logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

scanelf - user-space utility to scan ELF files

Contents

Authors

NedLudd <solar@gentoo.org>
           Maintainer

       MikeFrysinger <vapier@gentoo.org>
           Maintainer

       FabianGroffen <grobian@gentoo.org>
           Mach-O Maintainer

Description

scanelf is a user-space utility to quickly scan given ELFs, directories, or common system paths for
       different information. This may include ELF types, their PaX markings, TEXTRELs, etc...

Elf Bits

       You  can  also  narrow your search by specifying the ELF bitsize. Again, specify the numeric value or the
       symbolic define.

       • 32-ELFCLASS32 - 32bit ELFs
       • 64-ELFCLASS64 - 64bit ELFs

Elf Etypes

       You can narrow your search by specifying the ELF object file type (ETYPE). The commandline  option  takes
       the  numeric  value  and  or  symbolic  type.  Multiple  values can be passed comma separated. Example -E
       ET_EXEC,ET_DYN,1

       Here is the normal list available for your pleasure. You of course are free to specify any numeric  value
       you want.

       • 0-ET_NONE - unknown type
       • 1-ET_REL - relocatable file
       • 2-ET_EXEC - executable file
       • 3-ET_DYN - shared object
       • 4-ET_CORE - core file

Format

       The format string is much like a printf string in that it is a literal string with flags requesting
       different information. For example, you could use a format string and expect the following results.

             # scanelf-BF "file %f needs %n; funky time" /bin/bash
             file bash needs libncurses.so.5,libdl.so.2,libc.so.6; funky time

       Note that when you use a format string, generally information related flags should be omitted. In other
       words, you do not want to try and request NEEDED output (-n) and try to specify a format output at the
       same time as these operations are mutually exclusive. Each information related flag has an equivalent
       conversion specifier, so use those instead. You can of course continue to use non-information related
       flags (such as --verbose).

       There are three characters that introduce conversion specifiers.

       • % - replace with info
       • # - silent boolean match
       • + - verbose match

       And  there  are  a  number  of conversion specifiers. We try to match up the specifier with corresponding
       option.

       • a - machine (EM) type
       • b - bind flags
       • e - program headers
       • D - endian
       • I - osabi
       • Y - eabi
       • F - long filename
       • f - short filename
       • i - interp
       • k - section
       • M - EI class
       • N - specified needed
       • n - needed libraries
       • p - filename (minus search)
       • o - etype
       • O - perms
       • r - runpaths
       • S - SONAME
       • s - symbol
       • T - all textrels
       • t - textrel status
       • x - pax flags

Homepage

https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities

Name

       scanelf - user-space utility to scan ELF files

Needed Soname Matching

       A !  prefix will only show ELF's that do not depend on the specified library.

Notes

        1. https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities

        2. https://bugs.gentoo.org/

pax-utils 1.3.8                                    09/25/2024                                         SCANELF(1)

Options

-A, --archives
           Scan archives (.a files)

       -a, --all
           Print all useful/simple info

       -B, --nobanner
           Don't display the header

       -b, --bind
           Print symbol binding information (lazy or now)

       -D, --endian
           Print ELF endianness (big/little/...)

       -E, --etypeETYPE
           Print only ELF files matching specified etype (like ET_DYN, ET_EXEC, etc...)

       -e, --header
           Print GNU_STACK markings

       -F, --formatFORMAT
           Use specified format for output; see the FORMAT section for more information

       -f, --fromFILE
           Read input stream from specified filename

       -g, --gmatch
           Use strncmp to match libraries (use with -N). Or regexp with symbol matching

       -h, --help
           Show condensed usage and exit

       -I, --osabi
           Print OSABI

       -i, --interp
           Print the interpreter information (.interp/PT_INTERP)

       -k, --sectionSECTION
           Find ELFs with the specified section. May be specified multiple times to match multiple sections
           simultaneously. See SECTIONMATCHING for more info.

       -L, --ldcache
           Utilize ld.so.cache information (use with -r/-n)

       -l, --ldpath
           Scan all directories in /etc/ld.so.conf-M, --bitsBITS
           Print only ELF files matching specified numeric bits (like 32/64)

       -m, --mount
           Don't recursively cross mount points

       -N, --libSONAME
           Find ELFs that need the specified SONAME. May be specified multiple times to match multiple SONAMEs
           simultaneously. See SONAMEMATCHING for more info.

