🌐
Js2iiu
js2iiu.com › ホーム › programming › python › 【python】バイナリ解析ツール – capstone, angr, pyelftools
【Python】バイナリ解析ツール – capstone, angr, pyelftools | アマチュア無線局JS2IIU
March 8, 2025 - pyelftoolsは、ELFファイルから隠されたシンボルを特定。 · マルウェア解析に利用し、不審な挙動を特定。 · 独自のバイナリ形式を解析し、リバースエンジニアリングに応用。 · capstoneは、軽量で高速な逆アセンブラ。
🌐
GitHub
github.com › HBehrens › puncover › issues › 11
Investigate if pyelftools + capstone can remove dependencies to GCC · Issue #11 · HBehrens/puncover
April 18, 2017 - https://github.com/eliben/pyelftools · http://www.capstone-engine.org · Reactions are currently unavailable · No one assigned · No labels · No labels · No projects · No milestone · None yet · No branches or pull requests ·
Author   HBehrens
🌐
GitHub
github.com › blasty › ropstone
GitHub - blasty/ropstone: A code gadget finder based on capstone/keystone/pyelftools
A code gadget finder based on capstone/keystone/pyelftools - blasty/ropstone
Starred by 92 users
Forked by 11 users
Languages   Python 100.0% | Python 100.0%
🌐
DEV Community
dev.to › icyphox › python-for-reverse-engineering-1-elf-binaries-1fo4
Python for Reverse Engineering #1: ELF Binaries - DEV Community
March 14, 2019 - where capstone is the disassembly engine we’ll be scripting with and pyelftools to help parse ELF files.
🌐
Binary Research
binaryresearch.github.io › 2019 › 12 › 11 › Analyzing-ELF-Binaries-with-Malformed-Headers-Part-2-Mapping-Program-Logic-with-Qiling-and-Graphviz.html
Analyzing ELF Binaries with Malformed Headers Part 2 - Mapping Program Logic with Qiling and Graphviz | Binary Research
December 11, 2019 - Fortunately, there is no need for special tools to parse the header in this case - pyelftools [2] can be used straightforwardly, and Qiling loads it without any problems. In order to produce correct disassembly with Capstone, it is necessary to find the file offset of the program entry point.
🌐
Devhub
devhub.io › repos › blasty-ropstone
Devhub
We cannot provide a description for this page right now
🌐
PyPI
pypi.org › project › pyelftools
pyelftools · PyPI
Details for the file pyelftools-0.33.tar.gz.
      » pip install pyelftools
    
