cle — Binary Loader

CLE is an extensible binary loader. Its main goal is to take an executable program and any libraries it depends on and produce an address space where that program is loaded and ready to run.

The primary interface to CLE is the Loader class.

Loading Interface

class cle.loader.Loader(main_binary, auto_load_libs=True, force_load_libs=(), skip_libs=(), main_opts=None, lib_opts=None, ld_path=(), use_system_libs=True, ignore_import_version_numbers=True, case_insensitive=False, rebase_granularity=16777216, except_missing_libs=False, aslr=False, perform_relocations=True, page_size=1, extern_size=32768)

Bases: object

The loader loads all the objects and exports an abstraction of the memory of the process. What you see here is an address space with loaded and rebased binaries.

Parameters:main_binary – The path to the main binary you’re loading, or a file-like object with the binary in it.

The following parameters are optional.

Parameters:
  • auto_load_libs – Whether to automatically load shared libraries that loaded objects depend on.
  • force_load_libs – A list of libraries to load regardless of if they’re required by a loaded object.
  • skip_libs – A list of libraries to never load, even if they’re required by a loaded object.
  • main_opts – A dictionary of options to be used loading the main binary.
  • lib_opts – A dictionary mapping library names to the dictionaries of options to be used when loading them.
  • ld_path – A list of paths in which we can search for shared libraries.
  • use_system_libs – Whether or not to search the system load path for requested libraries. Default True.
  • ignore_import_version_numbers – Whether libraries with different version numbers in the filename will be considered equivalent, for example libc.so.6 and libc.so.0
  • case_insensitive – If this is set to True, filesystem loads will be done case-insensitively regardless of the case-sensitivity of the underlying filesystem.
  • rebase_granularity – The alignment to use for rebasing shared objects
  • except_missing_libs – Throw an exception when a shared library can’t be found.
  • aslr – Load libraries in symbolic address space. Do not use this option.
  • page_size – The granularity with which data is mapped into memory. Set to 1 if you are working in a non-paged environment.
Variables:
  • memory (cle.memory.Clemory) – The loaded, rebased, and relocated memory of the program.
  • main_object – The object representing the main binary (i.e., the executable).
  • shared_objects – A dictionary mapping loaded library names to the objects representing them.
  • all_objects – A list containing representations of all the different objects loaded.
  • requested_names – A set containing the names of all the different shared libraries that were marked as a dependency by somebody.
  • initial_load_objects – A list of all the objects that were loaded as a result of the initial load request.

When reference is made to a dictionary of options, it requires a dictionary with zero or more of the following keys:

  • backend : “elf”, “pe”, “mach-o”, “blob” : which loader backend to use
  • arch : The archinfo.Arch object to use for the binary
  • base_addr : The address to rebase the object at
  • entry_point : The entry point to use for the object

More keys are defined on a per-backend basis.

close()

Release any resources held by this loader.

max_addr

The maximum address loaded as part of any loaded object (i.e., the whole address space).

min_addr

The minimum address loaded as part of any loaded object (i.e., the whole address space).

initializers

Return a list of all the initializers that should be run before execution reaches the entry point, in the order they should be run.

finalizers

Return a list of all the finalizers that should be run before the program exits. I’m not sure what order they should be run in.

linux_loader_object

If the linux dynamic loader is present in memory, return it

extern_object

Return the extern object used to provide addresses to unresolved symbols and angr internals.

Accessing this property will load this object into memory if it was not previously present.

kernel_object

Return the object used to provide addresses to syscalls.

Accessing this property will load this object into memory if it was not previously present.

tls_object

Return the object used to provide addresses for thread-local storage.

Accessing this property will load this object into memory if it was not previously present.

all_elf_objects

Return a list of every object that was loaded from an ELF file.

all_pe_objects

Return a list of every object that was loaded from an ELF file.

missing_dependencies

Return a set of every name that was requested as a shared object dependency but could not be loaded

describe_addr(addr)

Returns a textual description of what’s in memory at the provided address

find_object(spec, extra_objects=())

If the given library specification has been loaded, return its object, otherwise return None.

find_object_containing(addr, membership_check=True)

Return the object that contains the given address, or None if the address is unmapped.

Parameters:
  • addr (int) – The address that should be contained in the object.
  • membership_check (bool) – Whether a membership check should be performed or not (True by default). This option can be set to False if you are certain that the target object does not have “holes”.
Returns:

The object or None.

find_segment_containing(addr, skip_pseudo_objects=True)

Find the section object that the address belongs to.

Parameters:
  • addr (int) – The address to test
  • skip_pseudo_objects (bool) – Skip objects that CLE adds during loading.
Returns:

The section that the address belongs to, or None if the address does not belong to any section, or if section information is not available.

Return type:

cle.Segment

find_section_containing(addr, skip_pseudo_objects=True)

Find the section object that the address belongs to.

Parameters:
  • addr (int) – The address to test.
  • skip_pseudo_objects (bool) – Skip objects that CLE adds during loading.
Returns:

The section that the address belongs to, or None if the address does not belong to any section, or if section information is not available.

Return type:

cle.Section

find_section_next_to(addr, skip_pseudo_objects=True)

Find the next section after the given address.

Parameters:
  • addr (int) – The address to test.
  • skip_pseudo_objects (bool) – Skip objects that CLE adds during loading.
Returns:

The next section that goes after the given address, or None if there is no section after the address, or if section information is not available.

Return type:

cle.Section

find_symbol(thing, fuzzy=False)

Search for the symbol with the given name or address.

Parameters:
  • thing – Either the name or address of a symbol to look up
  • fuzzy – Set to True to return the first symbol before or at the given address
Returns:

A cle.backends.Symbol object if found, None otherwise.

symbols
find_all_symbols(name, exclude_imports=True, exclude_externs=False, exclude_forwards=True)

Iterate over all symbols present in the set of loaded binaries that have the given name

Parameters:
  • name – The name to search for
  • exclude_imports – Whether to exclude import symbols. Default True.
  • exclude_externs – Whether to exclude symbols in the extern object. Default False.
  • exclude_forwards – Whether to exclude forward symbols. Default True.
find_plt_stub_name(addr)

Return the name of the PLT stub starting at addr.

find_relevant_relocations(name)

Iterate through all the relocations referring to the symbol with the given name

perform_irelative_relocs(resolver_func)

Use this method to satisfy IRelative relocations in the binary that require execution of loaded code.

Note that this does NOT handle IFunc symbols, which must be handled separately. (this could be changed, but at the moment it’s desirable to support lazy IFunc resolution, since emulation is usually slow)

Parameters:resolver_func – A callback function that takes an address, runs the code at that address, and returns the return value from the emulated function.
dynamic_load(spec)

Load a file into the address space. Note that the sematics of auto_load_libs and except_missing_libs apply at all times.

Parameters:spec – The path to the file to load. May be an absolute path, a relative path, or a name to search in the load path.
Returns:A list of all the objects successfully loaded, which may be empty if this object was previously loaded. If the object specified in spec failed to load for any reason, including the file not being found, return None.
add_object(obj)

If you’ve constructed your own Backend-subclass object and want to add it directly to the loader, use this.

get_loader_symbolic_constraints()

Do not use this method.

Backends

class cle.backends.Backend(binary, loader=None, is_main_bin=False, filename=None, entry_point=None, arch=None, base_addr=None, force_rebase=False, has_memory=True, **kwargs)

Bases: object

Main base class for CLE binary objects.