       -n, --needed
           Print libraries the ELF is linked against (DT_NEEDED)

       -O, --permsPERMS
           Print only ELF files with matching specified octal bits (like 755)

       -o, --fileFILE
           Write output stream to specified filename

       -p, --path
           Scan all directories in PATH environment

       -q, --quiet
           Only output 'bad' things

       -R, --recursive
           Scan directories recursively

       -r, --rpath
           Print runpaths encoded in the ELF (DT_RPATH/DT_RUNPATH)

       -S, --soname
           Print the ELF's shared library name (DT_SONAME)

       -s, --symbolSYMBOL
           Find the specified symbol; see SYMBOLMATCHING for more info

       -T, --textrels
           Locate cause of TEXTRELs via objdump

       -t, --textrel
           Print TEXTREL information

       -V, --version
           Print version and exit

       -v, --verbose
           Be verbose (can be used more than once)

       -X, --fix
           Try and 'fix' bad things (use with -r/-e)

       -x, --pax
           Print PaX markings

       -Y, --eabi
           Print EABI (only matters for a few architectures)

       -y, --symlink
           Don't scan symlinks

       -Z, --sizeSIZE
           Print ELF file size

       -z, --setpaxFLAGS
           Sets EI_PAX/PT_PAX_FLAGS to specified flags (use with -Xx)

       --use-ldpath
           Use the ld.so.conf paths to find the full path to libraries (use in conjunction with --needed).

       --rootPATH
           Search the specified root tree instead of /. Generally paired with options like -l or -p. This
           implicitly treats all paths specified on the command line as relative to the root, so be sure to omit
           it if you are explicitly listing ELFs.

       --ldcachePATH
           Use specified path instead of /etc/ld.so.cache. Generally paired with options like -L or -n.

Reporting Bugs

       Please include as much information as possible (using any  available  debugging  options)  and  send  bug
       reports   to   the   maintainers   (see   the  AUTHORS  section).  Please  use  the  Gentoo  bugzilla  at
       https://bugs.gentoo.org/ if possible.

Section Matching

       A !  prefix will only show ELF's that do not have the specified section.

See Also

chpax(1), dumpelf(1), paxctl(1), pspax(1), readelf(1), scanelf(1), elf(5)

Symbol Matching

       The string specified takes the form [%[modifiers]%][[+-]<symbolname>][,[.....]].

       If the symbolname is empty, then all symbols are matched.

       If the symbolname is a glob ("*"), then all symbols are dumped in a debug format. Do  not  rely  on  the
       structure of this output as it changes whenever we feel like it.

       If  the  first  char of the symbol name is a plus ("+"), then only match defined symbols. If it's a minus
       ("-"), only match undefined symbols. When we say "defined", we mean the symbol is defined in the  ELF  vs
       having an external reference.

       Putting  modifiers  in between the percent signs ("%") allows for more in depth filters. There are groups
       of modifiers. If you don't specify a member of a group, then all types in that group are matched.

       • STTgroup (symbol type)
       • n - STT_NOTYPE
       • o - STT_OBJECT
       • f - STT_FUNC
       • F - STT_FILE
       • STBgroup (symbol binding)
       • l - STB_LOCAL
       • g - STB_GLOBAL
       • w - STB_WEAK
       • STVgroup (symbol visibility)
       • p - STV_DEFAULT
       • i - STV_INTERNAL
       • h - STV_HIDDEN
       • P - STV_PROTECTED
       • SHNgroup (section header)
       • d - defined
       • u - SHN_UNDEF
       • a - SHN_ABS
       • c - SHN_COMMON

       You can search for multiple symbols simultaneously by using a comma (",") to separate different searches.
       Every symbol that matches will be displayed while unmatched symbols will not.

Synopsis

scanelf [options] ELFs or directories

See Also

Headphones Icomoon
Headphones Icomoon SVG Icons
Man Pages
Printing Man Pages
Symbol
Symbol PNG Icons
Information
Information PNG Icons
Man Pages
scan Man Pages
Man Pages
formats Man Pages
Match
Match PNG Icons
Filing
Filing PNG Icons
Man Pages
PPIx::QuoteLike::Constant Man Pages
← View User commands Category← Back to Miscellaneous diversions🙏  Credits & Acknowledgments