Skip to content

Latest commit

 

History

History
319 lines (243 loc) · 4.33 KB

readelf.md

File metadata and controls

319 lines (243 loc) · 4.33 KB
Raw

readelf Command Cheatsheet

Installation Instructions

Windows

# Using MSYS2
pacman -S binutils

# Using Chocolatey
choco install mingw-w64

Linux

# Debian/Ubuntu
sudo apt-get install binutils

# RHEL/CentOS
sudo yum install binutils

# Arch Linux
sudo pacman -S binutils

macOS

# Using Homebrew
brew install binutils
# Command might be available as 'greadelf'

Basic Header Information

  1. Display all headers:
readelf -a binary_file
  1. Show file header:
readelf -h binary_file
  1. Display section headers:
readelf -S binary_file
  1. Show program headers:
readelf -l binary_file

Symbol Table Analysis

  1. Display symbol table:
readelf -s binary_file
  1. Show dynamic symbol table:
readelf --dyn-syms binary_file
  1. Display symbol versioning:
readelf -V binary_file

Dynamic Section Information

  1. Show dynamic section:
readelf -d binary_file
  1. Display needed libraries:
readelf -d binary_file | grep "NEEDED"
  1. Show RPATH/RUNPATH:
readelf -d binary_file | grep "RPATH\|RUNPATH"

Relocation Information

  1. Display relocations:
readelf -r binary_file
  1. Show dynamic relocations:
readelf --dyn-rel binary_file
  1. Display PLT relocations:
readelf -R binary_file

Section Analysis

  1. List sections:
readelf --sections binary_file
  1. Show section contents:
readelf -x section_name binary_file
  1. Display string tables:
readelf -p .strtab binary_file

Notes and Comments

  1. Show notes:
readelf -n binary_file
  1. Display build attributes:
readelf -A binary_file
  1. Show file comments:
readelf --string-dump=.comment binary_file

Architecture Information

  1. Display architecture-specific info:
readelf -A binary_file
  1. Show processor-specific flags:
readelf --arm-attributes binary_file

Version Information

  1. Show version info:
readelf --version-info binary_file
  1. Display version symbols:
readelf --version-symbols binary_file

Header Details

  1. Show ELF file type:
readelf -h binary_file | grep "Type:"
  1. Display entry point:
readelf -h binary_file | grep "Entry point"

Section Groups

  1. Display section groups:
readelf -g binary_file
  1. Show group sections:
readelf --section-groups binary_file

Advanced Analysis

  1. Display unwind information:
readelf --unwind binary_file
  1. Show archive index:
readelf --archive-index archive.a
  1. Display hex dump of section:
readelf -x .text binary_file

Debug Information

  1. Show debug sections:
readelf -w binary_file
  1. Display DWARF info:
readelf --debug-dump binary_file
  1. Show frame information:
readelf --debug-dump=frames binary_file

Security Analysis

  1. Check for security features:
readelf -l binary_file | grep "GNU_STACK"
  1. Display stack canary:
readelf -s binary_file | grep "__stack_chk"
  1. Show RELRO status:
readelf -l binary_file | grep "GNU_RELRO"

Core Dump Analysis

  1. Analyze core dump:
readelf -n core.dump
  1. Show core dump sections:
readelf -S core.dump

Special Sections

  1. Display .init section:
readelf -x .init binary_file
  1. Show .fini section:
readelf -x .fini binary_file

Output Formatting

  1. Wide output format:
readelf -W binary_file
  1. Hex dump with ASCII:
readelf -x .data --string binary_file

Integration Features

  1. Generate script-friendly output:
readelf --demangle --wide binary_file
  1. Show all strings:
readelf -p .rodata binary_file

Advanced Options

  1. Display histogram:
readelf --histogram binary_file
  1. Show archive headers:
readelf --archive-index archive.a
  1. Display symbol size:
readelf -s --wide binary_file

Special Analysis

  1. Check for stripped symbols:
readelf -s binary_file | grep "Symbol table"
  1. Analyze dynamic loader:
readelf -l binary_file | grep "Requesting"
  1. Show segment permissions:
readelf -l binary_file | grep "FLAGS"