An alternate interface to this constructor exists as the static method cle.loader.Loader.load_object()

Variables:
  • binary – The path to the file this object is loaded from
  • is_main_bin – Whether this binary is loaded as the main executable
  • segments – A listing of all the loaded segments in this file
  • sections – A listing of all the demarked sections in the file
  • sections_map – A dict mapping from section name to section
  • imports – A mapping from symbol name to import symbol
  • resolved_imports – A list of all the import symbols that are successfully resolved
  • relocs – A list of all the relocations in this binary
  • irelatives – A list of tuples representing all the irelative relocations that need to be performed. The first item in the tuple is the address of the resolver function, and the second item is the address of where to write the result. The destination address is an RVA.
  • jmprel – A mapping from symbol name to the address of its jump slot relocation, i.e. its GOT entry.
  • arch (archinfo.arch.Arch) – The architecture of this binary
  • os (str) – The operating system this binary is meant to run under
  • mapped_base (int) – The base address of this object in virtual memory
  • deps – A list of names of shared libraries this binary depends on
  • linking – ‘dynamic’ or ‘static’
  • linked_base – The base address this object requests to be loaded at
  • pic (bool) – Whether this object is position-independent
  • execstack (bool) – Whether this executable has an executable stack
  • provides (str) – The name of the shared library dependancy that this object resolves
  • symbols (list) – A list of symbols provided by this object, sorted by address
Parameters:
  • binary – The path to the binary to load
  • is_main_bin – Whether this binary should be loaded as the main executable
is_default = False
close()
set_arch(arch)
image_base_delta
entry
segments
sections
symbols_by_addr
rebase()

Rebase backend’s regions to the new base where they were mapped by the loader

contains_addr(addr)

Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

find_loadable_containing(addr)
find_segment_containing(addr)

Returns the segment that contains addr, or None.

find_section_containing(addr)

Returns the section that contains addr or None.

addr_to_offset(addr)
offset_to_addr(offset)
min_addr

This returns the lowest virtual address contained in any loaded segment of the binary.

max_addr

This returns the highest virtual address contained in any loaded segment of the binary.

initializers

Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

finalizers

Stub function. Like initializers, but with finalizers.

get_symbol(name)

Stub function. Implement to find the symbol with name name.

static extract_soname(path)

Extracts the shared object identifier from the path, or returns None if it cannot.

classmethod check_compatibility(spec, obj)

Performs a minimal static load of spec and returns whether it’s compatible with other_obj

cle.backends.register_backend(name, cls)
class cle.backends.externs.ExternSegment(offset, vaddr, filesize, memsize)

Bases: cle.backends.region.Segment

is_readable = True
is_writable = True
is_executable = True
class cle.backends.externs.ExternObject(loader, map_size=32768)

Bases: cle.backends.Backend

make_extern(name, size=1, alignment=8, thumb=False, sym_type=2)
get_pseudo_addr(name)
allocate(size=1, alignment=8, thumb=False)
max_addr
class cle.backends.externs.KernelObject(loader, map_size=32768)

Bases: cle.backends.Backend

add_name(name, addr)
max_addr
class cle.backends.symbol.Symbol(owner, name, relative_addr, size, sym_type)

Bases: object

Representation of a symbol from a binary file. Smart enough to rebase itself.

There should never be more than one Symbol instance representing a single symbol. To make sure of this, only use the cle.backends.Backend.get_symbol() to create new symbols.

Variables:
  • owner (cle.backends.Backend) – The object that contains this symbol
  • name (str) – The name of this symbol
  • addr (int) – The un-based address of this symbol, an RVA
  • type (int) – The type of this symbol as one of SYMBOL.TYPE_*
  • resolved (bool) – Whether this import symbol has been resolved to a real symbol
  • resolvedby (None or cle.backends.Symbol) – The real symbol this import symbol has been resolve to
  • resolvewith (str) – The name of the library we must use to resolve this symbol, or None if none is required.
Iver int size:

The size of this symbol

Not documenting this since if you try calling it, you’re wrong.

TYPE_OTHER = 0
TYPE_NONE = 1
TYPE_FUNCTION = 2
TYPE_OBJECT = 3
TYPE_SECTION = 4
resolve(obj)
rebased_addr

The address of this symbol in the global memory space

linked_addr
is_function

Whether this symbol is a function

is_static = False
is_common = False
is_import = False
is_export = False
is_local = False
is_weak = False
is_extern = False
is_forward = False
demangled_name

The name of this symbol, run through a C++ demangler

Warning: this calls out to the external program c++filt and will fail loudly if it’s not installed

resolve_forwarder()

If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found.

owner_obj
class cle.backends.regions.Regions(lst=None)

Bases: object

A container class acting as a list of regions (sections or segments). Additionally, it keeps an sorted list of all regions that are mapped into memory to allow fast lookups.

We assume none of the regions overlap with others.

raw_list

Get the internal list. Any change to it is not tracked, and therefore _sorted_list will not be updated. Therefore you probably does not want to modify the list.

Returns:The internal list container.
Return type:list
max_addr

Get the highest address of all regions.

Returns:The highest address of all regions, or None if there is no region available.
Return type:int or None
append(region)

Append a new Region instance into the list.

Parameters:region (Region) – The region to append.
find_region_containing(addr)

Find the region that contains a specific address. Returns None if none of the regions covers the address.

Parameters:addr (int) – The address.
Returns:The region that covers the specific address, or None if no such region is found.
Return type:Region or None
find_region_next_to(addr)

Find the next region after the given address.

Parameters:addr (int) – The address to test.
Returns:The next region that goes after the given address, or None if there is no section after the address,
Return type:Region or None
class cle.backends.region.Region(offset, vaddr, filesize, memsize)

Bases: object

A region of memory that is mapped in the object’s file.

Variables:
  • offset – The offset into the file the region starts.
  • vaddr – The virtual address.
  • filesize – The size of the region in the file.
  • memsize – The size of the region when loaded into memory.

The prefix v- on a variable or parameter name indicates that it refers to the virtual, loaded memory space, while a corresponding variable without the v- refers to the flat zero-based memory of the file.

When used next to each other, addr and offset refer to virtual memory address and file offset, respectively.

contains_addr(addr)

Does this region contain this virtual address?

contains_offset(offset)

Does this region contain this offset into the file?

addr_to_offset(addr)

Convert a virtual memory address into a file offset

offset_to_addr(offset)

Convert a file offset into a virtual memory address

max_addr

The maximum virtual address of this region

min_addr

The minimum virtual address of this region

max_offset

The maximum file offset of this region

min_offset()

The minimum file offset of this region

class cle.backends.region.Segment(offset, vaddr, filesize, memsize)

Bases: cle.backends.region.Region

class cle.backends.region.Section(name, offset, vaddr, size)

Bases: cle.backends.region.Region

Simple representation of a loaded section.

Variables:

name (str) – The name of the section

Parameters:
  • name (str) – The name of the section
  • offset (int) – The offset into the binary file this section begins
  • vaddr (int) – The address in virtual memory this section begins
  • size (int) – How large this section is
is_readable

Whether this section has read permissions

is_writable

Whether this section has write permissions

is_executable

Whether this section has execute permissions

class cle.backends.elf.elf.ELF(binary, addend=None, **kwargs)

Bases: cle.backends.elf.metaelf.MetaELF

The main loader class for statically loading ELF executables. Uses the pyreadelf library where useful.

is_default = True
classmethod check_compatibility(spec, obj)
static is_compatible(stream)
static extract_arch(reader)
initializers
finalizers
get_symbol(symid, symbol_table=None)

Gets a Symbol object for the specified symbol.

Parameters:symid – Either an index into .dynsym or the name of a symbol.
class cle.backends.elf.elf.ELFSymbol(owner, symb)

Bases: cle.backends.symbol.Symbol

Represents a symbol for the ELF format.

