A SQL Approach to Exploring ELF Objects
In the intricate landscape of software development and system analysis, tools like readelf, nm, and objdump have been the go-to solutions for delving into Executable and Linkable Format (ELF) objects. While robust, these tools follow the pattern of many Unix utilities and dump unstructured output to the console, making it difficult to perform advanced analysis.
We present 'sqlelf' which allows declarative access to ELF files. It brings a refreshing shift, offering a friendlier and more versatile way to explore ELF objects using SQL. We talk about the data model, how all binary format's largely resemble ELF, have taken the same trade-offs and how a relational model fits nicely.
sqlelf is a Python program that leverages SQLite's virtual table functionality to offer access to ELF objects via SQL. This is a paradigm shift in thinking for accessing the terse object file format that is often relegated to the black arts.
In the talk I also discuss evaluations of real applications of sqlelf as a library and how it can be used to replace traditional ELF analysis. For instance, we applied sqlelf to auditwheel, elf_diff and musl's dynamic loader.