goblin 0.8 releases: cross-platform binary parsing crate, written in Rust
libgoblin
libgoblin is a cross-platform trifecta of binary parsing and loading fun. It supports:
- An ELF32/64 parser, and raw C structs
- A 32/64-bit, zero-copy, endian aware, Mach-o parser, and raw C structs
- A PE32/PE32+ (64-bit) parser, and raw C structs
- A Unix archive parser and loader
Goblin requires at least rustc 1.31.1, uses the 2018 rust edition and is developed on stable.
Goblin primarily supports the following important use cases:
- Core, std-free #[repr(C)] structs, tiny compile-time, 32/64 (or both) at your leisure
- Type punning. Define a function once on a type, but have it work on 32 or 64-bit variants – without really changing anything, and no macros! See examples/automagic.rs for a basic example.
- std mode. This throws in read and write impls via Pread and Pwrite, reading from file, convenience allocations, extra methods, etc. This is for clients who can allocate and want to read binaries off the disk.
- Endian_fd. A truly terrible name :laughing: this is for binary analysis like in panopticon which needs to read binaries of foreign endianness, or as a basis for constructing cross-platform foreign architecture binutils, e.g. cargo-sym and bingrep are simple examples of this, but the sky is the limit.
libgoblin is engineered to be tailored towards very different use-case scenarios, for example:
- a no-std mode; just simply set default features to false
- an endian aware parsing and reading
- for binary loaders which don’t require this, simply use elf32 and elf64 (and std of course)
For example, if you are writing a 64-bit kernel, or just want a barebones C-like header interface which defines the structures, just select elf64, –cfg feature=\”elf64\”, which will compile without std.
Similarly, if you want to use host endianness loading via the various from_fd methods, –cfg feature=\”std\”, which will not use the byteorder extern crate, and read the bytes from disk in the endianness of the host machine.
If you want an endian aware reading, and you don’t use the default, then you need to opt-in as normal via endian_fd
Module
| archive | Implements a simple parser and extractor for a Unix Archive. |
| container | Binary container size information and byte-order context |
| elf | The generic ELF module, which gives access to ELF constants and other helper functions, which are independent of ELF bithood. Also defines an Elf struct which implements a unified parser that returns a wrapped Elf64 or Elf32binary. |
| elf32 | The ELF 32-bit struct definitions and associated values, re-exported for easy “type-punning” |
| elf64 | The ELF 64-bit struct definitions and associated values, re-exported for easy “type-punning” |
| error | A custom Goblin error |
| mach | The Mach-o, mostly zero-copy, binary format parser and raw struct definitions |
| pe | A PE32 and PE32+ parser |
| strtab | A byte-offset based string table. Commonly used in ELF binaries, Unix archives, and even PE binaries. |
Changelog v0.8
Breaking
msrv: bumped to 1.63.0 since scroll bumped as well pe: new field added to parse options: #377 pe: attribute certs now non-exhaustive: #378 goblin: hint and object enum is now non-exhaustive pe: write support introduced some breaking changes, e.g., data directories array adds a tuple of usize and data directory, DosHeader has all the fields filled out, Header struct has a dos_stub field added, symbols and strings fields is made optional in Coff struct, see: #361
Fixed
elf: fix documentation, thanks @crzysdrs: #374 pe: attribute certificates non-exhaustive, thanks @RaitoBezarius: #378 pe: fix authenticode parsing, thanks @baloo: #383
Added
strtab: len method added to return number of bytes of the strtab pe: absolutely epic pe write support PR, thanks @RaitoBezarius and @Baloo: #361 pe: add coff object file support, thanks @vadimcn, #379 pe: allow toggling parsing of attribute certs, thanks @suttonbradley: #377 mach: add new mach-o constants, thanks @keith: #372
Download && Use
Copyright (c) m4b 2016-2018