Variables:
  • elftype (str) – The type of this symbol as an ELF enum string
  • binding (str) – The binding of this symbol as an ELF enum string
  • section – The section associated with this symbol, or None
class cle.backends.elf.elfcore.CoreNote(n_type, name, desc)

Bases: object

This class is used when parsing the NOTES section of a core file.

n_type_lookup = {1: 'NT_PRSTATUS', 2: 'NT_PRFPREG', 3: 'NT_PRPSINFO', 4: 'NT_TASKSTRUCT', 6: 'NT_AUXV', 1179208773: 'NT_FILE', 1189489535: 'NT_PRXFPREG', 1397311305: 'NT_SIGINFO'}
class cle.backends.elf.elfcore.ELFCore(binary, **kwargs)

Bases: cle.backends.elf.elf.ELF

Loader class for ELF core files.

is_default = True
static is_compatible(stream)
initial_register_values()
class cle.backends.elf.metaelf.MetaELF(*args, **kwargs)

Bases: cle.backends.Backend

A base class that implements functions used by all backends that can load an ELF.

supported_filetypes = ['elf']
plt

Maps names to addresses.

reverse_plt

Maps addresses to names.

is_ppc64_abiv1

Returns whether the arch is powerpc64 ABIv1.

Returns:True if powerpc64 ABIv1, False otherwise.
static extract_soname(path)
static get_text_offset(path)

Offset of .text in the binary.

cle.backends.elf.symbol.maybedecode(string)
class cle.backends.elf.symbol.ELFSymbol(owner, symb)

Bases: cle.backends.symbol.Symbol

Represents a symbol for the ELF format.

Variables:
  • elftype (str) – The type of this symbol as an ELF enum string
  • binding (str) – The binding of this symbol as an ELF enum string
  • section – The section associated with this symbol, or None
cle.backends.elf.regions.maybedecode(string)
class cle.backends.elf.regions.ELFSegment(readelf_seg)

Bases: cle.backends.region.Segment

Represents a segment for the ELF format.

is_readable
is_writable
is_executable
class cle.backends.elf.regions.ELFSection(readelf_sec, remap_offset=0)

Bases: cle.backends.region.Section

SHF_WRITE = 1
SHF_ALLOC = 2
SHF_EXECINSTR = 4
SHF_STRINGS = 32
is_readable
is_writable
occupies_memory
is_executable
is_strings
class cle.backends.elf.hashtable.ELFHashTable(symtab, stream, offset, arch)

Bases: object

Functions to do lookup from a HASH section of an ELF file.

Information: http://docs.oracle.com/cd/E23824_01/html/819-0690/chapter6-48031.html

Parameters:
  • symtab – The symbol table to perform lookups from (as a pyelftools SymbolTableSection).
  • stream – A file-like object to read from the ELF’s memory.
  • offset – The offset in the object where the table starts.
  • arch – The ArchInfo object for the ELF file.
get(k)

Perform a lookup. Returns a pyelftools Symbol object, or None if there is no match.

Parameters:k – The string to look up.
static elf_hash(key)
class cle.backends.elf.hashtable.GNUHashTable(symtab, stream, offset, arch)

Bases: object

Functions to do lookup from a GNU_HASH section of an ELF file.

Information: https://blogs.oracle.com/ali/entry/gnu_hash_elf_sections

Parameters:
  • symtab – The symbol table to perform lookups from (as a pyelftools SymbolTableSection).
  • stream – A file-like object to read from the ELF’s memory.
  • offset – The offset in the object where the table starts.
  • arch – The ArchInfo object for the ELF file.
get(k)

Perform a lookup. Returns a pyelftools Symbol object, or None if there is no match.

Parameters:k – The string to look up
static gnu_hash(key)
class cle.backends.pe.pe.PE(*args, **kwargs)

Bases: cle.backends.Backend

Representation of a PE (i.e. Windows) binary.

is_default = True
static is_compatible(stream)
classmethod check_compatibility(spec, obj)
get_symbol(name)

Look up the symbol with the given name. Symbols can be looked up by ordinal with the name "ordinal.%d" % num

class cle.backends.pe.symbol.WinSymbol(owner, name, addr, is_import, is_export, ordinal_number, forwarder)

Bases: cle.backends.symbol.Symbol

Represents a symbol for the PE format.

resolve_forwarder()
class cle.backends.pe.regions.PESection(pe_section, remap_offset=0)

Bases: cle.backends.region.Section

Represents a section for the PE format.

is_readable
is_writable
is_executable
class cle.backends.macho.macho.MachO(binary, **kwargs)

Bases: cle.backends.Backend

Mach-O binaries for CLE

The Mach-O format is notably different from other formats, as such: * Sections are always part of a segment, self.sections will thus be empty * Symbols cannot be categorized like in ELF * Symbol resolution must be handled by the binary * Rebasing cannot be done statically (i.e. self.mapped_base is ignored for now) * …

is_default = True
MH_MAGIC_64 = 4277009103
MH_CIGAM_64 = 3489328638
MH_MAGIC = 4277009102
MH_CIGAM = 3472551422
static is_compatible(stream)
is_thumb_interworking(address)

Returns true if the given address is a THUMB interworking address

decode_thumb_interworking(address)

Decodes a thumb interworking address

find_segment_by_name(name)
do_binding()
get_string(start)

Loads a string from the string table

parse_lc_str(f, start, limit=None)

Parses a lc_str data structure

get_symbol_by_address_fuzzy(address)

Locates a symbol by checking the given address against sym.addr, sym.bind_xrefs and sym.symbol_stubs

get_symbol(name, include_stab=False, fuzzy=False)

Returns all symbols matching name.

Note that especially when include_stab=True there may be multiple symbols with the same name, therefore this method always returns an array.

Parameters:
  • include_stab – Include debugging symbols NOT RECOMMENDED
  • fuzzy – Replace exact match with “contains”-style match
get_segment_by_name(name)

Searches for a MachOSegment with the given name and returns it :param name: Name of the sought segment :return: MachOSegment or None

class cle.backends.macho.macho.MachOSection(offset, vaddr, size, vsize, segname, sectname, align, reloff, nreloc, flags, r1, r2)

Bases: cle.backends.region.Region

Mach-O Section, only defined within the context of a Mach-O Segment.

  • offset is the offset into the file the region starts
  • vaddr (or just addr) is the virtual address
  • filesize (or just size) is the size of the region in the file
  • memsize (or vsize) is the size of the region when loaded into memory
  • segname is the corresponding segment’s name without padding
  • sectname is the section’s name without padding
  • align is the sections alignment as a power of 2
  • reloff is the file offset to the section’s relocation entries
  • nreloc is the number of relocation entries for this section
  • flags is a bit vector containing per-section flags
  • r1 and r2 are values for the reserved1 and reserved2 fields respectively
type
attributes
class cle.backends.macho.macho.MachOSegment(offset, vaddr, size, vsize, segname, nsect, sections, flags, initprot, maxprot)

Bases: cle.backends.region.Region

Mach-O Segment

  • offset is the offset into the file the region starts
  • vaddr (or just addr) is the virtual address
  • filesize (or just size) is the size of the region in the file
  • memsize (or vsize) is the size of the region when loaded into memory
  • segname is the segment’s name without padding
  • nsect is the number of sections contained in this segment
  • sections is an array of MachOSections
  • flags is a bit vector containing per-segment flags
  • initprot and maxprot are initial and maximum permissions respectively
get_section_by_name(name)

Searches for a section by name within this segment :param name: Name of the section :return: MachOSection or None

is_readable
is_writable
is_executable
class cle.backends.macho.symbol.MachOSymbol(owner, symtab_offset, n_strx, n_type, n_sect, n_desc, n_value)

Bases: cle.backends.symbol.Symbol

Base class for Mach-O symbols. Made to be (somewhat) compatible with backends.Symbol. Note that ELF-specific fields from backends.Symbol are not used and semantics of the remaining fields differ in many cases. As a result most stock functionality from Angr and related libraries WILL NOT WORK PROPERLY on MachOSymbol.

