Goblin - An Impish, Cross-Platform Binary Parsing Crate, Written In Rust
Documentation
https://docs.rs/goblin/
changelog
Usage
Goblin requires
rustc
1.31.1.Add to your
Cargo.toml
[dependencies]
goblin = "0.1"
Features
- awesome crate name
- zero-copy, cross-platform, endian-aware, ELF64/32 implementation - wow!
- zero-copy, cross-platform, endian-aware, 32/64 bit Mach-o parser - zoiks!
- PE 32/64-bit parser - bing!
- a Unix and BSD style archive parser (latter courtesy of @willglynn) - huzzah!
- many cfg options - it will make your head spin, and make you angry when reading the source!
- fuzzed - "I am happy to report that goblin withstood 100 million fuzzing runs, 1 million runs each for seed 1~100." - @sanxiyn
- tests
libgoblin
aims to be your one-stop shop for binary parsing, loading, and analysis.Use-cases
Goblin primarily supports the following important use cases:
- Core, std-free
#[repr(C)]
structs, tiny compile time, 32/64 (or both) at your leisure.
- Type punning. Define a function once on a type, but have it work on 32 or 64-bit variants - without really changing anything, and no macros! See
examples/automagic.rs
for a basic example.
-
std
mode. This throws in read and write impls viaPread
andPwrite
, reading from file, convenience allocations, extra methods, etc. This is for clients who can allocate and want to read binaries off disk.
-
Endian_fd
. A truly terrible name this is for binary analysis like in panopticon or falcon which needs to read binaries of foreign endianness, or as a basis for constructing cross platform foreign architecture binutils, e.g. cargo-sym and bingrep are simple examples of this, but the sky is the limit.
- Write a compiler and use it to generate binaries (all the raw C structs have
Pwrite
derived). - Write a binary analysis tool which loads, parses, and analyzes various binary formats, e.g., panopticon or falcon.
- Write a semi-functioning dynamic linker.
- Write a kernel and load binaries using
no_std
cfg. I.e., it is essentially just struct and const defs (like a C header) - no fd, no output, no std. - Write a bin2json tool, because why shouldn't binary formats be in JSON?
Cfgs
libgoblin
is designed to be massively configurable. The current flags are:- elf64 - 64-bit elf binaries,
repr(C)
struct defs - elf32 - 32-bit elf binaries,
repr(C)
struct defs - mach64 - 64-bit mach-o
repr(C)
struct defs - mach32 - 32-bit mach-o
repr(C)
struct defs - pe32 - 32-bit PE
repr(C)
struct defs - pe64 - 64-bit PE
repr(C)
struct defs - archive - a Unix Archive parser
- endian_fd - parses according to the endianness in the binary
- std - to allow
no_std
environments
Contributors
In lexicographic order:
- @amanieu
- @burjui
- @flanfly
- @ibabushkin
- @jan-auer
- @jdub
- @jrmuizel
- @jsgf
- @kjempelodott
- @le-jzr
- @lion128
- @llogiq
- @lzutao
- @lzybkr
- @m4b
- @mitsuhiko
- @mre
- @pchickey
- @philipc
- @Pzixel
- @raindev
- @rocallahan
- @sanxiyn
- @tathanhdinh
- @Techno-coder
- @ticki
- @wickerwacka
- @willglynn
- @wyxloading
- @xcoldhandsx
Goblin - An Impish, Cross-Platform Binary Parsing Crate, Written In Rust
Reviewed by Zion3R
on
6:01 PM
Rating: