- Language:
Python 3- Purpose:
Parse and analyze ELF shared libraries (.so) of various architectures to search for functions by offset or name, enabling comparison of symbols across multiple ELF binaries.- Dependencies:
lief- Status:
Stable, tested on multiple ELF libraries
- Search functions by offset or mangled/unmangled name
- Supports exact and partial function name matching
- Cross-library comparison of function offsets
- Works with ARM/Thumb addresses (normalization)
This tool works with ELF shared libraries of various architectures, including but not limited to:
- ARM (armeabi-v7a, arm64-v8a)
- x86 and x86_64
- MIPS
- Other ELF-compatible architectures
The tool relies on the presence of symbol tables within the ELF files.
- Requires ELF binaries to contain symbol tables (not stripped).
- Function offset accuracy may vary depending on the compiler, linking, and architecture specifics.
- Partial name matching may produce multiple matches; user discretion advised.
- Currently focuses on shared libraries (.so) and may not fully support executable ELF files or static libraries.
- Clone or download the repo
- Install dependencies:
pip install -r requirements.txt- Run the script:
python main.py- Follow interactive prompts:
- Enter path to main
.solibrary- Enter paths to other
.solibraries (comma separated) for comparison- Enter function offset (hex, e.g.
0x00541D34) or function name
kuzia15 — author, maintainer, code & ideas
