type of the referenced as offset in the compilation_unit

classmethod read_from_die(die, elf_object)[source]#

read an entry of DW_TAG_pointer_type. return None when there is no byte_size or type attribute.

Parameters:: die (DIE) –

property referenced_type#: attribute to get the referenced type. Return None if the type is not loaded

static supported_die(die)#

Return type:: bool
Parameters:: die (DIE) –

class cle.backends.elf.variable_type.BaseType(name, byte_size, elf_object)[source]#

Bases: VariableType

Entry class for DW_TAG_base_type. It is inherited from VariableType

Parameters:

name (str) –
byte_size (int) –

classmethod read_from_die(die, elf_object)[source]#

read an entry of DW_TAG_base_type. return None when there is no byte_size attribute.

Parameters:: die (DIE) –

static supported_die(die)#

Return type:: bool
Parameters:: die (DIE) –

class cle.backends.elf.variable_type.StructType(name, byte_size, elf_object, members)[source]#

Bases: VariableType

Entry class for DW_TAG_structure_type. It is inherited from VariableType

Parameters:

name (str) – name of the type
byte_size (int) – amount of bytes the type take in memory
elf_object – elf object to reference to (useful for pointer,…)

classmethod read_from_die(die, elf_object)[source]#

read an entry of DW_TAG_structure_type. return None when there is no byte_size attribute.

Parameters:: die (DIE) –

static supported_die(die)#

Return type:: bool
Parameters:: die (DIE) –

class cle.backends.elf.variable_type.UnionType(name, byte_size, elf_object, members)[source]#

Bases: StructType

Entry class for DW_TAG_union_type. Inherits from StructType to make it trivial.

Parameters:

name (str) –
byte_size (int) –

classmethod read_from_die(die, elf_object)#

read an entry of DW_TAG_structure_type. return None when there is no byte_size attribute.

Parameters:: die (DIE) –

static supported_die(die)#

Return type:: bool
Parameters:: die (DIE) –

class cle.backends.elf.variable_type.StructMember(name, addr_offset, type_offset, elf_object)[source]#

Bases: object

Entry class for DW_TAG_member. This is not a type but a named member inside a struct. Use the property type to get its variable type.

Parameters:

name (str) – name of the member
addr_offset (int) – address offset of the member in the struct
elf_object – elf object to reference to (useful for pointer,…)
type_offset – type as offset in the compilation_unit

Variables:

name – name of the member

classmethod read_from_die(die, elf_object)[source]#

read an entry of DW_TAG_member_type. return None when there is no type attribute.

Parameters:: die (DIE) –

property type#: attribute to get the type of the member. Return None if the type is not loaded

class cle.backends.elf.variable_type.ArrayType(byte_size, elf_object, element_offset)[source]#

Bases: VariableType

Entry class for DW_TAG_array_type. It is inherited from VariableType

Parameters:

byte_size – amount of bytes the type take in memory
elf_object – elf object to reference to (useful for pointer,…)
element_offset – type of the array elements as offset in the compilation_unit

classmethod read_from_die(die, elf_object)[source]#

read an entry of DW_TAG_array_type. return None when there is no type attribute.

Parameters:: die (DIE) –

property element_type#

static supported_die(die)#

Return type:: bool
Parameters:: die (DIE) –

class cle.backends.elf.variable_type.TypedefType(name, byte_size, elf_object, type_offset)[source]#

Bases: VariableType

Entry class for DW_TAG_typedef. Inherits from VariableType.

Parameters:

name (str) – name of the new type
elf_object – elf object to reference to (useful for pointer,…)
type_offset – type as offset in the compilation_unit

classmethod read_from_die(die, elf_object)[source]#

read an entry of DW_TAG_member_type. return None when there is no type attribute.

Parameters:: die (DIE) –

property type#: attribute to get the type of the member. Return None if the type is not loaded

static supported_die(die)#

Return type:: bool
Parameters:: die (DIE) –

class cle.backends.elf.compilation_unit.CompilationUnit(name, comp_dir, low_pc, high_pc, language, elf_object)[source]#

Bases: object

CompilationUnit for DWARF See http://dwarfstd.org/doc/DWARF5.pdf page 60

property min_addr#

property max_addr#

class cle.backends.named_region.NamedRegion(name, start, end, is_readable=True, is_writable=True, is_executable=False, **kwargs)[source]#

Bases: Backend

A NamedRegion represents a region of memory that has a name, a location, but no static content.

This region also has permissions; with no memory, these obviously don’t do anything on their own, but they help inform any other code that relies on CLE (e.g., angr)

This can be used as a placeholder for memory that should exist in CLE’s view, but for which it does not need data, like RAM, MMIO, etc

is_default = False#

has_memory = False#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

function_name(addr)[source]#: NamedRegions don’t support function names.

contains_addr(addr)[source]#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.pe.PE(*args, **kwargs)[source]#

Bases: Backend

Representation of a PE (i.e. Windows) binary.

is_default = True#

property segments: Regions#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

classmethod check_magic_compatibility(stream)[source]#: Check if a stream of bytes contains the same magic number as the main object

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

close()[source]#

get_symbol(name)[source]#: Look up the symbol with the given name. Symbols can be looked up by ordinal with the name "ordinal.%d" % num

addr_to_offset(addr)#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.pe.pe.PE(*args, **kwargs)[source]#

Bases: Backend

Representation of a PE (i.e. Windows) binary.

is_default = True#

property segments: Regions#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

classmethod check_magic_compatibility(stream)[source]#: Check if a stream of bytes contains the same magic number as the main object

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

close()[source]#

get_symbol(name)[source]#: Look up the symbol with the given name. Symbols can be looked up by ordinal with the name "ordinal.%d" % num

addr_to_offset(addr)#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.pe.symbol.WinSymbol(owner, name, addr, is_import, is_export, ordinal_number, forwarder)[source]#

Bases: Symbol

Represents a symbol for the PE format.

is_import = False#

is_export = False#

is_forward = False#

resolve_forwarder()[source]#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

is_common = False#

is_extern = False#

property is_function#: Whether this symbol is a function

is_local = False#

is_static = False#

is_weak = False#

property linked_addr#

property owner_obj#

property rebased_addr#: The address of this symbol in the global memory space

resolve(obj)#

property subtype: SymbolSubType#: A subclass’ ABI-specific types

property type: SymbolType#: The ABI-agnostic SymbolType. Must be overridden by derived types.

class cle.backends.pe.regions.PESection(pe_section, remap_offset=0)[source]#

Bases: Section

Represents a section for the PE format.

filesize: int#

property is_readable#: Whether this section has read permissions

property is_writable#: Whether this section has write permissions

property is_executable#: Whether this section has execute permissions

property only_contains_uninitialized_data#: Whether this section is initialized to zero after the executable is loaded.

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

memsize: int#

class cle.backends.macho.MachO(*args, **kwargs)[source]#

Bases: Backend

Mach-O binaries for CLE

is_default = True#

MH_MAGIC_64 = 4277009103#

MH_CIGAM_64 = 3489328638#

MH_MAGIC = 4277009102#

MH_CIGAM = 3472551422#

symbols: sortedcontainers.SortedKeyList[Symbol]#

lc_function_starts: Optional[List[int]]#

export_blob: Optional[bytes]#

binding_blob: Optional[bytes]#

lazy_binding_blob: Optional[bytes]#

weak_binding_blob: Optional[bytes]#

rebase_blob: Optional[bytes]#

strtab: Optional[bytes]#

ncmds: int#

sizeofcmds: int#

property macho_base: int#

property min_addr: int#: This returns the lowest virtual address contained in any loaded segment of the binary.

classmethod is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

is_thumb_interworking(address)[source]#: Returns true if the given address is a THUMB interworking address

decode_thumb_interworking(address)[source]#: Decodes a thumb interworking address

find_segment_by_name(name)[source]#

do_binding()[source]#

get_string(start)[source]#: Loads a string from the string table

parse_lc_str(f, start, limit=None)[source]#

Parses a lc_str data structure

Parameters:: limit (int | None) –

S = ~S#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

get_symbol_by_address_fuzzy(address)[source]#: Locates a symbol by checking the given address against sym.addr, sym.bind_xrefs and sym.symbol_stubs

get_symbol(name, include_stab=False, fuzzy=False)[source]#

Returns all symbols matching name.

Note that especially when include_stab=True there may be multiple symbols with the same name, therefore this method always returns an array.

Parameters:

name – the name of the symbol
include_stab – Include debugging symbols NOT RECOMMENDED
fuzzy – Replace exact match with “contains”-style match

get_symbol_by_insertion_order(idx)[source]#

Parameters:: idx (int) – idx when this symbol was inserted
Return type:: AbstractMachOSymbol
Returns:

get_segment_by_name(name)[source]#: Searches for a MachOSegment with the given name and returns it :type name: :param name: Name of the sought segment :return: MachOSegment or None

class cle.backends.macho.macho.MachO(*args, **kwargs)[source]#

Bases: Backend

Mach-O binaries for CLE

is_default = True#

MH_MAGIC_64 = 4277009103#

MH_CIGAM_64 = 3489328638#

MH_MAGIC = 4277009102#

MH_CIGAM = 3472551422#

symbols: sortedcontainers.SortedKeyList[Symbol]#

lc_function_starts: Optional[List[int]]#

export_blob: Optional[bytes]#

binding_blob: Optional[bytes]#

lazy_binding_blob: Optional[bytes]#

weak_binding_blob: Optional[bytes]#

rebase_blob: Optional[bytes]#

strtab: Optional[bytes]#

ncmds: int#

sizeofcmds: int#

property macho_base: int#

property min_addr: int#: This returns the lowest virtual address contained in any loaded segment of the binary.

classmethod is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

is_thumb_interworking(address)[source]#: Returns true if the given address is a THUMB interworking address

decode_thumb_interworking(address)[source]#: Decodes a thumb interworking address

find_segment_by_name(name)[source]#

do_binding()[source]#

get_string(start)[source]#: Loads a string from the string table

parse_lc_str(f, start, limit=None)[source]#

Parses a lc_str data structure

Parameters:: limit (int | None) –

S = ~S#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

get_symbol_by_address_fuzzy(address)[source]#: Locates a symbol by checking the given address against sym.addr, sym.bind_xrefs and sym.symbol_stubs

get_symbol(name, include_stab=False, fuzzy=False)[source]#

Returns all symbols matching name.

Note that especially when include_stab=True there may be multiple symbols with the same name, therefore this method always returns an array.

Parameters:

name – the name of the symbol
include_stab – Include debugging symbols NOT RECOMMENDED
fuzzy – Replace exact match with “contains”-style match

get_symbol_by_insertion_order(idx)[source]#

Parameters:: idx (int) – idx when this symbol was inserted
Return type:: AbstractMachOSymbol
Returns:

get_segment_by_name(name)[source]#: Searches for a MachOSegment with the given name and returns it :type name: :param name: Name of the sought segment :return: MachOSegment or None

class cle.backends.macho.macho.MachOSection(offset, vaddr, size, vsize, segname, sectname, align, reloff, nreloc, flags, r1, r2, parent_segment=None)[source]#

Bases: Section

Mach-O Section, only defined within the context of a Mach-O Segment.

offset is the offset into the file the region starts

vaddr (or just addr) is the virtual address

filesize (or just size) is the size of the region in the file

memsize (or vsize) is the size of the region when loaded into memory

segname is the corresponding segment’s name without padding

sectname is the section’s name without padding

align is the sections alignment as a power of 2

reloff is the file offset to the section’s relocation entries

nreloc is the number of relocation entries for this section

flags is a bit vector containing per-section flags

r1 and r2 are values for the reserved1 and reserved2 fields respectively

Parameters:

vaddr (int) –
parent_segment (MachOSegment | None) –

filesize: int#

memsize: int#

property type#

property attributes#

property is_readable#: Always true, because sections should always be readable :return:

property is_writable#: Returns the permission of the parent segment, because MachO sections simply inherit that :return:

property is_executable#: Returns the permission of the parent segment, because MachO sections simply inherit that :return:

property only_contains_uninitialized_data#: I actually don’t know if this is true, but it seems like a saner assumption than true :return:

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

class cle.backends.macho.macho.MachOSegment(offset, vaddr, size, vsize, segname, nsect, sections, flags, initprot, maxprot)[source]#

Bases: Segment

Mach-O Segment

offset is the offset into the file the region starts

vaddr (or just addr) is the virtual address

filesize (or just size) is the size of the region in the file

memsize (or vsize) is the size of the region when loaded into memory

segname is the segment’s name without padding

nsect is the number of sections contained in this segment

sections is an array of MachOSections

flags is a bit vector containing per-segment flags

initprot and maxprot are initial and maximum permissions respectively

Parameters:: vaddr (int) –

get_section_by_name(name)[source]#: Searches for a section by name within this segment :type name: :param name: Name of the section :return: MachOSection or None

property is_readable#

property is_writable#

property is_executable#

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

memsize: int#

filesize: int#

class cle.backends.macho.macho.SymbolList(iterable=None, key=<function identity>)[source]#

Bases: SortedKeyList

Special data structure that extends SortedKeyList to allow looking up a MachO library by name and ordinal quickly without having to iterate over the whole list

add(value)[source]#

Add value to sorted-key list.

Runtime complexity: O(log(n)) – approximate.

