1SCANELF(1)                Documentation for pax-utils               SCANELF(1)
2
3
4

NAME

6       scanelf - user-space utility to scan ELF files
7

SYNOPSIS

9       scanelf [options] ELFs or directories
10

DESCRIPTION

12       scanelf is a user-space utility to quickly scan given ELFs,
13       directories, or common system paths for different information. This may
14       include ELF types, their PaX markings, TEXTRELs, etc...
15

OPTIONS

17       -A, --archives
18           Scan archives (.a files)
19
20       -a, --all
21           Print all useful/simple info
22
23       -B, --nobanner
24           Don't display the header
25
26       -b, --bind
27           Print symbol binding information (lazy or now)
28
29       -D, --endian
30           Print ELF endianness (big/little/...)
31
32       -E, --etype ETYPE
33           Print only ELF files matching specified etype (like ET_DYN,
34           ET_EXEC, etc...)
35
36       -e, --header
37           Print GNU_STACK markings
38
39       -F, --format FORMAT
40           Use specified format for output; see the FORMAT section for more
41           information
42
43       -f, --from FILE
44           Read input stream from specified filename
45
46       -g, --gmatch
47           Use strncmp to match libraries (use with -N). Or regexp with symbol
48           matching
49
50       -h, --help
51           Show condensed usage and exit
52
53       -I, --osabi
54           Print OSABI
55
56       -i, --interp
57           Print the interpreter information (.interp/PT_INTERP)
58
59       -k, --section SECTION
60           Find ELFs with the specified section. May be specified multiple
61           times to match multiple sections simultaneously. See SECTION
62           MATCHING for more info.
63
64       -L, --ldcache
65           Utilize ld.so.cache information (use with -r/-n)
66
67       -l, --ldpath
68           Scan all directories in /etc/ld.so.conf
69
70       -M, --bits BITS
71           Print only ELF files matching specified numeric bits (like 32/64)
72
73       -m, --mount
74           Don't recursively cross mount points
75
76       -N, --lib SONAME
77           Find ELFs that need the specified SONAME. May be specified multiple
78           times to match multiple SONAMEs simultaneously. See SONAME MATCHING
79           for more info.
80
81       -n, --needed
82           Print libraries the ELF is linked against (DT_NEEDED)
83
84       -O, --perms PERMS
85           Print only ELF files with matching specified octal bits (like 755)
86
87       -o, --file FILE
88           Write output stream to specified filename
89
90       -p, --path
91           Scan all directories in PATH environment
92
93       -q, --quiet
94           Only output 'bad' things
95
96       -R, --recursive
97           Scan directories recursively
98
99       -r, --rpath
100           Print runpaths encoded in the ELF (DT_RPATH/DT_RUNPATH)
101
102       -S, --soname
103           Print the ELF's shared library name (DT_SONAME)
104
105       -s, --symbol SYMBOL
106           Find the specified symbol; see SYMBOL MATCHING for more info
107
108       -T, --textrels
109           Locate cause of TEXTRELs via objdump
110
111       -t, --textrel
112           Print TEXTREL information
113
114       -V, --version
115           Print version and exit
116
117       -v, --verbose
118           Be verbose (can be used more than once)
119
120       -X, --fix
121           Try and 'fix' bad things (use with -r/-e)
122
123       -x, --pax
124           Print PaX markings
125
126       -Y, --eabi
127           Print EABI (only matters for a few architectures)
128
129       -y, --symlink
130           Don't scan symlinks
131
132       -Z, --size SIZE
133           Print ELF file size
134
135       -z, --setpax FLAGS
136           Sets EI_PAX/PT_PAX_FLAGS to specified flags (use with -Xx)
137
138       --use-ldpath
139           Use the ld.so.conf paths to find the full path to libraries (use in
140           conjunction with --needed).
141
142       --root PATH
143           Search the specified root tree instead of /. Generally paired with
144           options like -l or -p. This implicitly treats all paths specified
145           on the command line as relative to the root, so be sure to omit it
146           if you are explicitly listing ELFs.
147
148       --ldcache PATH
149           Use specified path instead of /etc/ld.so.cache. Generally paired
150           with options like -L or -n.
151

