libbfd: Guess the architecture of an executable file with libbfd

[Emmanuel Fleury <fleury at labri dot fr>]

Hi all,

I am working on a project that tries to analyze program at a binary
level (http://insight.labri.fr) and we are using the binutils to read
the different file formats (libbfd) and the decode the opcodes (libopcodes).

Since now, I was using `bfd_printable_name(abfd)` from libbfd to guess
the architecture (and, thus, the instruction set) that was used in the
binary file.

But, recently I stumbled into a problem when I am compiling the binutils
with `--enable-targets=all`. Once installed with `all`, I get a conflict
between two possible arm architectures. Strangely, when compiled only
with a few architectures (the Debian package select only a reasonable
subset of all targets but not wide enough for what I need), I get a
proper behavior.

Correct behavior:
-----------------
./echo-linux-armel:     file format elf32-littlearm


Disassembly of section .interp:
...

Current behavior:
-----------------
./echo-linux-armel:     file format elf32-little

objdump: can't disassemble for architecture UNKNOWN!



After a few Googling, I discovered that this problem is more or less
linked to the way the detection is performed inside libbfd:

http://sourceware.org/ml/binutils/2013-01/msg00448.html


So, I suspect that using `bfd_printable_name(abfd)` to guess the
architecture is not really the best way to go.

What would you suggest to detect the architecture given a `bfd_file`
structure (see below to see the code that get this `bfd_file`) ? If
possible a way that is more reliable than `bfd_printable_name(abfd)`.

  bfd *bfd_file; /* BFD file handler */

  /* Initialization of libbfd framework */
  bfd_init();
  bfd_set_default_target("elf32-i386");

  /* Opening of the given file 'filename' */
  bfd_file = bfd_openr(filename.c_str(), NULL);

Thanks in advance !

Regards
-- 
Emmanuel Fleury

I made up the term 'object-oriented', and I can tell you
I didn't have C++ in mind.
  -- Alan Kay, OOPSLA'97