>>> from operator import neg
>>> skl = SortedKeyList(key=neg)
>>> skl.add(3)
>>> skl.add(1)
>>> skl.add(2)
>>> skl
SortedKeyList([3, 2, 1], key=<built-in function neg>)

Parameters:: value (AbstractMachOSymbol) – value to add to sorted-key list

get_by_name_and_ordinal(name, ordinal, include_stab=False)[source]#

Return type:

List[AbstractMachOSymbol]

Parameters:

name (str) –
ordinal (int) –

DEFAULT_LOAD_FACTOR = 1000#

append(value)#

Raise not-implemented error.

Implemented to override MutableSequence.append which provides an erroneous default implementation.

Raises:: NotImplementedError – use sl.add(value) instead

bisect(value)#

Return an index to insert value in the sorted-key list.

Similar to bisect_left, but if value is already present, the insertion point will be after (to the right of) any existing values.

Similar to the bisect module in the standard library.

Runtime complexity: O(log(n)) – approximate.

>>> from operator import neg
>>> skl = SortedList([5, 4, 3, 2, 1], key=neg)
>>> skl.bisect_right(1)
5

Parameters:: value – insertion index of value in sorted-key list
Returns:: index

bisect_key(key)#

Return an index to insert key in the sorted-key list.

Similar to bisect_key_left, but if key is already present, the insertion point will be after (to the right of) any existing keys.

Similar to the bisect module in the standard library.

Runtime complexity: O(log(n)) – approximate.

>>> from operator import neg
>>> skl = SortedList([5, 4, 3, 2, 1], key=neg)
>>> skl.bisect_key_right(-1)
5

Parameters:: key – insertion index of key in sorted-key list
Returns:: index

bisect_key_left(key)#

Return an index to insert key in the sorted-key list.

If the key is already present, the insertion point will be before (to the left of) any existing keys.

Similar to the bisect module in the standard library.

Runtime complexity: O(log(n)) – approximate.

>>> from operator import neg
>>> skl = SortedKeyList([5, 4, 3, 2, 1], key=neg)
>>> skl.bisect_key_left(-1)
4

Parameters:: key – insertion index of key in sorted-key list
Returns:: index

bisect_key_right(key)#

Return an index to insert key in the sorted-key list.

Similar to bisect_key_left, but if key is already present, the insertion point will be after (to the right of) any existing keys.

Similar to the bisect module in the standard library.

Runtime complexity: O(log(n)) – approximate.

>>> from operator import neg
>>> skl = SortedList([5, 4, 3, 2, 1], key=neg)
>>> skl.bisect_key_right(-1)
5

Parameters:: key – insertion index of key in sorted-key list
Returns:: index

bisect_left(value)#

Return an index to insert value in the sorted-key list.

If the value is already present, the insertion point will be before (to the left of) any existing values.

Similar to the bisect module in the standard library.

Runtime complexity: O(log(n)) – approximate.

>>> from operator import neg
>>> skl = SortedKeyList([5, 4, 3, 2, 1], key=neg)
>>> skl.bisect_left(1)
4

Parameters:: value – insertion index of value in sorted-key list
Returns:: index

bisect_right(value)#

Return an index to insert value in the sorted-key list.

Similar to bisect_left, but if value is already present, the insertion point will be after (to the right of) any existing values.

Similar to the bisect module in the standard library.

Runtime complexity: O(log(n)) – approximate.

>>> from operator import neg
>>> skl = SortedList([5, 4, 3, 2, 1], key=neg)
>>> skl.bisect_right(1)
5

Parameters:: value – insertion index of value in sorted-key list
Returns:: index

clear()#

Remove all values from sorted-key list.

Runtime complexity: O(n)

copy()#

Return a shallow copy of the sorted-key list.

Runtime complexity: O(n)

Returns:: new sorted-key list

count(value)#

Return number of occurrences of value in the sorted-key list.

Runtime complexity: O(log(n)) – approximate.

>>> from operator import neg
>>> skl = SortedKeyList([4, 4, 4, 4, 3, 3, 3, 2, 2, 1], key=neg)
>>> skl.count(2)
2

Parameters:: value – value to count in sorted-key list
Returns:: count

discard(value)#

Remove value from sorted-key list if it is a member.

If value is not a member, do nothing.

Runtime complexity: O(log(n)) – approximate.

>>> from operator import neg
>>> skl = SortedKeyList([5, 4, 3, 2, 1], key=neg)
>>> skl.discard(1)
>>> skl.discard(0)
>>> skl == [5, 4, 3, 2]
True

Parameters:: value – value to discard from sorted-key list

extend(values)#

Raise not-implemented error.

Implemented to override MutableSequence.extend which provides an erroneous default implementation.

Raises:: NotImplementedError – use sl.update(values) instead

index(value, start=None, stop=None)#

Return first index of value in sorted-key list.

Raise ValueError if value is not present.

Index must be between start and stop for the value to be considered present. The default value, None, for start and stop indicate the beginning and end of the sorted-key list.

Negative indices are supported.

Runtime complexity: O(log(n)) – approximate.

>>> from operator import neg
>>> skl = SortedKeyList([5, 4, 3, 2, 1], key=neg)
>>> skl.index(2)
3
>>> skl.index(0)
Traceback (most recent call last):
  ...
ValueError: 0 is not in list

Parameters:

value – value in sorted-key list
start (int) – start index (default None, start of sorted-key list)
stop (int) – stop index (default None, end of sorted-key list)

Returns:

index of value

Raises:

ValueError – if value is not present

insert(index, value)#

Raise not-implemented error.

Raises:: NotImplementedError – use sl.add(value) instead

irange(minimum=None, maximum=None, inclusive=(True, True), reverse=False)#

Create an iterator of values between minimum and maximum.

Both minimum and maximum default to None which is automatically inclusive of the beginning and end of the sorted-key list.

The argument inclusive is a pair of booleans that indicates whether the minimum and maximum ought to be included in the range, respectively. The default is (True, True) such that the range is inclusive of both minimum and maximum.

When reverse is True the values are yielded from the iterator in reverse order; reverse defaults to False.

>>> from operator import neg
>>> skl = SortedKeyList([11, 12, 13, 14, 15], key=neg)
>>> it = skl.irange(14.5, 11.5)
>>> list(it)
[14, 13, 12]

Parameters:

minimum – minimum value to start iterating
maximum – maximum value to stop iterating
inclusive – pair of booleans
reverse (bool) – yield values in reverse order

Returns:

iterator

irange_key(min_key=None, max_key=None, inclusive=(True, True), reverse=False)#

Create an iterator of values between min_key and max_key.

Both min_key and max_key default to None which is automatically inclusive of the beginning and end of the sorted-key list.

When reverse is True the values are yielded from the iterator in reverse order; reverse defaults to False.

>>> from operator import neg
>>> skl = SortedKeyList([11, 12, 13, 14, 15], key=neg)
>>> it = skl.irange_key(-14, -12)
>>> list(it)
[14, 13, 12]

Parameters:

min_key – minimum key to start iterating
max_key – maximum key to stop iterating
inclusive – pair of booleans
reverse (bool) – yield values in reverse order

Returns:

iterator

islice(start=None, stop=None, reverse=False)#

Return an iterator that slices sorted list from start to stop.

The start and stop index are treated inclusive and exclusive, respectively.

Both start and stop default to None which is automatically inclusive of the beginning and end of the sorted list.

When reverse is True the values are yielded from the iterator in reverse order; reverse defaults to False.

>>> sl = SortedList('abcdefghij')
>>> it = sl.islice(2, 6)
>>> list(it)
['c', 'd', 'e', 'f']

Parameters:

start (int) – start index (inclusive)
stop (int) – stop index (exclusive)
reverse (bool) – yield values in reverse order

Returns:

iterator

property key#: Function used to extract comparison key from values.

pop(index=-1)#

Remove and return value at index in sorted list.

Raise IndexError if the sorted list is empty or index is out of range.

Negative indices are supported.

Runtime complexity: O(log(n)) – approximate.

>>> sl = SortedList('abcde')
>>> sl.pop()
'e'
>>> sl.pop(2)
'c'
>>> sl
SortedList(['a', 'b', 'd'])

Parameters:: index (int) – index of value (default -1)
Returns:: value
Raises:: IndexError – if index is out of range

remove(value)#

Remove value from sorted-key list; value must be a member.

If value is not a member, raise ValueError.

Runtime complexity: O(log(n)) – approximate.

>>> from operator import neg
>>> skl = SortedKeyList([1, 2, 3, 4, 5], key=neg)
>>> skl.remove(5)
>>> skl == [4, 3, 2, 1]
True
>>> skl.remove(0)
Traceback (most recent call last):
  ...
ValueError: 0 not in list

Parameters:: value – value to remove from sorted-key list
Raises:: ValueError – if value is not in sorted-key list

reverse()#

Raise not-implemented error.

Sorted list maintains values in ascending sort order. Values may not be reversed in-place.

Use reversed(sl) for an iterator over values in descending sort order.

Implemented to override MutableSequence.reverse which provides an erroneous default implementation.

Raises:: NotImplementedError – use reversed(sl) instead

update(iterable)#

Update sorted-key list by adding all values from iterable.

Runtime complexity: O(k*log(n)) – approximate.

>>> from operator import neg
>>> skl = SortedKeyList(key=neg)
>>> skl.update([3, 1, 2])
>>> skl
SortedKeyList([3, 2, 1], key=<built-in function neg>)

Parameters:: iterable – iterable of values to add

class cle.backends.macho.symbol.AbstractMachOSymbol(owner, name, relative_addr, size, sym_type)[source]#

Bases: Symbol

Base class for Mach-O symbols. Defines the minimum common properties all types of mach-o symbols must have

Parameters:

owner (Backend) –
name (str) –
relative_addr (int) –
size (int) –
sym_type (SymbolType) –

property library_ordinal#

property is_stab#

property library_name#

is_common = False#

is_export = False#

is_extern = False#

is_forward = False#

property is_function#: Whether this symbol is a function

is_import = False#

is_local = False#

is_static = False#

is_weak = False#

property linked_addr#

property owner_obj#

property rebased_addr#: The address of this symbol in the global memory space

resolve(obj)#

resolve_forwarder()#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property subtype: SymbolSubType#: A subclass’ ABI-specific types

property type: SymbolType#: The ABI-agnostic SymbolType. Must be overridden by derived types.

class cle.backends.macho.symbol.SymbolTableSymbol(owner, symtab_offset, n_strx, n_type, n_sect, n_desc, n_value)[source]#

Bases: AbstractMachOSymbol

“Regular” symbol. Made to be (somewhat) compatible with backends.Symbol. A SymbolTableSymbol is an entry in the binary’s symbol table.

Note that ELF-specific fields from backends.Symbol are not used and semantics of the remaining fields differ in many cases. As a result most stock functionality from Angr and related libraries WILL NOT WORK PROPERLY on MachOSymbol.

Much of the code below is based on heuristics as official documentation is sparse, consider yourself warned!

Parameters:: owner (MachO) –

owner: MachO#

is_import = False#

is_export = False#

property library_name#

property segment_name#

property section_name#

property value#

property referenced_symbol_index#: For indirect symbols n_value contains an index into the string table indicating the referenced symbol’s name

is_weak()[source]#

bool(x) -> bool

Returns True when the argument x is true, False otherwise. The builtins True and False are the only two instances of the class bool. The class bool is a subclass of the class int, and cannot be subclassed.

property is_function#: Whether this symbol is a function

property rebased_addr#: The address of this symbol in the global memory space

property is_stab#

property is_private_external#

property is_external#

property sym_type#

property is_common#

bool(x) -> bool

property common_align#

property reference_type#

property library_ordinal#

property is_no_dead_strip#

property is_desc_discarded#

property is_weak_referenced#

property is_weak_defined#

property is_reference_to_weak#

property is_thumb_definition#

property is_symbol_resolver#

property is_alt_entry#

is_extern = False#

is_forward = False#

is_local = False#

is_static = False#

property linked_addr#

property owner_obj#

resolve(obj)#

resolve_forwarder()#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property subtype: SymbolSubType#: A subclass’ ABI-specific types

property type: SymbolType#: The ABI-agnostic SymbolType. Must be overridden by derived types.

class cle.backends.macho.symbol.DyldBoundSymbol(owner, name, lib_ordinal)[source]#

Bases: AbstractMachOSymbol

The new kind of symbol handling introduced with ios15

is_import = False#

is_export = False#

property library_name#

property is_function#: Whether this symbol is a function

property rebased_addr#: The address of this symbol in the global memory space

demangled_name()[source]#

property library_ordinal#

is_common = False#

is_extern = False#

is_forward = False#

is_local = False#

property is_stab#

is_static = False#

is_weak = False#

property linked_addr#

property owner_obj#

resolve(obj)#

resolve_forwarder()#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property subtype: SymbolSubType#: A subclass’ ABI-specific types

property type: SymbolType#: The ABI-agnostic SymbolType. Must be overridden by derived types.

class cle.backends.macho.symbol.BindingSymbol(owner, name, lib_ordinal)[source]#

Bases: AbstractMachOSymbol

“Binding” symbol. Made to be (somewhat) compatible with backends.Symbol. A BindingSymbol is an imported symbol discovered during the binding process.