Much of the code below is based on heuristics as official documentation is sparse, consider yourself warned!

library_name
segment_name
section_name
value
referenced_symbol_index

For indirect symbols n_value contains an index into the string table indicating the referenced symbol’s name

is_weak()
is_function()
rebased_addr
resolve(obj)
demangled_name()
is_stab
is_private_external
is_external
sym_type
is_common
common_align
reference_type
library_ordinal
is_no_dead_strip
is_desc_discarded
is_weak_referenced
is_weak_defined
is_reference_to_weak
is_thumb_definition
is_symbol_resolver
is_alt_entry
class cle.backends.macho.section.MachOSection(offset, vaddr, size, vsize, segname, sectname, align, reloff, nreloc, flags, r1, r2)

Bases: cle.backends.region.Region

Mach-O Section, only defined within the context of a Mach-O Segment.

  • offset is the offset into the file the region starts
  • vaddr (or just addr) is the virtual address
  • filesize (or just size) is the size of the region in the file
  • memsize (or vsize) is the size of the region when loaded into memory
  • segname is the corresponding segment’s name without padding
  • sectname is the section’s name without padding
  • align is the sections alignment as a power of 2
  • reloff is the file offset to the section’s relocation entries
  • nreloc is the number of relocation entries for this section
  • flags is a bit vector containing per-section flags
  • r1 and r2 are values for the reserved1 and reserved2 fields respectively
type
attributes
class cle.backends.macho.segment.MachOSegment(offset, vaddr, size, vsize, segname, nsect, sections, flags, initprot, maxprot)

Bases: cle.backends.region.Region

Mach-O Segment

  • offset is the offset into the file the region starts
  • vaddr (or just addr) is the virtual address
  • filesize (or just size) is the size of the region in the file
  • memsize (or vsize) is the size of the region when loaded into memory
  • segname is the segment’s name without padding
  • nsect is the number of sections contained in this segment
  • sections is an array of MachOSections
  • flags is a bit vector containing per-segment flags
  • initprot and maxprot are initial and maximum permissions respectively
get_section_by_name(name)

Searches for a section by name within this segment :param name: Name of the section :return: MachOSection or None

is_readable
is_writable
is_executable
cle.backends.macho.binding.chh(x)
cle.backends.macho.binding.read_uleb(blob, offset)

Reads a number encoded as uleb128

cle.backends.macho.binding.read_sleb(blob, offset)

Reads a number encoded as sleb128

class cle.backends.macho.binding.BindingState(is_64)

Bases: object

State object

add_address_ov(address, addend)

this is a very ugly klugde. It is needed because dyld relies on overflow semantics and represents several negative offsets through BIG ulebs

check_address_bounds()
class cle.backends.macho.binding.BindingHelper(binary)

Bases: object

Factors out binding logic from MachO. Intended to work in close conjunction with MachO not for standalone use

do_normal_bind(blob)

Performs non-lazy, non-weak bindings :param blob: Blob containing binding opcodes

do_lazy_bind(blob)

Performs lazy binding

cle.backends.macho.binding.n_opcode_done(s, b, i, blob)
cle.backends.macho.binding.n_opcode_set_dylib_ordinal_imm(s, b, i, blob)
cle.backends.macho.binding.n_opcode_set_dylib_ordinal_uleb(s, b, i, blob)
cle.backends.macho.binding.n_opcode_set_dylib_special_imm(s, b, i, blob)
cle.backends.macho.binding.n_opcode_set_trailing_flags_imm(s, b, i, blob)
cle.backends.macho.binding.n_opcode_set_type_imm(s, b, i, blob)
cle.backends.macho.binding.n_opcode_set_addend_sleb(s, b, i, blob)
cle.backends.macho.binding.n_opcode_set_segment_and_offset_uleb(s, b, i, blob)
cle.backends.macho.binding.l_opcode_set_segment_and_offset_uleb(s, b, i, blob)
cle.backends.macho.binding.n_opcode_add_addr_uleb(s, b, i, blob)
cle.backends.macho.binding.n_opcode_do_bind(s, b, i, blob)
cle.backends.macho.binding.l_opcode_do_bind(s, b, i, blob)
cle.backends.macho.binding.n_opcode_do_bind_add_addr_uleb(s, b, i, blob)
cle.backends.macho.binding.n_opcode_do_bind_add_addr_imm_scaled(s, b, i, blob)
cle.backends.macho.binding.n_opcode_do_bind_uleb_times_skipping_uleb(s, b, i, blob)
cle.backends.macho.binding.default_binding_handler(state, binary)

Binds location to the symbol with the given name and library ordinal

class cle.backends.cgc.cgc.CGC(binary, *args, **kwargs)

Bases: cle.backends.elf.elf.ELF

Backend to support the CGC elf format used by the Cyber Grand Challenge competition.

See : https://github.com/CyberGrandChallenge/libcgcef/blob/master/cgc_executable_format.md

is_default = True
static is_compatible(stream)
supported_filetypes = ['cgc']
class cle.backends.cgc.backedcgc.FakeSegment(start, size)

Bases: cle.backends.region.Segment

class cle.backends.cgc.backedcgc.BackedCGC(path, memory_backer=None, register_backer=None, writes_backer=None, permissions_map=None, current_allocation_base=None, *args, **kwargs)

Bases: cle.backends.cgc.cgc.CGC

This is a backend for CGC executables that allows user provide a memory backer and a register backer as the initial state of the running binary.

Parameters:
  • path – File path to CGC executable.
  • memory_backer – A dict of memory content, with beginning address of each segment as key and actual memory content as data.
  • register_backer – A dict of all register contents. EIP will be used as the entry point of this executable.
  • permissions_map – A dict of memory region to permission flags
  • current_allocation_base – An integer representing the current address of the top of the CGC heap.
is_default = True
static is_compatible(stream)
initial_register_values()
class cle.backends.blob.Blob(path, offset=None, segments=None, **kwargs)

Bases: cle.backends.Backend

Representation of a binary blob, i.e. an executable in an unknown file format.

Parameters:
  • arch – (required) an archinfo.Arch for the binary blob.
  • offset – Skip this many bytes from the beginning of the file.
  • segments – List of tuples describing how to map data into memory. Tuples are of (file_offset, mem_addr, size).

You can’t specify both offset and segments.

is_default = True
static is_compatible(stream)
min_addr
max_addr
function_name(addr)

Blobs don’t support function names.

contains_addr(addr)
in_which_segment(addr)

Blobs don’t support segments.

classmethod check_compatibility(spec, obj)
class cle.backends.ihex.Hex(path, arch=None, entry_point=0, **kwargs)

Bases: cle.backends.blob.Blob

A loader for Intel Hex Objects See https://en.wikipedia.org/wiki/Intel_HEX

is_default = True
static parse_record(line)
static coalesce_regions(regions)
static is_compatible(stream)
class cle.backends.binja.BinjaSymbol(owner, sym)

Bases: cle.backends.symbol.Symbol

BINJA_FUNC_SYM_TYPES = []
BINJA_DATA_SYM_TYPES = []
BINJA_IMPORT_TYPES = []
class cle.backends.binja.BinjaReloc(owner, symbol, relative_addr)

Bases: cle.backends.relocation.Relocation

value
class cle.backends.binja.BinjaBin(binary, *args, **kwargs)

Bases: cle.backends.Backend

Get information from binaries using Binary Ninja. Basing this on idabin.py, but will try to be more complete. TODO: add more features as Binary Ninja’s feature set improves

is_default = True
BINJA_ARCH_MAP = {'aarch64': <Arch AARCH64 (LE)>, 'armv7': <Arch ARMEL (LE)>, 'armv7eb': <Arch ARMEL (BE)>, 'mips32': <Arch MIPS32 (BE)>, 'mipsel32': <Arch MIPS32 (LE)>, 'ppc': <Arch PPC32 (BE)>, 'ppc_le': <Arch PPC32 (LE)>, 'thumb2': <Arch ARMEL (LE)>, 'thumb2eb': <Arch ARMEL (BE)>, 'x86': <Arch X86 (LE)>, 'x86_64': <Arch AMD64 (LE)>}
static is_compatible(stream)
in_which_segment(addr)

Return the segment name at address addr.

get_symbol_addr(sym)

Get the address of the symbol sym from IDA.

