ELF Header Inspector (Linux Binary Reader)
Drop in any Linux or Unix binary, shared library or core dump to read its ELF header. This tool parses the bytes that start every ELF file: whether it is 32 or 64-bit, little or big-endian, the object type (executable, shared object, relocatable or core), the target CPU architecture, the OS ABI and the entry-point address. The header is self-describing, so the endianness byte tells the parser how to read every field after it. Everything runs in your browser and nothing is uploaded.
How to inspect an ELF header
- Drag a Linux or Unix binary onto the box, or click browse to pick one.
- Read the class, endianness, type, architecture, OS ABI and entry point.
- Use the values to confirm the target platform or debug a build.
Examples
A 64-bit x86-64 Linux executable
a.out (compiled with gcc on a 64-bit machine)
Class: 64-bit, Endianness: little, Type: Executable (EXEC), Architecture: x86-64, Entry: 0x401040
Frequently asked questions
Is my binary uploaded anywhere?
No. The file is read and parsed entirely in your browser using JavaScript. Nothing is sent to a server, so even private or proprietary binaries stay on your device.
What is the ELF header?
ELF stands for Executable and Linkable Format, the standard layout for executables, shared libraries (.so files), object files and core dumps on Linux and most Unix systems. Every ELF file begins with a fixed header that starts with the magic bytes 0x7F E L F and records the class, endianness, type, target architecture and where execution begins.
How does it know whether the file is little or big-endian?
The fifth byte of the file, e_ident[5], records the data encoding: 1 means little-endian and 2 means big-endian. The parser reads that byte first, then decodes every multi-byte field (e_type, e_machine, e_version, e_entry) honoring it, so big-endian binaries built for SPARC or older MIPS are read correctly.
Why is the entry point shown in hexadecimal?
The entry point is the virtual memory address where the program starts running, which is conventionally written in hex. On a 64-bit binary it is a 64-bit address, so the value is read exactly without rounding and shown as a 0x-prefixed string.
Which architectures and types can it read?
It maps common machines including x86, x86-64, ARM, AArch64, RISC-V, MIPS, PowerPC and SPARC, and the object types REL (relocatable), EXEC (executable), DYN (shared object or PIE) and CORE (core dump). Unrecognized values are shown with their raw hex code rather than guessed.
What if the file is not an ELF binary?
If the first four bytes are not the ELF magic number, the tool reports that it is not an ELF file instead of showing made-up values. A Windows .exe (which starts with MZ) or a Mach-O macOS binary will not parse here.
Related tools
File Type Identifier
Find out what a file really is from its magic bytes, not its extension. Detects images, audio, video, archives, fonts, and more in your browser. Private.
Hex Viewer
View any file as a classic hex dump in your browser: byte offsets, two-digit hex, and an ASCII gutter side by side. Nothing is uploaded. Copy the dump.
Strings Extractor
Extract readable text from any binary file in your browser, like the Unix strings command. See each printable run with its byte offset, set a minimum length.
Base64 File Encoder
Encode any file to Base64 and a data URI in your browser. Drop a file to get the raw Base64 and a ready data: URI to copy. Nothing is uploaded.
CBOR Decoder
Decode a CBOR file (RFC 8949) to readable JSON in your browser. Handles integers, byte strings, arrays, maps, tags, and floats. Nothing is uploaded.
CSV File Inspector
Inspect a CSV file in your browser: detect the delimiter, encoding and BOM, count rows and columns, guess the header, and preview sample rows. Private.