Much of the code below is based on heuristics as official documentation is sparse, consider yourself warned!

is_import = False#

is_export = False#

property library_name#

property is_function#: Whether this symbol is a function

property rebased_addr#: The address of this symbol in the global memory space

demangled_name()[source]#

property library_ordinal#

is_common = False#

is_extern = False#

is_forward = False#

is_local = False#

property is_stab#

is_static = False#

is_weak = False#

property linked_addr#

property owner_obj#

resolve(obj)#

resolve_forwarder()#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property subtype: SymbolSubType#: A subclass’ ABI-specific types

property type: SymbolType#: The ABI-agnostic SymbolType. Must be overridden by derived types.

class cle.backends.macho.section.MachOSection(offset, vaddr, size, vsize, segname, sectname, align, reloff, nreloc, flags, r1, r2, parent_segment=None)[source]#

Bases: Section

Mach-O Section, only defined within the context of a Mach-O Segment.

offset is the offset into the file the region starts

vaddr (or just addr) is the virtual address

filesize (or just size) is the size of the region in the file

memsize (or vsize) is the size of the region when loaded into memory

segname is the corresponding segment’s name without padding

sectname is the section’s name without padding

align is the sections alignment as a power of 2

reloff is the file offset to the section’s relocation entries

nreloc is the number of relocation entries for this section

flags is a bit vector containing per-section flags

r1 and r2 are values for the reserved1 and reserved2 fields respectively

Parameters:

vaddr (int) –
parent_segment (MachOSegment | None) –

filesize: int#

memsize: int#

property type#

property attributes#

property is_readable#: Always true, because sections should always be readable :return:

property is_writable#: Returns the permission of the parent segment, because MachO sections simply inherit that :return:

property is_executable#: Returns the permission of the parent segment, because MachO sections simply inherit that :return:

property only_contains_uninitialized_data#: I actually don’t know if this is true, but it seems like a saner assumption than true :return:

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

class cle.backends.macho.segment.MachOSegment(offset, vaddr, size, vsize, segname, nsect, sections, flags, initprot, maxprot)[source]#

Bases: Segment

Mach-O Segment

offset is the offset into the file the region starts

vaddr (or just addr) is the virtual address

filesize (or just size) is the size of the region in the file

memsize (or vsize) is the size of the region when loaded into memory

segname is the segment’s name without padding

nsect is the number of sections contained in this segment

sections is an array of MachOSections

flags is a bit vector containing per-segment flags

initprot and maxprot are initial and maximum permissions respectively

Parameters:: vaddr (int) –

get_section_by_name(name)[source]#: Searches for a section by name within this segment :type name: :param name: Name of the section :return: MachOSection or None

property is_readable#

property is_writable#

property is_executable#

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

memsize: int#

filesize: int#

cle.backends.macho.binding.chh(x)[source]#

cle.backends.macho.binding.read_uleb(blob, offset)[source]#

Reads a number encoded as uleb128

Return type:

Tuple[int, int]

Parameters:

blob (bytes) –
offset (int) –

cle.backends.macho.binding.read_sleb(blob, offset)[source]#: Reads a number encoded as sleb128

class cle.backends.macho.binding.BindingState(is_64)[source]#

Bases: object

State object

add_address_ov(address, addend)[source]#: this is a very ugly klugde. It is needed because dyld relies on overflow semantics and represents several negative offsets through BIG ulebs

check_address_bounds()[source]#

class cle.backends.macho.binding.BindingHelper(binary)[source]#

Bases: object

Factors out binding logic from MachO. Intended to work in close conjunction with MachO not for standalone use

Parameters:: binary (MachO) –

binary: MachO#

do_normal_bind(blob)[source]#

Performs non-lazy, non-weak bindings :type blob: bytes :param blob: Blob containing binding opcodes

Parameters:: blob (bytes) –

do_lazy_bind(blob)[source]#: Performs lazy binding

cle.backends.macho.binding.n_opcode_done(s, _b, _i, _blob)[source]#

Return type:

Parameters:

s (BindingState) –
_b (MachO) –
_i (int) –
_blob (bytes) –

cle.backends.macho.binding.n_opcode_set_dylib_ordinal_imm(s, _b, i, _blob)[source]#

Return type:

Parameters:

s (BindingState) –
_b (MachO) –
i (int) –
_blob (bytes) –

cle.backends.macho.binding.n_opcode_set_dylib_ordinal_uleb(s, _b, _i, blob)[source]#

Return type:

Parameters:

s (BindingState) –
_b (MachO) –
_i (int) –
blob (bytes) –

cle.backends.macho.binding.n_opcode_set_dylib_special_imm(s, _b, i, _blob)[source]#

Return type:

Parameters:

s (BindingState) –
_b (MachO) –
i (int) –
_blob (bytes) –

cle.backends.macho.binding.n_opcode_set_trailing_flags_imm(s, _b, i, blob)[source]#

Return type:

Parameters:

s (BindingState) –
_b (MachO) –
i (int) –
blob (bytes) –

cle.backends.macho.binding.n_opcode_set_type_imm(s, _b, i, _blob)[source]#

Return type:

Parameters:

s (BindingState) –
_b (MachO) –
i (int) –
_blob (bytes) –

cle.backends.macho.binding.n_opcode_set_addend_sleb(s, _b, _i, blob)[source]#

Return type:

Parameters:

s (BindingState) –
_b (MachO) –
_i (int) –
blob (bytes) –

cle.backends.macho.binding.n_opcode_set_segment_and_offset_uleb(s, b, i, blob)[source]#

Return type:

Parameters:

s (BindingState) –
b (MachO) –
i (int) –
blob (bytes) –

cle.backends.macho.binding.l_opcode_set_segment_and_offset_uleb(s, b, i, blob)[source]#

Return type:

Parameters:

s (BindingState) –
b (MachO) –
i (int) –
blob (bytes) –

cle.backends.macho.binding.n_opcode_add_addr_uleb(s, _b, _i, blob)[source]#

Return type:

Parameters:

s (BindingState) –
_b (MachO) –
_i (int) –
blob (bytes) –

cle.backends.macho.binding.n_opcode_do_bind(s, b, _i, _blob)[source]#

Return type:

Parameters:

s (BindingState) –
b (MachO) –
_i (int) –
_blob (bytes) –

cle.backends.macho.binding.l_opcode_do_bind(s, b, _i, _blob)[source]#

Return type:

Parameters:

s (BindingState) –
b (MachO) –
_i (int) –
_blob (bytes) –

cle.backends.macho.binding.n_opcode_do_bind_add_addr_uleb(s, b, _i, blob)[source]#

Return type:

Parameters:

s (BindingState) –
b (MachO) –
_i (int) –
blob (bytes) –

cle.backends.macho.binding.n_opcode_do_bind_add_addr_imm_scaled(s, b, i, _blob)[source]#

Return type:

Parameters:

s (BindingState) –
b (MachO) –
i (int) –
_blob (bytes) –

cle.backends.macho.binding.n_opcode_do_bind_uleb_times_skipping_uleb(s, b, _i, blob)[source]#

Return type:

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L249-L254

Parameters:

s (BindingState) –
b (MachO) –
_i (int) –
blob (bytes) –

class cle.backends.macho.binding.MachORelocation(owner, symbol, relative_addr, data)[source]#

Bases: Relocation

Generic Relocation for MachO. For now it just deals with symbols

Parameters:

owner (Backend) –
symbol (AbstractMachOSymbol) –
relative_addr (int) –

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)[source]#

property dest_addr#: mach-o rebasing is hard to handle, so this behaviour differs from other relocations

property value#

AUTO_HANDLE_NONE = False#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

cle.backends.macho.binding.default_binding_handler(state, binary)[source]#

Binds location to the symbol with the given name and library ordinal

Parameters:

state (BindingState) –
binary (MachO) –

class cle.backends.macho.macho_load_commands.LoadCommands(value)[source]#

Bases: IntEnum

Enum for all the Load Commands used inside the MachO Binary

LC_REQ_DYLD = 2147483648#

LC_SEGMENT = 1#

LC_SYMTAB = 2#

LC_SYMSEG = 3#

LC_THREAD = 4#

LC_UNIXTHREAD = 5#

LC_LOADFVMLIB = 6#

LC_IDFVMLIB = 7#

LC_IDENT = 8#

LC_FVMFILE = 9#

LC_PREPAGE = 10#

LC_DYSYMTAB = 11#

LC_LOAD_DYLIB = 12#

LC_ID_DYLIB = 13#

LC_LOAD_DYLINKER = 14#

LC_ID_DYLINKER = 15#

LC_PREBOUND_DYLIB = 16#

LC_ROUTINES = 17#

LC_SUB_FRAMEWORK = 18#

LC_SUB_UMBRELLA = 19#

LC_SUB_CLIENT = 20#

LC_SUB_LIBRARY = 21#

LC_TWOLEVEL_HINTS = 22#

LC_PREBIND_CKSUM = 23#

LC_LOAD_WEAK_DYLIB = 2147483672#

LC_SEGMENT_64 = 25#

LC_ROUTINES_64 = 26#

LC_UUID = 27#

LC_RPATH = 2147483676#

LC_CODE_SIGNATURE = 29#

LC_SEGMENT_SPLIT_INFO = 30#

LC_REEXPORT_DYLIB = 2147483679#

LC_LAZY_LOAD_DYLIB = 32#

LC_ENCRYPTION_INFO = 33#

LC_DYLD_INFO = 34#

LC_DYLD_INFO_ONLY = 2147483682#

LC_LOAD_UPWARD_DYLIB = 2147483683#

LC_VERSION_MIN_MACOSX = 36#

LC_VERSION_MIN_IPHONEOS = 37#

LC_FUNCTION_STARTS = 38#

LC_DYLD_ENVIRONMENT = 39#

LC_MAIN = 2147483688#

LC_DATA_IN_CODE = 41#

LC_SOURCE_VERSION = 42#

LC_DYLIB_CODE_SIGN_DRS = 43#

LC_ENCRYPTION_INFO_64 = 44#

LC_LINKER_OPTION = 45#

LC_LINKER_OPTIMIZATION_HINT = 46#

LC_VERSION_MIN_TVOS = 47#

LC_VERSION_MIN_WATCHOS = 48#

LC_NOTE = 49#

LC_BUILD_VERSION = 50#

LC_DYLD_EXPORTS_TRIE = 2147483699#

LC_DYLD_CHAINED_FIXUPS = 2147483700#

class cle.backends.macho.structs.HelperStruct[source]#

Bases: Structure

Subclass of ctypes.Structure that adds a helpful repr method for debugging

class cle.backends.macho.structs.DyldImportFormats(value)[source]#

Bases: IntEnum

DYLD_CHAINED_IMPORT = 1#

DYLD_CHAINED_IMPORT_ADDEND = 2#

DYLD_CHAINED_IMPORT_ADDEND64 = 3#

class cle.backends.macho.structs.DyldChainedPtrFormats(value)[source]#

Bases: IntEnum

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L89-L104

DYLD_CHAINED_PTR_ARM64E = 1#

DYLD_CHAINED_PTR_64 = 2#

DYLD_CHAINED_PTR_32 = 3#

DYLD_CHAINED_PTR_32_CACHE = 4#

DYLD_CHAINED_PTR_32_FIRMWARE = 5#

DYLD_CHAINED_PTR_64_OFFSET = 6#

DYLD_CHAINED_PTR_ARM64E_KERNEL = 7#

DYLD_CHAINED_PTR_64_KERNEL_CACHE = 8#

DYLD_CHAINED_PTR_ARM64E_USERLAND = 9#

DYLD_CHAINED_PTR_ARM64E_FIRMWARE = 10#

DYLD_CHAINED_PTR_X86_64_KERNEL_CACHE = 11#

DYLD_CHAINED_PTR_ARM64E_USERLAND24 = 12#

class cle.backends.macho.structs.dyld_chained_ptr_arm64e_auth_rebase[source]#

Bases: HelperStruct

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L128-L138

class cle.backends.macho.structs.dyld_chained_ptr_arm64e_auth_bind[source]#

Bases: HelperStruct

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L140-L151

class cle.backends.macho.structs.dyld_chained_ptr_arm64e_rebase[source]#

Bases: HelperStruct

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L107-L115

class cle.backends.macho.structs.dyld_chained_ptr_arm64e_bind[source]#

Bases: HelperStruct

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L117-L126

class cle.backends.macho.structs.dyld_chained_ptr_arm64e_bind24[source]#

Bases: HelperStruct

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L164-L173

class cle.backends.macho.structs.dyld_chained_ptr_arm64e_auth_bind24[source]#

Bases: HelperStruct

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L175-L186

class cle.backends.macho.structs.Arm64e[source]#

Bases: Union

named after the Union Arm64e from dyld MachOLoaded.h https://github.com/apple-opensource/dyld/blob/852.2/dyld3/MachOLoaded.h#L89-L103

authRebase: dyld_chained_ptr_arm64e_auth_rebase#: Structure/Union member

authBind: dyld_chained_ptr_arm64e_auth_bind#: Structure/Union member

rebase: dyld_chained_ptr_arm64e_rebase#: Structure/Union member

bind: dyld_chained_ptr_arm64e_bind#: Structure/Union member

bind24: dyld_chained_ptr_arm64e_bind24#: Structure/Union member

authBind24: dyld_chained_ptr_arm64e_auth_bind24#: Structure/Union member

static check_valid_pointer_format(pointer_format)[source]#

helper to check if a pointer format is relevant for this :type pointer_format: DyldChainedPtrFormats :param pointer_format: :rtype: bool :return:

Parameters:: pointer_format (DyldChainedPtrFormats) –
Return type:: bool

class cle.backends.macho.structs.dyld_chained_ptr_64_rebase[source]#

Bases: HelperStruct

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L153-L161

target: int#: Structure/Union member

high8: int#: Structure/Union member

next: int#: Structure/Union member

bind: int#: Structure/Union member

property unpackedTarget#

class cle.backends.macho.structs.dyld_chained_ptr_64_bind[source]#

Bases: HelperStruct

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L189-L197

ordinal: int#: Structure/Union member

addend: int#: Structure/Union member

next: int#: Structure/Union member

bind: int#: Structure/Union member

class cle.backends.macho.structs.Generic64[source]#

Bases: Union

named after the Union Generic64 from dyld MachOLoaded.h https://github.com/apple-opensource/dyld/blob/852.2/dyld3/MachOLoaded.h#L105-L111

rebase: dyld_chained_ptr_64_rebase#: Structure/Union member

bind: dyld_chained_ptr_64_bind#: Structure/Union member

static check_valid_pointer_format(pointer_format)[source]#

Return type:: bool
Parameters:: pointer_format (DyldChainedPtrFormats) –

class cle.backends.macho.structs.ChainedFixupPointerOnDisk[source]#

Bases: Union

the ChainedFixupPointerOnDisk union from dyld MachOLoaded.h https://github.com/apple-opensource/dyld/blob/852.2/dyld3/MachOLoaded.h#L87-L141

generic64: Generic64#: Structure/Union member

arm64e: Arm64e#: Structure/Union member

isBind(pointer_format)[source]#

Port of ChainedFixupPointerOnDisk::isBind(uint16_t pointerFormat, uint32_t& bindOrdinal, int64_t& addend) https://github.com/apple-opensource/dyld/blob/852.2/dyld3/MachOLoaded.cpp#L1098-L1147 Returns None if not a bind (so if struct.isBind() works), :rtype: Optional[Tuple[int, int]] :return:

Parameters:: pointer_format (DyldChainedPtrFormats) –
Return type:: Tuple[int, int] | None

isRebase(pointer_format, preferredLoadAddress)[source]#

port of ChainedFixupPointerOnDisk::isRebase( uint16_t pointerFormat, uint64_t preferedLoadAddress, uint64_t& targetRuntimeOffset) https://github.com/apple-opensource/dyld/blob/852.2/dyld3/MachOLoaded.cpp#L1046-L1096 :type pointer_format: DyldChainedPtrFormats :param pointer_format: :type preferredLoadAddress: int :param preferredLoadAddress: I think that’s just the requested base address :rtype: Optional[int] :return:

Parameters:

pointer_format (DyldChainedPtrFormats) –
preferredLoadAddress (int) –

Return type:

int | None

class cle.backends.macho.structs.DyldImportStruct[source]#

Bases: HelperStruct

Meta Struct for the different kind of import structs and the fields they are all guaranteed to have

lib_ordinal: int#

weak_import: bool#

name_offset: int#

static get_struct(pointer)[source]#

Return type:: Type[DyldImportStruct]
Parameters:: pointer (DyldImportFormats) –

class cle.backends.macho.structs.dyld_chained_import[source]#

Bases: DyldImportStruct

Struct for symbol format DYLD_CHAINED_IMPORT

static get_struct(pointer)#

Return type:: Type[DyldImportStruct]
Parameters:: pointer (DyldImportFormats) –

lib_ordinal: int#: Structure/Union member

name_offset: int#: Structure/Union member

weak_import: bool#: Structure/Union member

class cle.backends.macho.structs.dyld_chained_import_addend[source]#

Bases: DyldImportStruct

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L264-L271

addend: int#: Structure/Union member

static get_struct(pointer)#

Return type:: Type[DyldImportStruct]
Parameters:: pointer (DyldImportFormats) –

lib_ordinal: int#: Structure/Union member

name_offset: int#: Structure/Union member

weak_import: bool#: Structure/Union member

class cle.backends.macho.structs.dyld_chained_import_addend64[source]#

Bases: DyldImportStruct

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L273-L281

addend: int#: Structure/Union member

static get_struct(pointer)#

Return type:: Type[DyldImportStruct]
Parameters:: pointer (DyldImportFormats) –

lib_ordinal: int#: Structure/Union member

name_offset: int#: Structure/Union member

reserved#: Structure/Union member

weak_import: bool#: Structure/Union member

class cle.backends.macho.structs.dyld_chained_fixups_header[source]#

Bases: HelperStruct

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L36-L46

fixups_version: int#: Structure/Union member

starts_offset: int#: Structure/Union member

imports_offset: int#: Structure/Union member

symbols_offset: int#: Structure/Union member

imports_count: int#: Structure/Union member

imports_format: DyldImportFormats#: Structure/Union member

symbols_format: int#: Structure/Union member

class cle.backends.macho.structs.dyld_chained_starts_in_image[source]#

Bases: Structure

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L48-L54

seg_count: int#: Structure/Union member

seg_info_offset: Array#: Structure/Union member

class cle.backends.macho.structs.dyld_chained_starts_in_segment[source]#

Bases: HelperStruct

https://github.com/apple-opensource/dyld/blob/852.2/include/mach-o/fixup-chains.h#L56-L72

page_size: int#: Structure/Union member

segment_offset: int#: Structure/Union member

max_valid_pointer: int#: Structure/Union member

page_count: int#: Structure/Union member

page_start: int#: Structure/Union member

property pointer_format: DyldChainedPtrFormats#

exception cle.backends.minidump.MinidumpMissingStreamError(stream, message=None)[source]#

Bases: Exception

args#

with_traceback()#: Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.

class cle.backends.minidump.Minidump(*args, **kwargs)[source]#

Bases: Backend

is_default = True#

close()[source]#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)[source]#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

get_thread_registers_by_id(thread_id)[source]#

class cle.backends.cgc.CGC(binary, binary_stream, *args, **kwargs)[source]#

Bases: ELF

Backend to support the CGC elf format used by the Cyber Grand Challenge competition.

See : https://github.com/CyberGrandChallenge/libcgcef/blob/master/cgc_executable_format.md

is_default = True#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

supported_filetypes = ['cgc']#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_arch(reader)#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(symid, symbol_table=None)#

Gets a Symbol object for the specified symbol.

Parameters:: symid – Either an index into .dynsym or the name of a symbol.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

property plt#: Maps names to addresses.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property reverse_plt#: Maps addresses to names.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

property symbols_by_name#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

variables: Optional[List[Variable]]#

compilation_units: Optional[List[CompilationUnit]]#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.cgc.BackedCGC(*args, memory_backer=None, register_backer=None, writes_backer=None, permissions_map=None, current_allocation_base=None, **kwargs)[source]#

Bases: CGC

This is a backend for CGC executables that allows user provide a memory backer and a register backer as the initial state of the running binary.

is_default = True#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

thread_registers(thread=None)[source]#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_arch(reader)#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(symid, symbol_table=None)#

Gets a Symbol object for the specified symbol.

Parameters:: symid – Either an index into .dynsym or the name of a symbol.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

property plt#: Maps names to addresses.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property reverse_plt#: Maps addresses to names.

property sections#

property segments: Regions#

set_arch(arch)#

supported_filetypes = ['cgc']#

property symbols_by_addr#

property symbols_by_name#

loader: Loader#

variables: Optional[List[Variable]]#

compilation_units: Optional[List[CompilationUnit]]#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.cgc.cgc.CGC(binary, binary_stream, *args, **kwargs)[source]#

Bases: ELF

Backend to support the CGC elf format used by the Cyber Grand Challenge competition.

See : https://github.com/CyberGrandChallenge/libcgcef/blob/master/cgc_executable_format.md

is_default = True#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

supported_filetypes = ['cgc']#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_arch(reader)#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(symid, symbol_table=None)#

Gets a Symbol object for the specified symbol.

Parameters:: symid – Either an index into .dynsym or the name of a symbol.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

property plt#: Maps names to addresses.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property reverse_plt#: Maps addresses to names.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

property symbols_by_name#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

variables: Optional[List[Variable]]#

compilation_units: Optional[List[CompilationUnit]]#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.cgc.backedcgc.FakeSegment(start, size)[source]#

Bases: Segment

property is_readable: bool#

property is_writable: bool#

property is_executable: bool#

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

memsize: int#

filesize: int#

class cle.backends.cgc.backedcgc.BackedCGC(*args, memory_backer=None, register_backer=None, writes_backer=None, permissions_map=None, current_allocation_base=None, **kwargs)[source]#

Bases: CGC

This is a backend for CGC executables that allows user provide a memory backer and a register backer as the initial state of the running binary.

is_default = True#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

thread_registers(thread=None)[source]#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_arch(reader)#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(symid, symbol_table=None)#

Gets a Symbol object for the specified symbol.

Parameters:: symid – Either an index into .dynsym or the name of a symbol.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property is_ppc64_abiv1#

Returns whether the arch is PowerPC64 ABIv1.

Returns:: True if PowerPC64 ABIv1, False otherwise.

property is_ppc64_abiv2#

Returns whether the arch is PowerPC64 ABIv2.

Returns:: True if PowerPC64 ABIv2, False otherwise.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

property plt#: Maps names to addresses.

property ppc64_initial_rtoc#: Get initial rtoc value for PowerPC64 architecture.

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property reverse_plt#: Maps addresses to names.

property sections#

property segments: Regions#

set_arch(arch)#

supported_filetypes = ['cgc']#

property symbols_by_addr#

property symbols_by_name#

loader: Loader#

variables: Optional[List[Variable]]#

compilation_units: Optional[List[CompilationUnit]]#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.blob.Blob(*args, offset=None, segments=None, **kwargs)[source]#

Bases: Backend

Representation of a binary blob, i.e. an executable in an unknown file format.

is_default = True#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

function_name(addr)[source]#: Blobs don’t support function names.

contains_addr(addr)[source]#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

in_which_segment(addr)[source]#: Blobs don’t support segments.

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

addr_to_offset(addr)#

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.ihex.Hex(*args, **kwargs)[source]#

Bases: Backend

A loader for Intel Hex Objects See https://en.wikipedia.org/wiki/Intel_HEX

is_default = True#

static parse_record(line)[source]#

static coalesce_regions(regions)[source]#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

class cle.backends.binja.BinjaSymbol(owner, sym)[source]#

Bases: Symbol

BINJA_FUNC_SYM_TYPES = []#

BINJA_DATA_SYM_TYPES = []#

BINJA_IMPORT_TYPES = []#

is_import = False#

is_common = False#

is_export = False#

is_extern = False#

is_forward = False#

property is_function#: Whether this symbol is a function

is_local = False#

is_static = False#

is_weak = False#

property linked_addr#

property owner_obj#

property rebased_addr#: The address of this symbol in the global memory space

resolve(obj)#

resolve_forwarder()#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property subtype: SymbolSubType#: A subclass’ ABI-specific types

property type: SymbolType#: The ABI-agnostic SymbolType. Must be overridden by derived types.

class cle.backends.binja.BinjaReloc(owner, symbol, relative_addr)[source]#

Bases: Relocation

Parameters:

owner (Backend) –
symbol (Symbol) –
relative_addr (int) –

property value#

AUTO_HANDLE_NONE = False#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

class cle.backends.binja.BinjaBin(binary, *args, **kwargs)[source]#

Bases: Backend

Get information from binaries using Binary Ninja. Basing this on idabin.py, but will try to be more complete. TODO: add more features as Binary Ninja’s feature set improves

is_default = True#

BINJA_ARCH_MAP = {'aarch64': <Arch AARCH64 (LE)>, 'armv7': <Arch ARMEL (LE)>, 'armv7eb': <Arch ARMEL (BE)>, 'mips32': <Arch MIPS32 (BE)>, 'mipsel32': <Arch MIPS32 (LE)>, 'ppc': <Arch PPC32 (BE)>, 'ppc_le': <Arch PPC32 (LE)>, 'thumb2': <Arch ARMEL (LE)>, 'thumb2eb': <Arch ARMEL (BE)>, 'x86': <Arch X86 (LE)>, 'x86_64': <Arch AMD64 (LE)>}#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

in_which_segment(addr)[source]#: Return the segment name at address addr.

get_symbol_addr(sym)[source]#

Get the address of the symbol sym from IDA.

Returns:: An address.

function_name(addr)[source]#: Return the function name at address addr.

property min_addr#

this is probably not “right”)

Type:: Get the min address of the binary. (note

property max_addr#: Get the max address of the binary.

property entry#

get_strings()[source]#

Extract strings from binary (Binary Ninja).

Returns:: An array of strings.

set_got_entry(name, newaddr)[source]#: Resolve import name with address newaddr. That is, update the GOT entry for name with newaddr.

close()[source]#: Release the BinaryView we created in __init__ :return: None

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.externs.ExternSegment(map_size)[source]#

Bases: Segment

addr_to_offset(addr)[source]#: Convert a virtual memory address into a file offset

offset_to_addr(offset)[source]#: Convert a file offset into a virtual memory address

contains_offset(offset)[source]#: Does this region contain this offset into the file?

is_readable = True#

is_writable = True#

is_executable = True#

contains_addr(addr)#: Does this region contain this virtual address?

