libecfs – a library for parsing ECFS files
The ECFS file format is very easy to parse with traditional ELF utilities, such as readelf
, but to build parsing tools that are custom, I highly recommend that you use the libecfs library. This library is specifically designed for easy parsing of ECFS core files. It will be demonstrated with slightly more details later in this chapter when we look at designing advanced malware analysis tools to detect infected processes.
libecfs is also used in the ongoing development of the readecfs
utility, which is a tool for parsing ECFS files, and is very similar to the commonly known readelf
utility. Note that libecfs is included with the ECFS package on the GitHub repository.