scanelf

Langue: en

Version: 02/14/2010 (fedora - 01/12/10)

Section: 1 (Commandes utilisateur)

NAME

scanelf - user-space utility to scan ELF files

SYNOPSIS

scanelf [options] ELFs or directories

DESCRIPTION

scanelf

is a user-space utility to quickly scan given ELFs, directories, or common system paths for different information. This may include ELF types, their PaX markings, TEXTRELs, etc...

OPTIONS

-A, --archives

Scan archives (.a files)

-a, --all

Print all useful/simple info

-B, --nobanner

Don't display the header

-b, --bind

Print symbol binding information (lazy or now)

-D, --endian

Print ELF endianness (big/little/...)

-E, --etype ETYPE

Print only ELF files matching specified etype (like ET_DYN, ET_EXEC, etc...)

-e, --header

Print GNU_STACK markings

-F, --format FORMAT

Use specified format for output; see the FORMAT section for more information

-f, --from FILE

Read input stream from specified filename

-g, --gmatch

Use strncmp to match libraries (use with -N). Or regexp with symbol matching

-h, --help

Show condensed usage and exit

-I, --osabi

Print OSABI

-i, --interp

Print the interpreter information (.interp/PT_INTERP)

-k, --section SECTION

Find ELFs with the specified section

-L, --ldcache

Utilize ld.so.cache information (use with -r/-n)

-l, --ldpath

Scan all directories in /etc/ld.so.conf

-M, --bits BITS

Print only ELF files matching specified numeric bits (like 32/64)

-m, --mount

Don't recursively cross mount points

-N, --lib SONAME

Find ELFs that need the specified SONAME

-n, --needed

Print libraries the ELF is linked against (DT_NEEDED)

-O, --perms PERMS

Print only ELF files with matching specified octal bits (like 755)

-o, --file FILE

Write output stream to specified filename

-p, --path

Scan all directories in PATH environment

-q, --quiet

Only output 'bad' things

-R, --recursive

Scan directories recursively

-r, --rpath

Print runpaths encoded in the ELF (DT_RPATH/DT_RUNPATH)

-S, --soname

Print the ELF's shared library name (DT_SONAME)

-s, --symbol SYMBOL

Find the specified symbol; see SYMBOL MATCHING for more info

-T, --textrels

Locate cause of TEXTRELs via objdump

-t, --textrel

Print TEXTREL information

-V, --version

Print version and exit

-v, --verbose

Be verbose (can be used more than once)

-X, --fix

Try and 'fix' bad things (use with -r/-e)

-x, --pax

Print PaX markings

-Y, --eabi

Print EABI (only matters for a few architectures)

-y, --symlink

Don't scan symlinks

-Z, --size SIZE

Print ELF file size

-z, --setpax FLAGS

Sets EI_PAX/PT_PAX_FLAGS to specified flags (use with -Xx)

FORMAT

The format string is much like a printf string in that it is a literal string with flags requesting different information. For example, you could use a format string and expect the following results.

   # scanelf -BF "file %f needs %n; funky time" /bin/bash
   file bash needs libncurses.so.5,libdl.so.2,libc.so.6; funky time
  
 

Note that when you use a format string, generally information related flags should be omitted. In other words, you do not want to try and request NEEDED output (-n) and try to specify a format output at the sametime as these operations are mutually exclusive. Each information related flag has an equivalent conversion specifier, so use those instead. You can of course continue to use non-information related flags (such as --verbose).

There are three characters that introduce conversion specifiers.

* % - replace with info

*
# - silent boolean match
*
+ - verbose match

And there are a number of conversion specifiers. We try to match up the specifier with corresponding option.

* a - machine (EM) type

*
b - bind flags
*
e - program headers
*
D - endian
*
I - osabi
*
Y - eabi
*
F - long filename
*
f - short filename
*
i - interp
*
k - section
*
M - EI class
*
N - specified needed
*
n - needed libraries
*
p - filename (minus search)
*
o - etype
*
O - perms
*
r - runpaths
*
S - SONAME
*
s - symbol
*
T - all textrels
*
t - textrel status
*
x - pax flags

SYMBOL MATCHING

A - prefix will only show undefined references while a + prefix will only show defined references while no prefix will show both.

ELF ETYPES

You can narrow your search by specifying the ELF object file type (ETYPE). The commandline option takes the numeric value and or symbolic type. Multiple values can be passed comma separated. Example -E ET_EXEC,ET_DYN,1

Here is the normal list available for your pleasure. You of course are free to specify any numeric value you want.

* 0 - ET_NONE - unknown type

*
1 - ET_REL - relocatable file
*
2 - ET_EXEC - executable file
*
3 - ET_DYN - shared object
*
4 - ET_CORE - core file

ELF BITS

You can also narrow your search by specifying the ELF bitsize. Again, specify the numeric value or the symbolic define.

* 32 - ELFCLASS32 - 32bit ELFs

*
64 - ELFCLASS64 - 64bit ELFs

HOMEPAGE

m[blue]http://hardened.gentoo.org/pax-utils.xmlm[]

REPORTING BUGS

Please include as much information as possible (using any available debugging options) and send bug reports to the maintainers (see the AUTHORS section). Please use the Gentoo bugzilla at m[blue]http://bugs.gentoo.org/m[] if possible.

SEE ALSO

chpax(1), dumpelf(1), paxctl(1), pspax(1), readelf(1), scanelf(1)

AUTHORS

Ned Ludd <solar@gentoo.org>

Maintainer

Mike Frysinger <vapier@gentoo.org>

Maintainer

Fabian Groffen <grobian@gentoo.org>

Mach-O Maintainer

NOTES

1.
http://hardened.gentoo.org/pax-utils.xml
2.
http://bugs.gentoo.org/