Published   May 29, 2026
Version   0.33
🌐
Binary Research
binaryresearch.github.io › 2019 › 09 › 17 › Analyzing-ELF-Binaries-with-Malformed-Headers-Part-1-Emulating-Tiny-Programs.html
Analyzing ELF Binaries with Malformed Headers Part 1 - Emulating Tiny Programs | Binary Research
September 17, 2019 - As it turns out, Capstone is a linear sweep-based disassembler (as opposed to recursive traversal-based, like radare2)[7][8]. This means that beginning at the start address, it disassembles all bytes as code until the end address, ignoring ...
🌐
Medium
medium.com › @CodeWithHannan › python-for-reverse-engineering-parsing-binary-files-and-decompiling-code-a7bf9674cf6b
Python for Reverse Engineering: Parsing Binary Files and Decompiling Code | by Code With Hannan | Medium
July 24, 2025 - Security researchers analyzing unknown malware binaries often use capstone to see instructions before deeper dynamic analysis. Executable and Linkable Format (ELF) is a common format for Linux executables. pyelftools can read and extract headers and sections.
Find elsewhere
🌐
GitHub
github.com › eliben › pyelftools › wiki › User's-guide
User's guide · eliben/pyelftools Wiki · GitHub
February 1, 2022 - If you have a basic grasp of Python and are somewhat familiar with the problem domain pyelftools aims to address (ELF and DWARF formats), you should be able to get going just from looking at the examples - reading this guide is not necessary.
Author   eliben
🌐
GitHub
github.com › eliben › pyelftools
GitHub - eliben/pyelftools: Parsing ELF and DWARF in Python · GitHub
Parsing ELF and DWARF in Python. Contribute to eliben/pyelftools development by creating an account on GitHub.
Starred by 2.3K users
Forked by 542 users
Languages   Python 97.7% | C 1.5% | Assembly 0.5% | Linker Script 0.1% | Makefile 0.1% | Nix 0.1%
🌐
GitHub
github.com › topics › capstone
capstone · GitHub Topics · GitHub
python static-analysis reverse-engineering capstone elf android-app binary-analysis mobile-security disassembly apk-analysis security-research android-reverse-engineering pyelftools llm litellm sdk-detection
🌐
Medium
medium.com › analytics-vidhya › exploring-elf-files-using-pyelftools-93bb7665cce3
Exploring ELF files using pyelftools | by Roman Storozhenko | Analytics Vidhya | Medium
October 27, 2020 - In this article I would like to show some usage examples of of pyelftools. I don’t show how to use pyelftools itself, that is, its classes and other features, as you can find it in the documentation and source code itself.
🌐
GitHub
github.com › CarterPerez-dev › Cybersecurity-Projects › blob › main › SYNOPSES › intermediate › Binary.Analysis.Tool.md
Cybersecurity-Projects/SYNOPSES/intermediate/Binary.Analysis.Tool.md at main · CarterPerez-dev/Cybersecurity-Projects
Implement binary file parsing using libraries like capstone for disassembly, pefile for PE analysis, and pyelftools for ELF analysis. Parse binary file headers extracting architecture (x86, x64, ARM), compilation timestamp, entry point, sections, ...
Author   CarterPerez-dev
Top answer
1 of 1
7

According to the author @eli-bendersky, pyelftools is a module for parsing and analyzing ELF/DWARF files and it has no direct way of modifying them. I had a look at the module source files and could not find any methods to edit/save either.

On the introductory post, within comments author acknowledges that pyelftools has no API-level support to do this but some tinkering around can help achieve what you need.

If pyelftools is not a hard dependency, here's an example on how to do the same using elffile:

Copyimport elffile

eo = elffile.open(name="/bin/ls")
eo.fileHeader.shnum = 30
with open('./ls.bin', 'wb') as f: f.write(eo.pack())

Using readelf, you can verify that changes were saved correctly:

Copyreadelf -h ls.bin 
ELF Header:
  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF32
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Intel 80386
  Version:                           0x1
  Entry point address:               0x804be34
  Start of program headers:          105068 (bytes into file)
  Start of section headers:          103948 (bytes into file)
  Flags:                             0x0
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         9
  Size of section headers:           40 (bytes)
  Number of section headers:         30
  Section header string table index: 27
readelf: Error: Unable to read in 0x708 bytes of section headers

There's not much documentation on elffile but you can have a look at the source and figure out ways to replicate pyelftools-specific functionality. If that doesn't work, you can try using both pyelftools for reading/analyzing tasks and elffile to edit sections and write changes.

🌐
Stack Overflow
stackoverflow.com › questions › tagged › pyelftools
Newest 'pyelftools' Questions - Stack Overflow
I am simply trying to grab the program header information with pyelftools (the offset, virtual address, and physical address).
🌐
Debian
packages.debian.org › sid › python3-pyelftools
Debian -- Details of package python3-pyelftools in sid
pyelftools is a pure-Python library for parsing and analyzing ELF files and DWARF debugging information.
🌐
GitHub
github.com › mildsunrise › darter
GitHub - mildsunrise/darter: :detective: Dart / Flutter VM snapshot analyzer · GitHub
parse_elf_snapshot(...) requires pyelftools · the darter.asm module (for analyzing the assembled code) requires Capstone (and its python binding) darter in itself is just a module, it has no stand-alone program or CLI. The recommended way to use it is by including it in a notebook and playing with the parsed data.
Starred by 342 users
Forked by 53 users
Languages   Jupyter Notebook 58.1% | Python 40.0% | JavaScript 1.9%