Returns:An address.
function_name(addr)

Return the function name at address addr.

min_addr

this is probably not “right”)

Type:Get the min address of the binary. (note
max_addr

Get the max address of the binary.

entry
get_strings()

Extract strings from binary (Binary Ninja).

Returns:An array of strings.
set_got_entry(name, newaddr)

Resolve import name with address newaddr. That is, update the GOT entry for name with newaddr.

close()

Release the BinaryView we created in __init__ :return: None

class cle.backends.soot.Soot(path, additional_jars=None, additional_jar_roots=None, main_class=None, **kwargs)

Bases: cle.backends.Backend

is_default = True
max_addr
static is_compatible(stream)
static is_jar(stream)
entry
classes
get_manifest()

Load the MANIFEST.MF file

Returns:A dict of meta info
Return type:dict
get_class(cls_name)

Get a Soot class object.

Parameters:cls_name (str) – Name of the class to get.
Returns:The class object.
Return type:pysoot.soot.SootClass
get_method(thing, cls_name=None)

Get a Soot method object.

Parameters:
  • thing – Descriptor or the method, or name of the method.
  • class_name (str) – Name of the class. If not specified, class name can be parsed from method_name.
Returns:

An iterator of all SootMethod objects that satisfy the criteria.

Return type:

iterator

main_methods

Find all Main methods in this binary.

Returns:All main methods in each class.
Return type:iterator

Relocations

CLE’s loader implements program relocation data on a plugin basis. If you would like to add more relocation implementations, do so by subclassing the Relocation class and overriding any relevant methods or properties. Put your subclasses in a module in the relocations subpackage of the appropraite backend package. The name of the subclass will be used to determine when to use it! Look at the existing versions for details.

class cle.backends.relocation.Relocation(owner, symbol, relative_addr)

Bases: object

A representation of a relocation in a binary file. Smart enough to relocate itself.

Variables:
  • owner – The binary this relocation was originaly found in, as a cle object
  • symbol – The Symbol object this relocation refers to
  • relative_addr – The address in owner this relocation would like to write to
  • rebased_addr – The address in the global memory space this relocation would like to write to
  • resolvedby – If the symbol this relocation refers to is an import symbol and that import has been resolved, this attribute holds the symbol from a different binary that was used to resolve the import.
  • resolved – Whether the application of this relocation was succesful
resolve_symbol(solist, bypass_compatibility=False, thumb=False)
resolve(obj)
rebased_addr
linked_addr
dest_addr
value
relocate(solist, bypass_compatibility=False)

Applies this relocation. Will make changes to the memory object of the object it came from.

This implementation is a generic version that can be overridden in subclasses.

Parameters:solist – A list of objects from which to resolve symbols.
owner_obj
cle.backends.elf.relocation.load_relocations()
cle.backends.elf.relocation.get_relocation(arch, r_type)
class cle.backends.elf.relocation.elfreloc.ELFReloc(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.relocation.Relocation

addend
value
class cle.backends.elf.relocation.mips64.R_MIPS_64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericAbsoluteAddendReloc

class cle.backends.elf.relocation.mips64.R_MIPS_REL32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericRelativeReloc

class cle.backends.elf.relocation.mips64.R_MIPS_COPY(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericCopyReloc

class cle.backends.elf.relocation.mips64.R_MIPS_TLS_DTPMOD64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSModIdReloc

class cle.backends.elf.relocation.mips64.R_MIPS_TLS_DTPREL64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSDoffsetReloc

class cle.backends.elf.relocation.mips64.R_MIPS_TLS_TPREL64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSOffsetReloc

class cle.backends.elf.relocation.generic.GenericTLSDoffsetReloc(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

value
resolve_symbol(solist, bypass_compatibility=False, thumb=False)
class cle.backends.elf.relocation.generic.GenericTLSOffsetReloc(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

relocate(solist, bypass_compatibility=False)
class cle.backends.elf.relocation.generic.GenericTLSModIdReloc(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

relocate(solist, bypass_compatibility=False)
class cle.backends.elf.relocation.generic.GenericIRelativeReloc(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

relocate(solist, bypass_compatibility=False)
class cle.backends.elf.relocation.generic.GenericAbsoluteAddendReloc(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

value
class cle.backends.elf.relocation.generic.GenericPCRelativeAddendReloc(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

value
class cle.backends.elf.relocation.generic.GenericJumpslotReloc(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

value
class cle.backends.elf.relocation.generic.GenericRelativeReloc(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

value
resolve_symbol(solist, bypass_compatibility=False, thumb=False)
class cle.backends.elf.relocation.generic.GenericAbsoluteReloc(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

value
class cle.backends.elf.relocation.generic.GenericCopyReloc(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

value
class cle.backends.elf.relocation.generic.MipsGlobalReloc(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericAbsoluteReloc

class cle.backends.elf.relocation.generic.MipsLocalReloc(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

relocate(solist, bypass_compatibility=False)
class cle.backends.elf.relocation.generic.RelocTruncate32Mixin

Bases: object

A mix-in class for relocations that cover a 32-bit field regardless of the architecture’s address word length.

check_zero_extend = False
check_sign_extend = False
relocate(solist, bypass_compatibility=False)
class cle.backends.elf.relocation.ppc.R_PPC_ADDR32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericAbsoluteAddendReloc

class cle.backends.elf.relocation.ppc.R_PPC_COPY(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericCopyReloc

class cle.backends.elf.relocation.ppc.R_PPC_GLOB_DAT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericJumpslotReloc

class cle.backends.elf.relocation.ppc.R_PPC_JMP_SLOT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericJumpslotReloc

relocate(solist, bypass_compatibility=False)
class cle.backends.elf.relocation.ppc.R_PPC_RELATIVE(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericRelativeReloc

class cle.backends.elf.relocation.ppc.R_PPC_DTPMOD32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSModIdReloc

class cle.backends.elf.relocation.ppc.R_PPC_DTPREL32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSDoffsetReloc

class cle.backends.elf.relocation.ppc.R_PPC_TPREL32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSOffsetReloc

class cle.backends.elf.relocation.pcc64.R_PPC64_JMP_SLOT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

relocate(solist, bypass_compatibility=False)
class cle.backends.elf.relocation.pcc64.R_PPC64_RELATIVE(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericRelativeReloc

class cle.backends.elf.relocation.pcc64.R_PPC64_IRELATIVE(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericIRelativeReloc

class cle.backends.elf.relocation.pcc64.R_PPC64_ADDR64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericAbsoluteAddendReloc

class cle.backends.elf.relocation.pcc64.R_PPC64_GLOB_DAT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericJumpslotReloc

class cle.backends.elf.relocation.pcc64.R_PPC64_DTPMOD64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSModIdReloc

class cle.backends.elf.relocation.pcc64.R_PPC64_DTPREL64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSDoffsetReloc

class cle.backends.elf.relocation.pcc64.R_PPC64_TPREL64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSOffsetReloc

class cle.backends.elf.relocation.i386.R_386_32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericAbsoluteAddendReloc

class cle.backends.elf.relocation.i386.R_386_PC32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericPCRelativeAddendReloc

class cle.backends.elf.relocation.i386.R_386_COPY(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericCopyReloc

class cle.backends.elf.relocation.i386.R_386_GLOB_DAT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericJumpslotReloc

class cle.backends.elf.relocation.i386.R_386_JMP_SLOT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericJumpslotReloc

class cle.backends.elf.relocation.i386.R_386_RELATIVE(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericRelativeReloc

class cle.backends.elf.relocation.i386.R_386_IRELATIVE(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericIRelativeReloc

class cle.backends.elf.relocation.i386.R_386_TLS_DTPMOD32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSModIdReloc

class cle.backends.elf.relocation.i386.R_386_TLS_TPOFF(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSOffsetReloc

class cle.backends.elf.relocation.i386.R_386_TLS_DTPOFF32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSDoffsetReloc

class cle.backends.elf.relocation.amd64.R_X86_64_64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericAbsoluteAddendReloc

class cle.backends.elf.relocation.amd64.R_X86_64_COPY(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericCopyReloc

class cle.backends.elf.relocation.amd64.R_X86_64_RELATIVE(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericRelativeReloc

class cle.backends.elf.relocation.amd64.R_X86_64_IRELATIVE(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericIRelativeReloc

class cle.backends.elf.relocation.amd64.R_X86_64_GLOB_DAT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericJumpslotReloc

class cle.backends.elf.relocation.amd64.R_X86_64_JUMP_SLOT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericJumpslotReloc

class cle.backends.elf.relocation.amd64.R_X86_64_DTPMOD64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSModIdReloc

class cle.backends.elf.relocation.amd64.R_X86_64_DTPOFF64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSDoffsetReloc

class cle.backends.elf.relocation.amd64.R_X86_64_TPOFF64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSOffsetReloc

class cle.backends.elf.relocation.amd64.R_X86_64_PC32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.RelocTruncate32Mixin, cle.backends.elf.relocation.generic.GenericPCRelativeAddendReloc

check_sign_extend = True
class cle.backends.elf.relocation.amd64.R_X86_64_32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.RelocTruncate32Mixin, cle.backends.elf.relocation.generic.GenericAbsoluteAddendReloc

check_zero_extend = True
class cle.backends.elf.relocation.amd64.R_X86_64_32S(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.RelocTruncate32Mixin, cle.backends.elf.relocation.generic.GenericAbsoluteAddendReloc

check_sign_extend = True
class cle.backends.elf.relocation.mips.R_MIPS_32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericAbsoluteAddendReloc

class cle.backends.elf.relocation.mips.R_MIPS_REL32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericRelativeReloc

class cle.backends.elf.relocation.mips.R_MIPS_JUMP_SLOT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericAbsoluteReloc

class cle.backends.elf.relocation.mips.R_MIPS_GLOB_DAT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericAbsoluteReloc

class cle.backends.elf.relocation.mips.R_MIPS_TLS_DTPMOD32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSModIdReloc

class cle.backends.elf.relocation.mips.R_MIPS_TLS_TPREL32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSOffsetReloc

class cle.backends.elf.relocation.mips.R_MIPS_TLS_DTPREL32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSDoffsetReloc

class cle.backends.elf.relocation.arm.R_ARM_CALL(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

Relocate R_ARM_CALL symbols via instruction modification. It additionally handles R_ARM_PC24 and R_ARM_JUMP24. The former is deprecated and is now just the same as R_ARM_CALL.

R_ARM_JUMP24 doesn’t need the Thumb check. Technically, if the Thumb check succeeds on R_ARM_JUMP24, it’s a bad call that shouldn’t have been generated by the linker, so we may as well as just treat it like R_ARM_CALL.

  • Class: Static
  • Type: ARM (R_ARM_CALL, R_ARM_JUMP24); Deprecated (R_ARM_PC24)
  • Code: 1 (R_ARM_PC24), 28 (R_ARM_CALL), 29 (R_ARM_JUMP24)
  • Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction
value
class cle.backends.elf.relocation.arm.R_ARM_PREL31(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

Relocate R_ARM_PREL31 symbols via instruction modification. The difference between this and R_ARM_CALL/R_ARM_PC24/R_ARM_JUMP24 is that it’s a data relocation

  • Class: Static
  • Type: Data
  • Code: 42
  • Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction
value
class cle.backends.elf.relocation.arm.R_ARM_REL32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

Relocate R_ARM_REL32 symbols. This is essentially the same as generic.GenericPCRelativeAddendReloc with the addition of a check for whether or not the target is Thumb.

  • Class: Static
  • Type: Data
  • Code: 3
  • Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction
value
class cle.backends.elf.relocation.arm.R_ARM_ABS32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

Relocate R_ARM_ABS32 symbols. This is essentially the same as generic.GenericAbsoluteAddendReloc with the addition of a check for whether or not the target is Thumb.

  • Class: Static
  • Type: Data
  • Code: 3
  • Operation: (S + A) | T - S is the address of the symbol - A is the addend - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction
value
class cle.backends.elf.relocation.arm.R_ARM_MOVW_ABS_NC(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

Relocate R_ARM_MOVW_ABS_NC symbols.

  • Class: Static
  • Type: Instruction
  • Code: 43
  • Operation: (S + A) | T - S is the address of the symbol - A is the addend - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction
value
class cle.backends.elf.relocation.arm.R_ARM_MOVT_ABS(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

Relocate R_ARM_MOVT_ABS symbols.

  • Class: Static
  • Type: Instruction
  • Code: 44
  • Operation: S + A - S is the address of the symbol - A is the addend
value
class cle.backends.elf.relocation.arm.R_ARM_THM_CALL(*args, **kwargs)

Bases: cle.backends.elf.relocation.elfreloc.ELFReloc

Relocate R_ARM_THM_CALL symbols via instruction modification.

  • Class: Static
  • Type: ARM (R_ARM_THM_CALL)
  • Code: 10
  • Operation: ((S + A) | T) - P - S is the address of the symbol - A is the addend - P is the target location (place being relocated) - T is 1 if the symbol is of type STT_FUNC and addresses a Thumb instruction (This bit is entirely irrelevant because the 1-bit of the address gets shifted off in the encoding)
  • Encoding: See http://hermes.wings.cs.wisc.edu/files/Thumb-2SupplementReferenceManual.pdf - Page 71 (3-31) has the chart - It appears that it mistakenly references the I1 and I2 bits as J1 and J2 in the chart (see the notes at the bottom of the page – the ranges don’t make sense) - However, the J1/J2 bits are XORed with !S bit in this case (see vex implementation: https://github.com/angr/vex/blob/6d1252c7ce8fe8376318b8f8bb8034058454c841/priv/guest_arm_toIR.c#L19219 ) - Implementation appears correct with the bits placed into offset[23:22]
resolve_symbol(solist, bypass_compatibility=False, thumb=False)
value
class cle.backends.elf.relocation.arm.R_ARM_COPY(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericCopyReloc

class cle.backends.elf.relocation.arm.R_ARM_GLOB_DAT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericJumpslotReloc

class cle.backends.elf.relocation.arm.R_ARM_JUMP_SLOT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericJumpslotReloc

class cle.backends.elf.relocation.arm.R_ARM_RELATIVE(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericRelativeReloc

class cle.backends.elf.relocation.arm.R_ARM_ABS32_NOI(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericAbsoluteAddendReloc

