Master the fundamental concepts of binary formats through this focused micro-challenge.
The Executable and Linkable Format (ELF) is the standard binary format for executables, object files, shared libraries, and core dumps on Unix-like systems. Every Linux binary you run, every .o file the linker processes, and every core dump from a crash follows this layout.
The ELF header starts with the e_ident array:
EI_MAG0-3: Magic bytes 0x7F 'E' 'L' 'F'EI_CLASS: 1 = 32-bit, 2 = 64-bitEI_DATA: 1 = little endian, 2 = big endiane_type: 1 = relocatable, 2 = executable, 3 = shared, 4 = coree_machine: 0x3E = x86-64, 0x28 = ARMe_entry: Virtual address where execution startsFor example, a typical x86-64 executable has e_entry pointing to _start in the C runtime, not your main function directly.
You will implement a parser that reads an ELF header from disk, verifies the magic bytes, and prints the key fields. Tools like readelf automate this, but knowing the raw structure matters when you encounter corrupted, packed, or malware-modified ELF files that standard tools cannot parse.
Your parser opens the file, reads the first 64 bytes into an Elf64_Ehdr struct, and validates each field before trusting it. The e_phoff and e_shoff fields tell you where to seek for program and section headers. Malware sometimes corrupts these offsets to crash analysis tools, so defensive parsers check that offsets fall within the file size before dereferencing them.
Implement an ELF header parser in C.
Requirements:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github