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

vaddr: int#

memsize: int#

filesize: int#

class cle.backends.externs.TOCRelocation(owner, symbol, relative_addr)[source]#

Bases: Relocation

Parameters:

owner (Backend) –
symbol (Symbol) –
relative_addr (int) –

property value#

AUTO_HANDLE_NONE = False#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.externs.ExternObject(loader, map_size=0, tls_size=0)[source]#

Bases: Backend

rebase(new_base)[source]#: Rebase backend’s regions to the new base where they were mapped by the loader

make_extern(name, size=0, alignment=None, thumb=False, sym_type=SymbolType.TYPE_FUNCTION, point_to=None, libname=None)[source]#

Return type:: Symbol

get_pseudo_addr(name)[source]#

Return type:: int

allocate(size=1, alignment=8, thumb=False, tls=False)[source]#

Return type:: int

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

make_import(name, sym_type)[source]#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

classmethod is_compatible(stream)#: Determine quickly whether this backend can load an object from this stream

is_default = False#

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.externs.KernelObject(loader, map_size=32768)[source]#

Bases: Backend

add_name(name, addr)[source]#

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

classmethod is_compatible(stream)#: Determine quickly whether this backend can load an object from this stream

is_default = False#

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.externs.PointToPrecise(owner, name, relative_addr, size, sym_type)[source]#

Bases: PointTo

Parameters:

owner (Backend) –
name (str) –
relative_addr (int) –
size (int) –
sym_type (SymbolType) –

pointto_precise = None#

relocations()[source]#: Maybe implement me: If you like, return a list of relocation objects to apply. To create new import symbols, use self.owner.make_extern_import.

addend: int = 0#

is_common = False#

is_export = False#

is_extern = False#

is_forward = False#

property is_function#: Whether this symbol is a function

is_import = False#

is_local = False#

is_static = False#

is_weak = False#

libname: str = NotImplemented#

property linked_addr#

name: str = NotImplemented#

property owner_obj#

pointto_name: str = NotImplemented#

pointto_type: SymbolType = NotImplemented#

property rebased_addr#: The address of this symbol in the global memory space

resolve(obj)#

resolve_forwarder()#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

classmethod static_size(owner)#

Implement me: return the size of the symbol in bytes before it gets constructed

Parameters:: owner – The ExternObject owning the symbol-to-be. Useful to get at owner.arch.

property subtype: SymbolSubType#: A subclass’ ABI-specific types

type: SymbolType = 3#

value()#: Implement me: the initial value of the bytes in memory for the symbol. Should return a bytestring of the same length as static_size returned. (owner is self.owner now)

class cle.backends.externs.simdata.SimData(owner, name, relative_addr, size, sym_type)[source]#

Bases: Symbol

A SimData class is used to provide data when there is an unresolved data import symbol.

To use it, subclass this class and implement the below attributes and methods.

Variables:

name – The name of the symbol to provide
libname – The name of the library from which the symbol originally comes (currently unused).
type – The type of the symbol, usually SymbolType.TYPE_OBJECT.

Parameters:

owner (Backend) –
name (str) –
relative_addr (int) –
size (int) –
sym_type (SymbolType) –

Use the below register method to register SimData subclasses with CLE.

NOTE: SimData.type hides the Symbol.type instance property

name: str = NotImplemented#

type: SymbolType = NotImplemented#

libname: str = NotImplemented#

classmethod static_size(owner)[source]#

Implement me: return the size of the symbol in bytes before it gets constructed

Parameters:: owner – The ExternObject owning the symbol-to-be. Useful to get at owner.arch.
Return type:: int

value()[source]#

Implement me: the initial value of the bytes in memory for the symbol. Should return a bytestring of the same length as static_size returned. (owner is self.owner now)

Return type:: bytes

relocations()[source]#

Maybe implement me: If you like, return a list of relocation objects to apply. To create new import symbols, use self.owner.make_extern_import.

Return type:: List[Relocation]

is_common = False#

is_export = False#

is_extern = False#

is_forward = False#

property is_function#: Whether this symbol is a function

is_import = False#

is_local = False#

is_static = False#

is_weak = False#

property linked_addr#

property owner_obj#

property rebased_addr#: The address of this symbol in the global memory space

resolve(obj)#

resolve_forwarder()#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property subtype: SymbolSubType#: A subclass’ ABI-specific types

cle.backends.externs.simdata.lookup(name, libname)[source]#

Return type:: Optional[Type[SimData]]
Parameters:: name (str) –

cle.backends.externs.simdata.register(simdata_cls)[source]#

Parameters:: simdata_cls (Type[SimData]) –

class cle.backends.externs.simdata.simdata.SimData(owner, name, relative_addr, size, sym_type)[source]#

Bases: Symbol

A SimData class is used to provide data when there is an unresolved data import symbol.

To use it, subclass this class and implement the below attributes and methods.

Variables:

name – The name of the symbol to provide
libname – The name of the library from which the symbol originally comes (currently unused).
type – The type of the symbol, usually SymbolType.TYPE_OBJECT.

Parameters:

owner (Backend) –
name (str) –
relative_addr (int) –
size (int) –
sym_type (SymbolType) –

Use the below register method to register SimData subclasses with CLE.

NOTE: SimData.type hides the Symbol.type instance property

name: str = NotImplemented#

type: SymbolType = NotImplemented#

libname: str = NotImplemented#

classmethod static_size(owner)[source]#

Implement me: return the size of the symbol in bytes before it gets constructed

Parameters:: owner – The ExternObject owning the symbol-to-be. Useful to get at owner.arch.
Return type:: int

value()[source]#

Implement me: the initial value of the bytes in memory for the symbol. Should return a bytestring of the same length as static_size returned. (owner is self.owner now)

Return type:: bytes

relocations()[source]#

Maybe implement me: If you like, return a list of relocation objects to apply. To create new import symbols, use self.owner.make_extern_import.

Return type:: List[Relocation]

is_common = False#

is_export = False#

is_extern = False#

is_forward = False#

property is_function#: Whether this symbol is a function

is_import = False#

is_local = False#

is_static = False#

is_weak = False#

property linked_addr#

property owner_obj#

property rebased_addr#: The address of this symbol in the global memory space

resolve(obj)#

resolve_forwarder()#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property subtype: SymbolSubType#: A subclass’ ABI-specific types

cle.backends.externs.simdata.simdata.register(simdata_cls)[source]#

Parameters:: simdata_cls (Type[SimData]) –

cle.backends.externs.simdata.simdata.lookup(name, libname)[source]#

Return type:: Optional[Type[SimData]]
Parameters:: name (str) –

class cle.backends.externs.simdata.common.StaticData(owner, name, relative_addr, size, sym_type)[source]#

Bases: SimData

A simple SimData utility class to use when you have a SimData which should provide just a static set of bytes. To use, implement the following:

Variables:

name – The name of the symbol to provide.
libname – The name of the library from which the symbol originally comes (currently unused).
data – The bytes to provide

Parameters:

owner (Backend) –
name (str) –
relative_addr (int) –
size (int) –
sym_type (SymbolType) –

type: SymbolType = 3#

data: bytes = NotImplemented#

classmethod static_size(owner)[source]#

Implement me: return the size of the symbol in bytes before it gets constructed

Parameters:: owner – The ExternObject owning the symbol-to-be. Useful to get at owner.arch.

value()[source]#: Implement me: the initial value of the bytes in memory for the symbol. Should return a bytestring of the same length as static_size returned. (owner is self.owner now)

is_common = False#

is_export = False#

is_extern = False#

is_forward = False#

property is_function#: Whether this symbol is a function

is_import = False#

is_local = False#

is_static = False#

is_weak = False#

libname: str = NotImplemented#

property linked_addr#

name: str = NotImplemented#

property owner_obj#

property rebased_addr#: The address of this symbol in the global memory space

relocations()#

Maybe implement me: If you like, return a list of relocation objects to apply. To create new import symbols, use self.owner.make_extern_import.

Return type:: List[Relocation]

resolve(obj)#

resolve_forwarder()#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property subtype: SymbolSubType#: A subclass’ ABI-specific types

class cle.backends.externs.simdata.common.StaticWord(owner, name, relative_addr, size, sym_type)[source]#

Bases: SimData

A simple SimData utility class to use when you have a SimData which should provide just a static integer. To use, implement the following:

Variables:

name – The name of the symbol to provide.
libname – The name of the library from which the symbol originally comes (currently unused).
word – The value to provide
wordsize – (optional) The size of the value in bytes, default the CPU wordsize

Parameters:

owner (Backend) –
name (str) –
relative_addr (int) –
size (int) –
sym_type (SymbolType) –

type: SymbolType = 3#

word: int = NotImplemented#

wordsize: int = None#

classmethod static_size(owner)[source]#

Implement me: return the size of the symbol in bytes before it gets constructed

Parameters:: owner – The ExternObject owning the symbol-to-be. Useful to get at owner.arch.

value()[source]#: Implement me: the initial value of the bytes in memory for the symbol. Should return a bytestring of the same length as static_size returned. (owner is self.owner now)

is_common = False#

is_export = False#

is_extern = False#

is_forward = False#

property is_function#: Whether this symbol is a function

is_import = False#

is_local = False#

is_static = False#

is_weak = False#

libname: str = NotImplemented#

property linked_addr#

name: str = NotImplemented#

property owner_obj#

property rebased_addr#: The address of this symbol in the global memory space

relocations()#

Maybe implement me: If you like, return a list of relocation objects to apply. To create new import symbols, use self.owner.make_extern_import.

Return type:: List[Relocation]

resolve(obj)#

resolve_forwarder()#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property subtype: SymbolSubType#: A subclass’ ABI-specific types

class cle.backends.externs.simdata.common.PointTo(owner, name, relative_addr, size, sym_type)[source]#

Bases: SimData

A simple SimData utility class to use when you have a SimData which should provide just a pointer to some other symbol. To use, implement the following:

Variables:

name – The name of the symbol to provide.
libname – The name of the library from which the symbol originally comes (currently unused).
pointto_name – The name of the symbol to point to
pointto_type – The type of the symbol to point to (usually SymbolType.TYPE_FUNCTION or SymbolType.TYPE_OBJECT)
addend – (optional) an integer to be added to the symbol’s address before storage

Parameters:

owner (Backend) –
name (str) –
relative_addr (int) –
size (int) –
sym_type (SymbolType) –

pointto_name: str = NotImplemented#

pointto_type: SymbolType = NotImplemented#

type: SymbolType = 3#

addend: int = 0#

classmethod static_size(owner)[source]#

Implement me: return the size of the symbol in bytes before it gets constructed

Parameters:: owner – The ExternObject owning the symbol-to-be. Useful to get at owner.arch.

value()[source]#: Implement me: the initial value of the bytes in memory for the symbol. Should return a bytestring of the same length as static_size returned. (owner is self.owner now)

relocations()[source]#: Maybe implement me: If you like, return a list of relocation objects to apply. To create new import symbols, use self.owner.make_extern_import.

is_common = False#

is_export = False#

is_extern = False#

is_forward = False#

property is_function#: Whether this symbol is a function

is_import = False#

is_local = False#

is_static = False#

is_weak = False#

libname: str = NotImplemented#

property linked_addr#

name: str = NotImplemented#

property owner_obj#

property rebased_addr#: The address of this symbol in the global memory space

resolve(obj)#

resolve_forwarder()#: If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found

property subtype: SymbolSubType#: A subclass’ ABI-specific types

class cle.backends.externs.simdata.common.SimDataSimpleRelocation(owner, symbol, addr, addend, preresolved=False)[source]#

Bases: Relocation

A relocation used to implement PointTo. Pretty simple.

resolve_symbol(solist, **kwargs)[source]#

property value#

AUTO_HANDLE_NONE = False#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

Constant values for lifecycle of Apk.

class cle.backends.java.apk.Apk(apk_path, binary_stream, entry_point=None, entry_point_params=(), android_sdk=None, supported_jni_archs=None, jni_libs=None, jni_libs_ld_path=None, **options)[source]#

Bases: Soot

Backend for lifting Apk’s to Soot.

is_default = True#

get_callbacks(class_name, callback_names)[source]#

Get callback methods from the name of callback methods.

Parameters:

class_name (str) – Name of the class.
callback_names (List[str]) – Name list of the callbacks.

Returns:

The method object which is callback.

Return type:

list[pysoot.sootir.soot_method.SootMethod]

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

property classes#

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_soot_class(cls_name, none_if_missing=False)#

Get Soot class object.

Parameters:: cls_name (str) – Name of the class.
Returns:: The class object.
Return type:: pysoot.soot.SootClass

get_soot_method(thing, class_name=None, params=(), none_if_missing=False)#

Get Soot method object.

Parameters:

thing – Descriptor or the method, or name of the method.
class_name (str) – Name of the class. If not specified, class name can be parsed from method_name.

Returns:

Soot method that satisfy the criteria.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

static is_zip_archive(stream)#

property main_methods#

Find all Main methods in this binary.

Returns:: All main methods in each class.
Return type:: iterator

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

class cle.backends.java.jar.Jar(jar_path, binary_stream, entry_point=None, entry_point_params=('java.lang.String[]',), jni_libs=None, jni_libs_ld_path=None, **kwargs)[source]#

Bases: Soot

Backend for lifting JARs to Soot.

is_default = True#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

get_manifest(binary_path=None)[source]#

Load the MANIFEST.MF file

Returns:: A dict of meta info
Return type:: dict

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

property classes#

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_soot_class(cls_name, none_if_missing=False)#

Get Soot class object.

Parameters:: cls_name (str) – Name of the class.
Returns:: The class object.
Return type:: pysoot.soot.SootClass

get_soot_method(thing, class_name=None, params=(), none_if_missing=False)#

Get Soot method object.