FORMAT

153       The format string is much like a printf string in that it is a literal
154       string with flags requesting different information. For example, you
155       could use a format string and expect the following results.
156
157             # scanelf -BF "file %f needs %n; funky time" /bin/bash
158             file bash needs libncurses.so.5,libdl.so.2,libc.so.6; funky time
159
160
161       Note that when you use a format string, generally information related
162       flags should be omitted. In other words, you do not want to try and
163       request NEEDED output (-n) and try to specify a format output at the
164       same time as these operations are mutually exclusive. Each information
165       related flag has an equivalent conversion specifier, so use those
166       instead. You can of course continue to use non-information related
167       flags (such as --verbose).
168
169       There are three characters that introduce conversion specifiers.
170
171       • % - replace with info
172       • # - silent boolean match
173       • + - verbose match
174
175       And there are a number of conversion specifiers. We try to match up the
176       specifier with corresponding option.
177
178       • a - machine (EM) type
179       • b - bind flags
180       • e - program headers
181       • D - endian
182       • I - osabi
183       • Y - eabi
184       • F - long filename
185       • f - short filename
186       • i - interp
187       • k - section
188       • M - EI class
189       • N - specified needed
190       • n - needed libraries
191       • p - filename (minus search)
192       • o - etype
193       • O - perms
194       • r - runpaths
195       • S - SONAME
196       • s - symbol
197       • T - all textrels
198       • t - textrel status
199       • x - pax flags
200
201

SYMBOL MATCHING

203       The string specified takes the form [%[modifiers]%][[+-]<symbol
204       name>][,[.....]].
205
206       If the symbol name is empty, then all symbols are matched.
207
208       If the symbol name is a glob ("*"), then all symbols are dumped in a
209       debug format. Do not rely on the structure of this output as it changes
210       whenever we feel like it.
211
212       If the first char of the symbol name is a plus ("+"), then only match
213       defined symbols. If it's a minus ("-"), only match undefined symbols.
214       When we say "defined", we mean the symbol is defined in the ELF vs
215       having an external reference.
216
217       Putting modifiers in between the percent signs ("%") allows for more in
218       depth filters. There are groups of modifiers. If you don't specify a
219       member of a group, then all types in that group are matched.
220
221       • STT group (symbol type)
222       • n - STT_NOTYPE
223       • o - STT_OBJECT
224       • f - STT_FUNC
225       • F - STT_FILE
226       • STB group (symbol binding)
227       • l - STB_LOCAL
228       • g - STB_GLOBAL
229       • w - STB_WEAK
230       • STV group (symbol visibility)
231       • p - STV_DEFAULT
232       • i - STV_INTERNAL
233       • h - STV_HIDDEN
234       • P - STV_PROTECTED
235       • SHN group (section header)
236       • d - defined
237       • u - SHN_UNDEF
238       • a - SHN_ABS
239       • c - SHN_COMMON
240
241       You can search for multiple symbols simultaneously by using a comma
242       (",") to separate different searches. Every symbol that matches will be
243       displayed while unmatched symbols will not.
244

ELF ETYPES

246       You can narrow your search by specifying the ELF object file type
247       (ETYPE). The commandline option takes the numeric value and or symbolic
248       type. Multiple values can be passed comma separated. Example -E
249       ET_EXEC,ET_DYN,1
250
251       Here is the normal list available for your pleasure. You of course are
252       free to specify any numeric value you want.
253
254       • 0 - ET_NONE - unknown type
255       • 1 - ET_REL - relocatable file
256       • 2 - ET_EXEC - executable file
257       • 3 - ET_DYN - shared object
258       • 4 - ET_CORE - core file
259
260

ELF BITS

262       You can also narrow your search by specifying the ELF bitsize. Again,
263       specify the numeric value or the symbolic define.
264
265       • 32 - ELFCLASS32 - 32bit ELFs
266       • 64 - ELFCLASS64 - 64bit ELFs
267
268

SECTION MATCHING

270       A !  prefix will only show ELF's that do not have the specified
271       section.
272

NEEDED SONAME MATCHING

274       A !  prefix will only show ELF's that do not depend on the specified
275       library.
276

HOMEPAGE

278       https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities
279

REPORTING BUGS

281       Please include as much information as possible (using any available
282       debugging options) and send bug reports to the maintainers (see the
283       AUTHORS section). Please use the Gentoo bugzilla at
284       https://bugs.gentoo.org/ if possible.
285

SEE ALSO

287       chpax(1), dumpelf(1), paxctl(1), pspax(1), readelf(1), scanelf(1),
288       elf(5)
289

AUTHORS

291       Ned Ludd <solar@gentoo.org>
292           Maintainer
293
294       Mike Frysinger <vapier@gentoo.org>
295           Maintainer
296
297       Fabian Groffen <grobian@gentoo.org>
298           Mach-O Maintainer
299

NOTES

301        1. https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities
302
303        2. https://bugs.gentoo.org/
304
305
306
307pax-utils 1.3.3                   07/22/2021                        SCANELF(1)