class cle.backends.elf.relocation.arm.R_ARM_REL32_NOI(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericPCRelativeAddendReloc

class cle.backends.elf.relocation.arm.R_ARM_TLS_DTPMOD32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSModIdReloc

class cle.backends.elf.relocation.arm.R_ARM_TLS_DTPOFF32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSDoffsetReloc

class cle.backends.elf.relocation.arm.R_ARM_TLS_TPOFF32(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSOffsetReloc

class cle.backends.elf.relocation.arm.R_ARM_JUMP24(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.arm.R_ARM_CALL

class cle.backends.elf.relocation.arm.R_ARM_PC24(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.arm.R_ARM_CALL

class cle.backends.elf.relocation.arm64.R_AARCH64_ABS64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericAbsoluteAddendReloc

class cle.backends.elf.relocation.arm64.R_AARCH64_COPY(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericCopyReloc

class cle.backends.elf.relocation.arm64.R_AARCH64_GLOB_DAT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericJumpslotReloc

class cle.backends.elf.relocation.arm64.R_AARCH64_JUMP_SLOT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericJumpslotReloc

class cle.backends.elf.relocation.arm64.R_AARCH64_RELATIVE(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericRelativeReloc

class cle.backends.elf.relocation.arm64.R_AARCH64_IRELATIVE(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericIRelativeReloc

class cle.backends.elf.relocation.arm64.R_AARCH64_TLS_DTPREL(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSDoffsetReloc

class cle.backends.elf.relocation.arm64.R_AARCH64_TLS_DTPMOD(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSModIdReloc

class cle.backends.elf.relocation.arm64.R_AARCH64_TLS_TPREL(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSOffsetReloc

class cle.backends.elf.relocation.s390x.R_390_GLOB_DAT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericJumpslotReloc

class cle.backends.elf.relocation.s390x.R_390_JMP_SLOT(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericJumpslotReloc

class cle.backends.elf.relocation.s390x.R_390_RELATIVE(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericRelativeReloc

class cle.backends.elf.relocation.s390x.R_390_64(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericAbsoluteAddendReloc

class cle.backends.elf.relocation.s390x.R_390_TLS_TPOFF(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericTLSOffsetReloc

class cle.backends.elf.relocation.s390x.R_390_IRELATIVE(owner, symbol, relative_addr, addend=None)

Bases: cle.backends.elf.relocation.generic.GenericIRelativeReloc

cle.backends.pe.relocation.load_relocations()
cle.backends.pe.relocation.get_relocation(arch, r_type)
class cle.backends.pe.relocation.pereloc.PEReloc(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.relocation.Relocation

resolve_symbol(solist, bypass_compatibility=False)
relocate(solist, bypass_compatibility=False)
value
is_base_reloc

These relocations are ignored by the linker if the executable is loaded at its preferred base address. There is no associated symbol with base relocations.

is_import
class cle.backends.pe.relocation.generic.DllImport(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

There’s nothing special to be done for DLL imports but this class provides a unique name to the relocation type.

class cle.backends.pe.relocation.generic.IMAGE_REL_BASED_ABSOLUTE(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

class cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHADJ(owner, addr, next_rva)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

value

In all the other cases, we can ignore the relocation difference part of the calculation because we simply use to_mva() to get our rebased address. In this case, however, we have to adjust the un-rebased address first.

class cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHLOW(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

value
class cle.backends.pe.relocation.generic.IMAGE_REL_BASED_DIR64(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

value
class cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGH(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

value
class cle.backends.pe.relocation.generic.IMAGE_REL_BASED_LOW(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

value
class cle.backends.pe.relocation.i386.IMAGE_REL_BASED_HIGHADJ(owner, addr, next_rva)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHADJ

class cle.backends.pe.relocation.i386.IMAGE_REL_BASED_DIR64(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_DIR64

class cle.backends.pe.relocation.i386.IMAGE_REL_BASED_HIGHLOW(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHLOW

class cle.backends.pe.relocation.i386.IMAGE_REL_BASED_HIGH(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGH

class cle.backends.pe.relocation.i386.IMAGE_REL_BASED_LOW(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_LOW

class cle.backends.pe.relocation.amd64.IMAGE_REL_BASED_HIGHADJ(owner, addr, next_rva)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHADJ

class cle.backends.pe.relocation.amd64.IMAGE_REL_BASED_DIR64(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_DIR64

class cle.backends.pe.relocation.amd64.IMAGE_REL_BASED_HIGHLOW(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHLOW

class cle.backends.pe.relocation.amd64.IMAGE_REL_BASED_HIGH(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGH

class cle.backends.pe.relocation.amd64.IMAGE_REL_BASED_LOW(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_LOW

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_HIGHADJ(owner, addr, next_rva)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHADJ

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_DIR64(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_DIR64

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_HIGHLOW(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHLOW

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_HIGH(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGH

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_LOW(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_LOW

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_MIPS_JMPADDR(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

class cle.backends.pe.relocation.mips.IMAGE_REL_BASED_MIPS_JMPADDR16(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_HIGHADJ(owner, addr, next_rva)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHADJ

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_DIR64(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_DIR64

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_HIGHLOW(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHLOW

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_HIGH(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGH

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_LOW(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_LOW

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_ARM_MOV32(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

class cle.backends.pe.relocation.arm.IMAGE_REL_BASED_THUMB_MOV32(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

class cle.backends.pe.relocation.riscv.IMAGE_REL_BASED_HIGHADJ(owner, addr, next_rva)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHADJ

class cle.backends.pe.relocation.riscv.IMAGE_REL_BASED_DIR64(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_DIR64

class cle.backends.pe.relocation.riscv.IMAGE_REL_BASED_HIGHLOW(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGHLOW

class cle.backends.pe.relocation.riscv.IMAGE_REL_BASED_HIGH(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_HIGH

class cle.backends.pe.relocation.riscv.IMAGE_REL_BASED_LOW(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.generic.IMAGE_REL_BASED_LOW

class cle.backends.pe.relocation.riscv.IMAGE_REL_BASED_RISCV_HIGH20(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

class cle.backends.pe.relocation.riscv.IMAGE_REL_BASED_RISCV_LOW12I(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

class cle.backends.pe.relocation.riscv.IMAGE_REL_BASED_RISCV_LOW12S(owner, symbol, addr, resolvewith=None)

Bases: cle.backends.pe.relocation.pereloc.PEReloc

Thread-local storage

class cle.backends.tls.TLSObject(loader)

Bases: cle.backends.Backend

CLE implements thread-local storage by treating the TLS region as another object to be loaded. Because of the complex interactions between TLS and all the other objects that can be loaded into memory, each TLS object will perform some basic initialization when instanciated, and then once all other objects have been loaded, finalize() is called.

register_object(obj)

Lay out the TLS initialization images into memory. Do the actual work in a subclass.

rebase()
class cle.backends.tls.InternalTLSRelocation(val, offset, owner)

Bases: object

relocate()
cle.backends.tls.elf_tls.roundup(val, to=16)
class cle.backends.tls.elf_tls.ELFTLSObject(loader, max_data=32768, max_modules=256)

Bases: cle.backends.tls.TLSObject

This class is used when parsing the Thread Local Storage of an ELF binary. It heavily uses the TLSArchInfo namedtuple from archinfo.

ELF TLS is implemented based on the following documents:

drop(string, offset)
drop_int(num, offset, needs_relocation=False)
register_object(obj)
map_object(obj)
thread_pointer

The thread pointer. This is a technical term that refers to a specific location in the TLS segment.

user_thread_pointer

The thread pointer that is exported to the user

max_addr
get_addr(module_id, offset)

basically __tls_get_addr.

class cle.backends.tls.pe_tls.PETLSObject(loader, max_modules=256, max_data=32768)

Bases: cle.backends.tls.TLSObject

This class is used when parsing the Thread Local Storage of a PE binary. It represents both the TLS array and the TLS data area for a specific thread.