Parameters:

thing – Descriptor or the method, or name of the method.
class_name (str) – Name of the class. If not specified, class name can be parsed from method_name.

Returns:

Soot method that satisfy the criteria.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

static is_zip_archive(stream)#

property main_methods#

Find all Main methods in this binary.

Returns:: All main methods in each class.
Return type:: iterator

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.java.soot.Soot(*args, entry_point=None, entry_point_params=(), input_format=None, additional_jars=None, additional_jar_roots=None, jni_libs_ld_path=None, jni_libs=None, android_sdk=None, **kwargs)[source]#

Bases: Backend

The basis backend for lifting and loading bytecode from JARs and APKs to Soot IR.

Note that self.min_addr will be 0 and self.max_addr will be 1. Hopefully no other object will be mapped at address 0.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property entry#

property classes#

get_soot_class(cls_name, none_if_missing=False)[source]#

Get Soot class object.

Parameters:: cls_name (str) – Name of the class.
Returns:: The class object.
Return type:: pysoot.soot.SootClass

get_soot_method(thing, class_name=None, params=(), none_if_missing=False)[source]#

Get Soot method object.

Parameters:

thing – Descriptor or the method, or name of the method.
class_name (str) – Name of the class. If not specified, class name can be parsed from method_name.

Returns:

Soot method that satisfy the criteria.

property main_methods#

Find all Main methods in this binary.

Returns:: All main methods in each class.
Return type:: iterator

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

classmethod is_compatible(stream)#: Determine quickly whether this backend can load an object from this stream

is_default = False#

static is_zip_archive(stream)[source]#

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.xbe.XBESection(name, file_offset, file_size, virtual_addr, virtual_size, xbe_sec)[source]#

Bases: Section

filesize: int#

property is_readable#: Whether this section has read permissions

property is_writable#: Whether this section has write permissions

property is_executable#: Whether this section has execute permissions

property only_contains_uninitialized_data#: We load every section in, they’re all initialized

addr_to_offset(addr)#: Convert a virtual memory address into a file offset

contains_addr(addr)#: Does this region contain this virtual address?

contains_offset(offset)#: Does this region contain this offset into the file?

property max_addr#: The maximum virtual address of this region

property max_offset#: The maximum file offset of this region

property min_addr#: The minimum virtual address of this region

min_offset()#: The minimum file offset of this region

offset_to_addr(offset)#: Convert a file offset into a virtual memory address

vaddr: int#

memsize: int#

class cle.backends.xbe.XBE(*args, **kwargs)[source]#

Bases: Backend

The main loader class for statically loading XBE executables.

is_default = True#

close()[source]#

static is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)[source]#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.static_archive.StaticArchive(*args, **kwargs)[source]#

Bases: Backend

classmethod is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

is_default = True#

arch: Optional[archinfo.Arch]#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

exception cle.backends.uefi_firmware.UefiDriverLoadError[source]#

Bases: Exception

This error is raised (and caught internally) if the data contained in the UEFI entity tree doesn’t make sense.

args#

with_traceback()#: Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.

class cle.backends.uefi_firmware.UefiFirmware(*args, **kwargs)[source]#

Bases: Backend

A UEFI firmware blob loader. Support is provided by the uefi_firmware package.

is_default = True#

classmethod is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

arch: Optional[archinfo.Arch]#

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.uefi_firmware.UefiModulePending(name=None, pe_image=None, te_image=None)[source]#

Bases: object

A worklist entry for the UEFI firmware loader.

Parameters:

name (str | None) –
pe_image (bytes | None) –
te_image (bytes | None) –

name: Optional[str] = None#

pe_image: Optional[bytes] = None#

te_image: Optional[bytes] = None#

build(parent, guid)[source]#

Return type:

UefiModuleMixin

Parameters:

parent (UefiFirmware) –
guid (UUID) –

class cle.backends.uefi_firmware.UefiModuleMixin(*args, guid, name, **kwargs)[source]#

Bases: Backend

A mixin to make other kinds of backends load as UEFI modules.

Parameters:

guid (UUID) –
name (str | None) –

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

classmethod is_compatible(stream)#: Determine quickly whether this backend can load an object from this stream

is_default = False#

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.uefi_firmware.UefiPE(*args, guid, name, **kwargs)[source]#

Bases: UefiModuleMixin, PE

A PE file contained in a UEFI image.

Parameters:

guid (UUID) –
name (str | None) –

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Look up the symbol with the given name. Symbols can be looked up by ordinal with the name "ordinal.%d" % num

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

static is_compatible(stream)#: Determine quickly whether this backend can load an object from this stream

is_default = True#

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.uefi_firmware.UefiTE(*args, guid, name, **kwargs)[source]#

Bases: UefiModuleMixin, TE

A TE file contained in a UEFI image.

Parameters:

guid (UUID) –
name (str | None) –

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

classmethod is_compatible(stream)#: Determine quickly whether this backend can load an object from this stream

is_default = True#

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

class cle.backends.te.HeaderType(signature, machine, number_of_sections, subsystem, stripped_size, address_of_entry_point, base_of_code, image_base, data_directory_0_virtual_address, data_directory_0_size, data_directory_1_virtual_address, data_directory_1_size)#

Bases: tuple

address_of_entry_point#: Alias for field number 5

base_of_code#: Alias for field number 6

count(value, /)#: Return number of occurrences of value.

data_directory_0_size#: Alias for field number 9

data_directory_0_virtual_address#: Alias for field number 8

data_directory_1_size#: Alias for field number 11

data_directory_1_virtual_address#: Alias for field number 10

image_base#: Alias for field number 7

index(value, start=0, stop=9223372036854775807, /)#

Return first index of value.

Raises ValueError if the value is not present.

machine#: Alias for field number 1

number_of_sections#: Alias for field number 2

signature#: Alias for field number 0

stripped_size#: Alias for field number 4

subsystem#: Alias for field number 3

class cle.backends.te.SectionHeaderType(section_name, physical_address_virtual_size, virtual_address, size_of_raw_data, pointer_to_raw_data, pointer_to_relocations, pointer_to_line_numbers, number_of_relocations, number_of_line_numbers, characteristics)#

Bases: tuple

characteristics#: Alias for field number 9

count(value, /)#: Return number of occurrences of value.

index(value, start=0, stop=9223372036854775807, /)#

Return first index of value.

Raises ValueError if the value is not present.

number_of_line_numbers#: Alias for field number 8

number_of_relocations#: Alias for field number 7

physical_address_virtual_size#: Alias for field number 1

pointer_to_line_numbers#: Alias for field number 6

pointer_to_raw_data#: Alias for field number 4

pointer_to_relocations#: Alias for field number 5

section_name#: Alias for field number 0

size_of_raw_data#: Alias for field number 3

virtual_address#: Alias for field number 2

class cle.backends.te.TE(*args, **kwargs)[source]#

Bases: Backend

A “Terse Executable” format image, commonly used as part of UEFI firmware drivers.

is_default = True#

classmethod is_compatible(stream)[source]#: Determine quickly whether this backend can load an object from this stream

addr_to_offset(addr)#

classmethod check_compatibility(spec, obj)#: Performs a minimal static load of spec and returns whether it’s compatible with other_obj

classmethod check_magic_compatibility(stream)#: Check if a stream of bytes contains the same magic number as the main object

close()#

contains_addr(addr)#: Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#

static extract_soname(path)#: Extracts the shared object identifier from the path, or returns None if it cannot.

property finalizers#: Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#

find_section_containing(addr)#: Returns the section that contains addr or None.

find_segment_containing(addr)#: Returns the segment that contains addr, or None.

get_symbol(name)#: Stub function. Implement to find the symbol with name name.

property image_base_delta#

initial_register_values()#: Deprecated

property initializers#: Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

property max_addr#: This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr#: This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset)#

rebase(new_base)#: Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

property sections#

property segments: Regions#

set_arch(arch)#

property symbols_by_addr#

thread_registers(thread=None)#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

property threads#: If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

loader: Loader#

symbols: sortedcontainers.SortedKeyList[Symbol]#

imports: typing.Dict[str, 'Relocation']#

relocs: List[Relocation]#

arch: Optional[archinfo.Arch]#

exception_handlings: List[ExceptionHandling]#

function_hints: List[FunctionHint]#

memory: Clemory#

Relocations#

CLE’s loader implements program relocation data on a plugin basis. If you would like to add more relocation implementations, do so by subclassing the Relocation class and overriding any relevant methods or properties. Put your subclasses in a module in the relocations subpackage of the appropraite backend package. The name of the subclass will be used to determine when to use it! Look at the existing versions for details.

class cle.backends.relocation.Relocation(owner, symbol, relative_addr)[source]#

Bases: object

A representation of a relocation in a binary file. Smart enough to relocate itself.

Variables:

owner – The binary this relocation was originaly found in, as a cle object
symbol – The Symbol object this relocation refers to
relative_addr – The address in owner this relocation would like to write to
resolvedby – If the symbol this relocation refers to is an import symbol and that import has been resolved, this attribute holds the symbol from a different binary that was used to resolve the import.
resolved – Whether the application of this relocation was successful

Parameters:

owner (Backend) –
symbol (Symbol) –
relative_addr (int) –

AUTO_HANDLE_NONE = False#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)[source]#

Parameters:: solist (List[Any]) –

resolve(obj, **kwargs)[source]#

property rebased_addr#: The address in the global memory space this relocation would like to write to

property linked_addr#

property dest_addr#

property value#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

property owner_obj#

cle.backends.elf.relocation.load_relocations()[source]#

cle.backends.elf.relocation.get_relocation(arch, r_type)[source]#

class cle.backends.elf.relocation.elfreloc.ELFReloc(owner, symbol, relative_addr, addend=None)[source]#

Bases: Relocation

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

property value#

class cle.backends.elf.relocation.mips64.R_MIPS_64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips64.R_MIPS_REL32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips64.R_MIPS_COPY(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips64.R_MIPS_TLS_DTPMOD64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips64.R_MIPS_TLS_DTPREL64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips64.R_MIPS_TLS_TPREL64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.GenericTLSDoffsetReloc(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

property value#

resolve_symbol(solist, **kwargs)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.GenericTLSOffsetReloc(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

AUTO_HANDLE_NONE = True#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.GenericTLSDescriptorReloc(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

RESOLVER_ADDR = NotImplemented#

AUTO_HANDLE_NONE = True#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.GenericTLSModIdReloc(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

AUTO_HANDLE_NONE = True#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.GenericIRelativeReloc(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

AUTO_HANDLE_NONE = True#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.GenericAbsoluteAddendReloc(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.GenericPCRelativeAddendReloc(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.GenericJumpslotReloc(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.GenericRelativeReloc(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

AUTO_HANDLE_NONE = True#

property value#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.GenericAbsoluteReloc(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.GenericCopyReloc(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

resolve_symbol(solist, **kwargs)[source]#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.MipsGlobalReloc(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.MipsLocalReloc(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

AUTO_HANDLE_NONE = True#

resolve_symbol(solist, **kwargs)[source]#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.generic.RelocTruncate32Mixin[source]#

Bases: object

A mix-in class for relocations that cover a 32-bit field regardless of the architecture’s address word length.

check_zero_extend = False#

check_sign_extend = False#

relocate()[source]#

class cle.backends.elf.relocation.generic.RelocGOTMixin[source]#

Bases: object

A mix-in class which will cause the symbol to be resolved to a pointer to the symbol instead of the symbol

resolve(symbol, extern_object=None, **kwargs)[source]#

class cle.backends.elf.relocation.armel.R_ARM_CALL(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_CALL symbols via instruction modification. It additionally handles R_ARM_PC24 and R_ARM_JUMP24. The former is deprecated and is now just the same as R_ARM_CALL.

R_ARM_JUMP24 doesn’t need the Thumb check. Technically, if the Thumb check succeeds on R_ARM_JUMP24, it’s a bad call that shouldn’t have been generated by the linker, so we may as well as just treat it like R_ARM_CALL.

Class: Static
Type: ARM (R_ARM_CALL, R_ARM_JUMP24); Deprecated (R_ARM_PC24)
Code: 1 (R_ARM_PC24), 28 (R_ARM_CALL), 29 (R_ARM_JUMP24)
Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_PREL31(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_PREL31 symbols via instruction modification. The difference between this and R_ARM_CALL/R_ARM_PC24/R_ARM_JUMP24 is that it’s a data relocation

Class: Static
Type: Data
Code: 42
Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_REL32(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_REL32 symbols. This is essentially the same as GenericPCRelativeAddendReloc with the addition of a check for whether or not the target is Thumb.

Class: Static
Type: Data
Code: 3
Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_ABS32(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_ABS32 symbols. This is essentially the same as GenericAbsoluteAddendReloc with the addition of a check for whether or not the target is Thumb.

Class: Static
Type: Data
Code: 3
Operation: (S + A) | T - S is the address of the symbol - A is the addend - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_MOVW_ABS_NC(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_MOVW_ABS_NC symbols.

Class: Static
Type: Instruction
Code: 43
Operation: (S + A) | T - S is the address of the symbol - A is the addend - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_MOVT_ABS(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_MOVT_ABS symbols.

Class: Static
Type: Instruction
Code: 44
Operation: S + A - S is the address of the symbol - A is the addend

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_THM_CALL(*args, **kwargs)[source]#

Bases: ELFReloc

Relocate R_ARM_THM_CALL symbols via instruction modification.

