[Tools] Elfina—A multi-architecture ELF loader supporting x86 and x86-64 binaries

First Post:

Last Update:

Word Count:
347

Read Time:
2 min

Elfina

Elfina is a multi-architecture ELF loader supporting x86 and x86-64 binaries.

Background

Recently, I have been studying reverse engineering on Windows and the PE file format.
After that, I started exploring ELF binaries to learn more about Linux reverse engineering and rootkit development.

To better understand how ELF executables are loaded and executed, I developed Elfina as a learning project focused on the Linux kernel and the ELF file format.

If you find this project useful or informative, a ⭐ would be appreciated!

GitHub repository: https://github.com/iss4cf0ng/Elfina

Disclaimer

This project is intended for educational and research purposes only.

It is designed to help understand:

  • ELF file format
  • Reverse engineering concepts

Features

  • Multi-architecture ELF loader
  • Support for x86 and x86-64 ELF binaries
  • Multiple execution methods
    • --mmap loading
    • --memfd execution
  • ELF probing
    • --info displays ELF metadata and structure

Supported ELF Architectures

Architecture Bits Common Devices
x86 (i386) 32-bit Old PCs, 32-bit Linux
x86-64 64-bit Modern PCs, servers
ARM32 32-bit Raspberry Pi 2, older Android
AArch64 (ARM64) 64-bit Raspberry Pi 3/4/5, modern Android
RISC-V 64 64-bit SiFive boards, VisionFive, emerging Linux devices

Quick Start

Requirements

1
sudo apt install gcc-multilib

Download and extract the release package:

1
2
3
4
5
wget https://github.com/iss4cf0ng/Elfina/releases/latest/download/elfina-linux.tar.gz
tar -xzf elfina-linux.tar.gz
cd elfina
chmod +x ./elfina
chmod +x ./elfina32

The layout is shown as follows:

1
2
3
elfina/
 ├ elfina
 └ elfina32

Usage

1
2
3
4
5
6
7
8
9
./elfina --coffee
./elfina --info <x64_elf_path>
./elfina --mmap <x64_elf_path> [arguments]
./elfina --memfd <x64_elf_path> [arguments]

./elfina32 --coffee
./elfina32 --info <x86_elf_path>
./elfina32 --mmap <x86_elf_path> [arguments]
./elfina32 --memfd <x86_elf_path> [arguments]

Build from Source

Clone the repository and compile the project:

1
2
3
git clone https://github.com/iss4cf0ng/Elfina
cd Elfina
make

or
1
2
chmod +x build.sh
./build.sh

Demonstration

elfina (x86-64)

elfina32 (32-bit)

On Windows Subsystem for Linux (WSL2), Elfina cannot execute 32-bit ELF binary files. Probing (--info) and 64-bit execution work fine. For full 32-bit support, use a native Linux environment or a VM such as VirtualBox or VMWare.

THANKS FOR READING