In memory the PETLSObj is laid out as follows:

+----------------------+---------------------------------------+
| TLS array            | TLS data area                         |
+----------------------+---------------------------------------+

A more detailed description of the TLS array and TLS data areas is given below.

TLS array

The TLS array is an array of addresses that points into the TLS data area. In memory it is laid out as follows:

+-----------+-----------+-----+-----------+
|  address  |  address  | ... |  address  |
+-----------+-----------+-----+-----------+
| index = 0 | index = 1 |     | index = n |
+-----------+-----------+-----+-----------+

The size of each address is architecture independent (e.g. on X86 it is 4 bytes). The number of addresses in the TLS array is equal to the number of modules that contain TLS data. At load time (i.e. in the finalize method), each module is assigned an index into the TLS array. The address of this module’s TLS data area is then stored at this location in the array.

TLS data area

The TLS data area directly follows the TLS array and contains the actual TLS data for each module. In memory it is laid out as follows:

+----------+-----------+----------+-----------+-----+
| TLS data | zero fill | TLS data | zero fill | ... |
+----------+-----------+----------+-----------+-----+
|       module a       |       module b       | ... |
+---------------------------------------------------+

The size of each module’s TLS data area is variable and can be found in the module’s tls_data_size property. The same applies to the zero fill. At load time (i.e in the finalize method), the initial TLS data values are copied into the TLS data area. Because a TLS index is also assigned to each module, we can access a module’s TLS data area using this index into the TLS array to get the start address of the TLS data.

register_object(obj)
map_object(obj)
get_tls_data_addr(tls_idx)

Get the start address of a module’s TLS data area via the module’s TLS index.

From the PE/COFF spec:

The code uses the TLS index and the TLS array location (multiplying the index by the word size and using it as an offset into the array) to get the address of the TLS data area for the given program and module.
max_addr
thread_pointer
user_thread_pointer

Misc. Utilities

cle.gdb.convert_info_sharedlibrary(fname)

Convert a dump from gdb’s info sharedlibrary command to a set of options that can be passed to CLE to replicate the address space from the gdb session

Parameters:fname – The name of a file containing the dump
Returns:A dict appropriate to be passed as **kwargs for angr.Project or cle.Loader
cle.gdb.convert_info_proc_maps(fname)

Convert a dump from gdb’s info proc maps command to a set of options that can be passed to CLE to replicate the address space from the gdb session

Parameters:fname – The name of a file containing the dump
Returns:A dict appropriate to be passed as **kwargs for angr.Project or cle.Loader
class cle.memory.Clemory(arch, root=False)

Bases: object

consecutive
min_addr
max_addr
add_backer(start, data)

Adds a backer to the memory.

Parameters:
  • start – The address where the backer should be loaded.
  • data – The backer itself. Can be either a bytestring or another Clemory.
update_backer(start, data)
remove_backer(start)
backers(addr=0)

Iterate through each backer for this clemory and all its children, yielding tuples of (start_addr, backer) where each backer is a bytearray.

Parameters:addr – An optional starting address - all backers before and not including this address will be skipped.
load(addr, n)

Read up to n bytes at address addr in memory and return a bytes object.

Reading will stop at the beginning of the first unallocated region found, or when n bytes have been read.

store(addr, data)

Write bytes from data at address addr.

Note: If the store runs off the end of a backer and into unbacked space, this function will update the backer but also raise KeyError.

unpack(addr, fmt)

Use the struct module to unpack the data at address addr with the format fmt.

unpack_word(addr, size=None, signed=False, endness=None)

Use the struct module to unpack a single integer from the address addr.

You may override any of the attributes of the word being extracted:

Parameters:
  • size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)
  • signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned
  • archinfo.Endness (str) – The endian to use in packing/unpacking. Defaults to memory endness
pack(addr, fmt, *data)

Use the struct module to pack data into memory at address addr with the format fmt.

pack_word(addr, data, size=None, signed=False, endness=None)

Use the struct module to pack a single integer data into memory at the address addr.

You may override any of the attributes of the word being packed:

Parameters:
  • size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)
  • signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned
  • archinfo.Endness (str) – The endian to use in packing/unpacking. Defaults to memory endness
read(nbytes)

The stream-like function that reads up to a number of bytes starting from the current position and updates the current position. Use with seek().

Up to nbytes bytes will be read, halting at the beginning of the first unmapped region encountered.

seek(value)

The stream-like function that sets the “file’s” current position. Use with read().

Parameters:value – The position to seek to.
tell()
class cle.patched_stream.PatchedStream(stream, patches)

Bases: object

An object that wraps a readable stream, performing passthroughs on seek and read operations, except to make it seem like the data has actually been patched by the given patches.

Parameters:
  • stream – The stream to patch
  • patches – A list of tuples of (addr, patch data)
read(*args, **kwargs)
seek(*args, **kwargs)
tell()
close()
class cle.address_translator.AddressTranslator(rva, owner)

Bases: object

Parameters:
  • rva (int) – virtual address relative to owner’s object image base
  • owner (cle.Backend) – The object owner address relates to
classmethod from_lva(lva, owner)

Loads address translator with LVA

classmethod from_mva(mva, owner)

Loads address translator with MVA

classmethod from_rva(rva, owner)

Loads address translator with RVA

classmethod from_raw(raw, owner)

Loads address translator with RAW address

classmethod from_linked_va(lva, owner)

Loads address translator with LVA

classmethod from_va(mva, owner)

Loads address translator with MVA

classmethod from_mapped_va(mva, owner)

Loads address translator with MVA

classmethod from_relative_va(rva, owner)

Loads address translator with RVA

to_lva()

VA -> LVA :rtype: int

to_mva()

RVA -> MVA :rtype: int

to_rva()

RVA -> RVA :rtype: int

to_raw()

RVA -> RAW :rtype: int

to_linked_va()

VA -> LVA :rtype: int

to_va()

RVA -> MVA :rtype: int

to_mapped_va()

RVA -> MVA :rtype: int

to_relative_va()

RVA -> RVA :rtype: int

cle.address_translator.AT

alias of cle.address_translator.AddressTranslator

cle.utils.ALIGN_DOWN(base, size)
cle.utils.ALIGN_UP(base, size)
cle.utils.get_mmaped_data(stream, offset, length, page_size)
cle.utils.stream_or_path(obj, perms='rb')
cle.utils.key_bisect_floor_key(lst, key, lo=0, hi=None, keyfunc=<function <lambda>>)
cle.utils.key_bisect_find(lst, item, lo=0, hi=None, keyfunc=<function <lambda>>)
cle.utils.key_bisect_insort_left(lst, item, lo=0, hi=None, keyfunc=<function <lambda>>)

Errors

exception cle.errors.CLEError

Bases: Exception

Base class for errors raised by CLE.

exception cle.errors.CLEUnknownFormatError

Bases: cle.errors.CLEError

Error raised when CLE encounters an unknown executable file format.

exception cle.errors.CLEFileNotFoundError

Bases: cle.errors.CLEError

Error raised when a file does not exist.

exception cle.errors.CLEInvalidBinaryError

Bases: cle.errors.CLEError

Error raised when an executable file is invalid or corrupted.

exception cle.errors.CLEOperationError

Bases: cle.errors.CLEError

Error raised when a problem is encountered in the process of loading an executable.

exception cle.errors.CLECompatibilityError

Bases: cle.errors.CLEError

Error raised when loading an executable that is not currently supported by CLE.