Class: Static
Type: ARM (R_ARM_THM_CALL)
Code: 10
Operation: ((S + A) | T) - P
- S is the address of the symbol
- A is the addend
- P is the target location (place being relocated)
- T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction (This bit is entirely irrelevant because the 1-bit of the address gets shifted off in the encoding)
Encoding: See http://hermes.wings.cs.wisc.edu/files/Thumb-2SupplementReferenceManual.pdf
- Page 71 (3-31) has the chart
- It appears that it mistakenly references the I1 and I2 bits as J1 and J2 in the chart (see the notes at the bottom of the page – the ranges don’t make sense)
- However, the J1/J2 bits are XORed with !S bit in this case (see vex implementation: https://github.com/angr/vex/blob/6d1252c7ce8fe8376318b8f8bb8034058454c841/priv/guest_arm_toIR.c#L19219 )
- Implementation appears correct with the bits placed into offset[23:22]

resolve_symbol(solist, **kwargs)[source]#

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_COPY(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_GLOB_DAT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_GOT_PREL(owner, symbol, relative_addr, addend=None)[source]#

Bases: GenericPCRelativeAddendReloc, RelocTruncate32Mixin, RelocGOTMixin

GOT(S) + A - P Ref: https://github.com/ARM-software/abi-aa/blob/main/aaelf32/aaelf32.rst

AUTO_HANDLE_NONE = False#

property addend#

check_sign_extend = False#

check_zero_extend = False#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_JUMP_SLOT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_RELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_ABS32_NOI(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_REL32_NOI(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_TLS_DTPMOD32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_TLS_DTPOFF32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_TLS_TPOFF32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_JUMP24(owner, symbol, relative_addr, addend=None)[source]#

Bases: R_ARM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_PC24(owner, symbol, relative_addr, addend=None)[source]#

Bases: R_ARM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_THM_JUMP24(*args, **kwargs)[source]#

Bases: R_ARM_THM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_THM_JUMP19(*args, **kwargs)[source]#

Bases: R_ARM_THM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_THM_JUMP6(*args, **kwargs)[source]#

Bases: R_ARM_THM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_THM_MOVW_ABS_NC(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

((S + A) | T) & 0xffff Ref: https://github.com/ARM-software/abi-aa/blob/main/aaelf32/aaelf32.rst

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armel.R_ARM_THM_MOVT_ABS(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

(S + A) & 0xffff0000 Ref: https://github.com/ARM-software/abi-aa/blob/main/aaelf32/aaelf32.rst

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_ADDR32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_ADDR24(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x2 Calculation: (S + A) >> 2 Field: low24*

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_ADDR16(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x3 Calculation: S+A Field: half16*

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_ADDR16_LO(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x4 Calculation: #lo(S + A) Field: half16

property value#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_ADDR16_HI(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x5 Calculation: #hi(S + A) Field: half16

property value#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_ADDR16_HA(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x6 Calculation: #ha(S + A) Field: half16

property value#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_ADDR14(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x7 Calculation: (S + A) >> 2 Field: low14*

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_ADDR14_BRTAKEN(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x8 Calculation: (S + A) >> 2 Field: low14*

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_ADDR14_BRNTAKEN(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x9 Calculation: (S + A) >> 2 Field: low14*

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_REL24(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0xa Calculation: (S + A - P) >> 2 Field: low24* R_PPC_REL24 is a special type of relocation. The instruction must be modified for this type. This relocation type resolves branch-and-link instructions. Prior to relocation, all instances of the branch-and-link instruction will consist of the following bytecode: 48 00 00 01. The problem with this is that all instances will result in calls to the current address - thus an infinite loop. After calculating the relocation result in R_PPC_REL24, you will have an address offset to the call. The result must be resolved to the correct instruction encoding.

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_REL14(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0xb Calculation: (S + A - P) >> 2 Field: low14*

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_REL14_BRTAKEN(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0xc Calculation: (S + A - P) >> 2 Field: low14*

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_REL14_BRNTAKEN(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0xd Calculation: (S + A - P) >> 2 Field: low14*

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_COPY(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_GLOB_DAT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_JMP_SLOT(owner, symbol, relative_addr, addend=None)[source]#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_RELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_UADDR32(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x18 Calculation: S + A Field: word32

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_UADDR16(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x19 Calculation: S + A Field: half16*

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_REL32(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x1a Calculation: S + A - P Field: word32

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_SECTOFF(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x21 Calculation: R + A Field: half16*

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_SECTOFF_LO(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x22 Calculation: #lo(R + A) Field: half16

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_SECTOFF_HI(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x23 Calculation: #hi(R + A) Field: half16

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_SECTOFF_HA(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x24 Calculation: #ha(R + A) Field: half16

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_ADDR30(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 0x25 Calculation: (S + A - P) >> 2 Field: word30

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_DTPMOD32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_DTPREL32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.ppc.R_PPC_TPREL32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_CALL(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_CALL symbols via instruction modification. It additionally handles R_ARM_PC24 and R_ARM_JUMP24. The former is deprecated and is now just the same as R_ARM_CALL.

Class: Static
Type: ARM (R_ARM_CALL, R_ARM_JUMP24); Deprecated (R_ARM_PC24)
Code: 1 (R_ARM_PC24), 28 (R_ARM_CALL), 29 (R_ARM_JUMP24)
Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_PREL31(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_PREL31 symbols via instruction modification. The difference between this and R_ARM_CALL/R_ARM_PC24/R_ARM_JUMP24 is that it’s a data relocation

Class: Static
Type: Data
Code: 42
Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_REL32(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_REL32 symbols. This is essentially the same as GenericPCRelativeAddendReloc with the addition of a check for whether or not the target is Thumb.

Class: Static
Type: Data
Code: 3
Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_ABS32(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_ABS32 symbols. This is essentially the same as GenericAbsoluteAddendReloc with the addition of a check for whether or not the target is Thumb.

Class: Static
Type: Data
Code: 3
Operation: (S + A) | T - S is the address of the symbol - A is the addend - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_MOVW_ABS_NC(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_MOVW_ABS_NC symbols.

Class: Static
Type: Instruction
Code: 43
Operation: (S + A) | T - S is the address of the symbol - A is the addend - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_MOVT_ABS(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_MOVT_ABS symbols.

Class: Static
Type: Instruction
Code: 44
Operation: S + A - S is the address of the symbol - A is the addend

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_THM_CALL(*args, **kwargs)[source]#

Bases: ELFReloc

Relocate R_ARM_THM_CALL symbols via instruction modification.

Class: Static
Type: ARM (R_ARM_THM_CALL)
Code: 10
Operation: ((S + A) | T) - P
- S is the address of the symbol
- A is the addend
- P is the target location (place being relocated)
- T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction (This bit is entirely irrelevant because the 1-bit of the address gets shifted off in the encoding)
Encoding: See http://hermes.wings.cs.wisc.edu/files/Thumb-2SupplementReferenceManual.pdf
- Page 71 (3-31) has the chart
- It appears that it mistakenly references the I1 and I2 bits as J1 and J2 in the chart (see the notes at the bottom of the page – the ranges don’t make sense)
- However, the J1/J2 bits are XORed with !S bit in this case (see vex implementation: https://github.com/angr/vex/blob/6d1252c7ce8fe8376318b8f8bb8034058454c841/priv/guest_arm_toIR.c#L19219 )
- Implementation appears correct with the bits placed into offset[23:22]

resolve_symbol(solist, **kwargs)[source]#

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_COPY(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_GLOB_DAT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_GOT_PREL(owner, symbol, relative_addr, addend=None)[source]#

Bases: GenericPCRelativeAddendReloc, RelocTruncate32Mixin, RelocGOTMixin

GOT(S) + A - P Ref: https://github.com/ARM-software/abi-aa/blob/main/aaelf32/aaelf32.rst

AUTO_HANDLE_NONE = False#

property addend#

check_sign_extend = False#

check_zero_extend = False#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_JUMP_SLOT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_RELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_ABS32_NOI(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_REL32_NOI(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_TLS_DTPMOD32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_TLS_DTPOFF32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_TLS_TPOFF32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_JUMP24(owner, symbol, relative_addr, addend=None)[source]#

Bases: R_ARM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_PC24(owner, symbol, relative_addr, addend=None)[source]#

Bases: R_ARM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_THM_JUMP24(*args, **kwargs)[source]#

Bases: R_ARM_THM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_THM_JUMP19(*args, **kwargs)[source]#

Bases: R_ARM_THM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_THM_JUMP6(*args, **kwargs)[source]#

Bases: R_ARM_THM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_THM_MOVW_ABS_NC(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

((S + A) | T) & 0xffff Ref: https://github.com/ARM-software/abi-aa/blob/main/aaelf32/aaelf32.rst

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.armhf.R_ARM_THM_MOVT_ABS(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

(S + A) & 0xffff0000 Ref: https://github.com/ARM-software/abi-aa/blob/main/aaelf32/aaelf32.rst

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.pcc64.R_PPC64_JMP_SLOT(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.pcc64.R_PPC64_RELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.pcc64.R_PPC64_IRELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.pcc64.R_PPC64_ADDR64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.pcc64.R_PPC64_GLOB_DAT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.pcc64.R_PPC64_DTPMOD64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.pcc64.R_PPC64_DTPREL64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.pcc64.R_PPC64_TPREL64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.pcc64.R_PPC64_REL24(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 10 Calculation: (S + A - P) >> 2 Field: low24*

property value#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.pcc64.R_PPC64_TOC16_LO(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 48 Calculation: #lo(S + A - .TOC.) Field: half16

property value#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.pcc64.R_PPC64_TOC16_HI(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 49 Calculation: #hi(S + A - .TOC.) Field: half16

property value#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.pcc64.R_PPC64_TOC16_HA(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 50 Calculation: #ha(S + A - .TOC.) Field: half16

property value#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.pcc64.R_PPC64_TOC(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 51 Calculation: .TOC. Field: doubleword64

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.i386.R_386_32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.i386.R_386_PC32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.i386.R_386_COPY(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.i386.R_386_GLOB_DAT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.i386.R_386_JMP_SLOT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.i386.R_386_RELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.i386.R_386_IRELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.i386.R_386_TLS_DTPMOD32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.i386.R_386_TLS_TPOFF(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.i386.R_386_TLS_DTPOFF32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_COPY(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_RELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_IRELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_GLOB_DAT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_JUMP_SLOT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_DTPMOD64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_DTPOFF64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_TPOFF64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_PC32(owner, symbol, relative_addr, addend=None)[source]#

Bases: RelocTruncate32Mixin, GenericPCRelativeAddendReloc

check_sign_extend = True#

AUTO_HANDLE_NONE = False#

property addend#

check_zero_extend = False#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_32(owner, symbol, relative_addr, addend=None)[source]#

Bases: RelocTruncate32Mixin, GenericAbsoluteAddendReloc

check_zero_extend = True#

AUTO_HANDLE_NONE = False#

property addend#

check_sign_extend = False#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_32S(owner, symbol, relative_addr, addend=None)[source]#

Bases: RelocTruncate32Mixin, GenericAbsoluteAddendReloc

check_sign_extend = True#

AUTO_HANDLE_NONE = False#

property addend#

check_zero_extend = False#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_PLT32(owner, symbol, relative_addr, addend=None)[source]#

Bases: RelocTruncate32Mixin, GenericPCRelativeAddendReloc

check_sign_extend = True#

AUTO_HANDLE_NONE = False#

property addend#

check_zero_extend = False#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_GOTPCREL(owner, symbol, relative_addr, addend=None)[source]#

Bases: RelocGOTMixin, RelocTruncate32Mixin, GenericPCRelativeAddendReloc

check_sign_extend = True#

AUTO_HANDLE_NONE = False#

property addend#

check_zero_extend = False#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(symbol, extern_object=None, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_GOTPCRELX(owner, symbol, relative_addr, addend=None)[source]#

Bases: RelocGOTMixin, RelocTruncate32Mixin, GenericPCRelativeAddendReloc

check_sign_extend = True#

AUTO_HANDLE_NONE = False#

property addend#

check_zero_extend = False#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(symbol, extern_object=None, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.amd64.R_X86_64_REX_GOTPCRELX(owner, symbol, relative_addr, addend=None)[source]#

Bases: RelocGOTMixin, RelocTruncate32Mixin, GenericPCRelativeAddendReloc

check_sign_extend = True#

AUTO_HANDLE_NONE = False#

property addend#

check_zero_extend = False#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(symbol, extern_object=None, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips.R_MIPS_32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips.R_MIPS_REL32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips.R_MIPS_JUMP_SLOT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips.R_MIPS_GLOB_DAT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips.R_MIPS_TLS_DTPMOD32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips.R_MIPS_TLS_TPREL32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips.R_MIPS_TLS_DTPREL32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips.R_MIPS_HI16(owner, symbol, relative_addr, addend=None)[source]#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.mips.R_MIPS_LO16(owner, symbol, relative_addr, addend=None)[source]#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_CALL(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_CALL symbols via instruction modification. It additionally handles R_ARM_PC24 and R_ARM_JUMP24. The former is deprecated and is now just the same as R_ARM_CALL.

Class: Static
Type: ARM (R_ARM_CALL, R_ARM_JUMP24); Deprecated (R_ARM_PC24)
Code: 1 (R_ARM_PC24), 28 (R_ARM_CALL), 29 (R_ARM_JUMP24)
Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_PREL31(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_PREL31 symbols via instruction modification. The difference between this and R_ARM_CALL/R_ARM_PC24/R_ARM_JUMP24 is that it’s a data relocation

Class: Static
Type: Data
Code: 42
Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_REL32(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_REL32 symbols. This is essentially the same as GenericPCRelativeAddendReloc with the addition of a check for whether or not the target is Thumb.

Class: Static
Type: Data
Code: 3
Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_ABS32(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_ABS32 symbols. This is essentially the same as GenericAbsoluteAddendReloc with the addition of a check for whether or not the target is Thumb.

Class: Static
Type: Data
Code: 3
Operation: (S + A) | T - S is the address of the symbol - A is the addend - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_MOVW_ABS_NC(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_MOVW_ABS_NC symbols.

Class: Static
Type: Instruction
Code: 43
Operation: (S + A) | T - S is the address of the symbol - A is the addend - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_MOVT_ABS(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_MOVT_ABS symbols.

Class: Static
Type: Instruction
Code: 44
Operation: S + A - S is the address of the symbol - A is the addend

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_THM_CALL(*args, **kwargs)[source]#

Bases: ELFReloc

Relocate R_ARM_THM_CALL symbols via instruction modification.

Class: Static
Type: ARM (R_ARM_THM_CALL)
Code: 10
Operation: ((S + A) | T) - P
- S is the address of the symbol
- A is the addend
- P is the target location (place being relocated)
- T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction (This bit is entirely irrelevant because the 1-bit of the address gets shifted off in the encoding)
Encoding: See http://hermes.wings.cs.wisc.edu/files/Thumb-2SupplementReferenceManual.pdf
- Page 71 (3-31) has the chart
- It appears that it mistakenly references the I1 and I2 bits as J1 and J2 in the chart (see the notes at the bottom of the page – the ranges don’t make sense)
- However, the J1/J2 bits are XORed with !S bit in this case (see vex implementation: https://github.com/angr/vex/blob/6d1252c7ce8fe8376318b8f8bb8034058454c841/priv/guest_arm_toIR.c#L19219 )
- Implementation appears correct with the bits placed into offset[23:22]

resolve_symbol(solist, **kwargs)[source]#

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_COPY(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_GLOB_DAT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_JUMP_SLOT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_RELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_ABS32_NOI(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_REL32_NOI(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_TLS_DTPMOD32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_TLS_DTPOFF32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_TLS_TPOFF32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_JUMP24(owner, symbol, relative_addr, addend=None)[source]#

Bases: R_ARM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_PC24(owner, symbol, relative_addr, addend=None)[source]#

Bases: R_ARM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_THM_JUMP24(*args, **kwargs)[source]#

Bases: R_ARM_THM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_THM_JUMP19(*args, **kwargs)[source]#

Bases: R_ARM_THM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_THM_JUMP6(*args, **kwargs)[source]#

Bases: R_ARM_THM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_THM_MOVW_ABS_NC(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

((S + A) | T) & 0xffff Ref: https://github.com/ARM-software/abi-aa/blob/main/aaelf32/aaelf32.rst

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_THM_MOVT_ABS(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

(S + A) & 0xffff0000 Ref: https://github.com/ARM-software/abi-aa/blob/main/aaelf32/aaelf32.rst

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm.R_ARM_GOT_PREL(owner, symbol, relative_addr, addend=None)[source]#

Bases: GenericPCRelativeAddendReloc, RelocTruncate32Mixin, RelocGOTMixin

GOT(S) + A - P Ref: https://github.com/ARM-software/abi-aa/blob/main/aaelf32/aaelf32.rst

AUTO_HANDLE_NONE = False#

property addend#

check_sign_extend = False#

check_zero_extend = False#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_CALL(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_CALL symbols via instruction modification. It additionally handles R_ARM_PC24 and R_ARM_JUMP24. The former is deprecated and is now just the same as R_ARM_CALL.

Class: Static
Type: ARM (R_ARM_CALL, R_ARM_JUMP24); Deprecated (R_ARM_PC24)
Code: 1 (R_ARM_PC24), 28 (R_ARM_CALL), 29 (R_ARM_JUMP24)
Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_PREL31(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_PREL31 symbols via instruction modification. The difference between this and R_ARM_CALL/R_ARM_PC24/R_ARM_JUMP24 is that it’s a data relocation

Class: Static
Type: Data
Code: 42
Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_REL32(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_REL32 symbols. This is essentially the same as GenericPCRelativeAddendReloc with the addition of a check for whether or not the target is Thumb.

Class: Static
Type: Data
Code: 3
Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_ABS32(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_ABS32 symbols. This is essentially the same as GenericAbsoluteAddendReloc with the addition of a check for whether or not the target is Thumb.

Class: Static
Type: Data
Code: 3
Operation: (S + A) | T - S is the address of the symbol - A is the addend - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_MOVW_ABS_NC(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_MOVW_ABS_NC symbols.

Class: Static
Type: Instruction
Code: 43
Operation: (S + A) | T - S is the address of the symbol - A is the addend - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_MOVT_ABS(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocate R_ARM_MOVT_ABS symbols.

Class: Static
Type: Instruction
Code: 44
Operation: S + A - S is the address of the symbol - A is the addend

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_THM_CALL(*args, **kwargs)[source]#

Bases: ELFReloc

Relocate R_ARM_THM_CALL symbols via instruction modification.

Class: Static
Type: ARM (R_ARM_THM_CALL)
Code: 10
Operation: ((S + A) | T) - P
- S is the address of the symbol
- A is the addend
- P is the target location (place being relocated)
- T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction (This bit is entirely irrelevant because the 1-bit of the address gets shifted off in the encoding)
Encoding: See http://hermes.wings.cs.wisc.edu/files/Thumb-2SupplementReferenceManual.pdf
- Page 71 (3-31) has the chart
- It appears that it mistakenly references the I1 and I2 bits as J1 and J2 in the chart (see the notes at the bottom of the page – the ranges don’t make sense)
- However, the J1/J2 bits are XORed with !S bit in this case (see vex implementation: https://github.com/angr/vex/blob/6d1252c7ce8fe8376318b8f8bb8034058454c841/priv/guest_arm_toIR.c#L19219 )
- Implementation appears correct with the bits placed into offset[23:22]

resolve_symbol(solist, **kwargs)[source]#

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_COPY(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_GLOB_DAT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_JUMP_SLOT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_RELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_ABS32_NOI(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_REL32_NOI(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_TLS_DTPOFF32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_TLS_TPOFF32(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_JUMP24(owner, symbol, relative_addr, addend=None)[source]#

Bases: R_ARM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_PC24(owner, symbol, relative_addr, addend=None)[source]#

Bases: R_ARM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_THM_JUMP24(*args, **kwargs)[source]#

Bases: R_ARM_THM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_THM_JUMP19(*args, **kwargs)[source]#

Bases: R_ARM_THM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_THM_JUMP6(*args, **kwargs)[source]#

Bases: R_ARM_THM_CALL

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_THM_MOVW_ABS_NC(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

((S + A) | T) & 0xffff Ref: https://github.com/ARM-software/abi-aa/blob/main/aaelf32/aaelf32.rst

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm_cortex_m.R_ARM_THM_MOVT_ABS(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

(S + A) & 0xffff0000 Ref: https://github.com/ARM-software/abi-aa/blob/main/aaelf32/aaelf32.rst

property value#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm64.R_AARCH64_ABS64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm64.R_AARCH64_COPY(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm64.R_AARCH64_GLOB_DAT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm64.R_AARCH64_JUMP_SLOT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm64.R_AARCH64_RELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm64.R_AARCH64_IRELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm64.R_AARCH64_TLS_DTPREL(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm64.R_AARCH64_TLS_DTPMOD(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm64.R_AARCH64_TLS_TPREL(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm64.R_AARCH64_TLSDESC(owner, symbol, relative_addr, addend=None)[source]#

Bases: GenericTLSDescriptorReloc

RESOLVER_ADDR = 18446744073709551104#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm64.R_AARCH64_CALL26(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 283 Calculation: (S + A - P)

property value#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm64.R_AARCH64_ADR_PREL_PG_HI21(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 275 Calculation: Page(S + A) - Page(P)

property value#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.arm64.R_AARCH64_ADD_ABS_LO12_NC(owner, symbol, relative_addr, addend=None)[source]#

Bases: ELFReloc

Relocation Type: 275 Calculation: (S + A)

property value#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.s390x.R_390_GLOB_DAT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.s390x.R_390_JMP_SLOT(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.s390x.R_390_RELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.s390x.R_390_64(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.s390x.R_390_TLS_TPOFF(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.s390x.R_390_IRELATIVE(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = True#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, thumb=False, extern_object=None, **kwargs)#

Parameters:: solist (List[Any]) –

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.elf.relocation.s390x.R_390_COPY(owner, symbol, relative_addr, addend=None)[source]#

AUTO_HANDLE_NONE = False#

property addend#

property dest_addr#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

cle.backends.pe.relocation.load_relocations()[source]#

cle.backends.pe.relocation.get_relocation(arch, r_type)[source]#

class cle.backends.pe.relocation.pereloc.PEReloc(owner, symbol, addr, resolvewith=None)[source]#

Bases: Relocation

AUTO_HANDLE_NONE = True#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)[source]#

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

property value#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property dest_addr#

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.generic.DllImport(owner, symbol, addr, resolvewith=None)[source]#

Bases: PEReloc

There’s nothing special to be done for DLL imports but this class provides a unique name to the relocation type.

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.generic.IMAGE_REL_BASED_ABSOLUTE(owner, symbol, addr, resolvewith=None)[source]#

Bases: PEReloc

relocate()[source]#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHADJ(owner, addr, next_rva)[source]#

Bases: PEReloc

property value#: In all the other cases, we can ignore the relocation difference part of the calculation because we simply use to_mva() to get our rebased address. In this case, however, we have to adjust the un-rebased address first.

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHLOW(owner, symbol, addr, resolvewith=None)[source]#

Bases: PEReloc

property value#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.generic.IMAGE_REL_BASED_DIR64(owner, symbol, addr, resolvewith=None)[source]#

Bases: PEReloc

property value#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGH(owner, symbol, addr, resolvewith=None)[source]#

Bases: PEReloc

property value#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.generic.IMAGE_REL_BASED_LOW(owner, symbol, addr, resolvewith=None)[source]#

Bases: PEReloc

property value#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.i386.IMAGE_REL_BASED_HIGHADJ(owner, addr, next_rva)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#: In all the other cases, we can ignore the relocation difference part of the calculation because we simply use to_mva() to get our rebased address. In this case, however, we have to adjust the un-rebased address first.

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.i386.IMAGE_REL_BASED_DIR64(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.i386.IMAGE_REL_BASED_HIGHLOW(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.i386.IMAGE_REL_BASED_HIGH(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.i386.IMAGE_REL_BASED_LOW(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.amd64.IMAGE_REL_BASED_HIGHADJ(owner, addr, next_rva)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#: In all the other cases, we can ignore the relocation difference part of the calculation because we simply use to_mva() to get our rebased address. In this case, however, we have to adjust the un-rebased address first.

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.amd64.IMAGE_REL_BASED_DIR64(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.amd64.IMAGE_REL_BASED_HIGHLOW(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.amd64.IMAGE_REL_BASED_HIGH(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.amd64.IMAGE_REL_BASED_LOW(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_HIGHADJ(owner, addr, next_rva)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#: In all the other cases, we can ignore the relocation difference part of the calculation because we simply use to_mva() to get our rebased address. In this case, however, we have to adjust the un-rebased address first.

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_DIR64(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_HIGHLOW(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_HIGH(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_LOW(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_MIPS_JMPADDR(owner, symbol, addr, resolvewith=None)[source]#

Bases: PEReloc

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_MIPS_JMPADDR16(owner, symbol, addr, resolvewith=None)[source]#

Bases: PEReloc

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_HIGHADJ(owner, addr, next_rva)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#: In all the other cases, we can ignore the relocation difference part of the calculation because we simply use to_mva() to get our rebased address. In this case, however, we have to adjust the un-rebased address first.

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_DIR64(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_HIGHLOW(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_HIGH(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_LOW(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_ARM_MOV32(owner, symbol, addr, resolvewith=None)[source]#

Bases: PEReloc

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_THUMB_MOV32(owner, symbol, addr, resolvewith=None)[source]#

Bases: PEReloc

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.riscv.IMAGE_REL_BASED_HIGHADJ(owner, addr, next_rva)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#: In all the other cases, we can ignore the relocation difference part of the calculation because we simply use to_mva() to get our rebased address. In this case, however, we have to adjust the un-rebased address first.

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.riscv.IMAGE_REL_BASED_DIR64(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.riscv.IMAGE_REL_BASED_HIGHLOW(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.riscv.IMAGE_REL_BASED_HIGH(owner, symbol, addr, resolvewith=None)[source]#

AUTO_HANDLE_NONE = True#

property dest_addr#

property is_base_reloc#: These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

property is_import#

property linked_addr#

property owner_obj#

property rebased_addr#: The address in the global memory space this relocation would like to write to

relocate()#

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

resolve(obj, **kwargs)#

resolve_symbol(solist, bypass_compatibility=False, extern_object=None, **kwargs)#

property value#

resolvedby: Optional[Symbol]#

resolved: bool#

class cle.backends.pe.relocation.riscv.IMAGE_REL_BASED_LOW(owner, symbol, addr, resolvewith=None)[source]#