Shiva, a Linux micropatching system for ELF was developed with funding from the Defense Advanced Research Projects Agency (DARPA) AMP program (Assured Micro Patching) Shiva aims to advance the state of binary patching in Linux and emerged into the AMP program with aggressive goals, all of which have come into fruition. Shiva is still in early development, and requires extensive work on various components and ports to other architectures. Shiva (forked from was tailored to meet the needs of NASA, and has full support for AArch64 architecture, currently supporting PIE Elves in AArch64 Linux.

Shiva is a custom ELF runtime linker; a JIT (Just in time) binary re-writing engine. And, although young in it’s development, it already demonstrates advanced ELF patching capabilities as a tool-chain that plans to adopt the conventions and traditions of the existing ELF ABI tool-chain: “/bin/gcc”, “/bin/ld”, “/lib/”, etc. The philosophy of Shiva is to allow developers to write their patches freely in C with little to no reverse engineering knowledge. Shiva is symbol and relocation driven like traditional linkers, but extends on the machinery of ELF relocations and linking to achieve more complex program transformations such as function splicing.

Although still in an early phase of development, Shiva has nonetheless invented groundbreaking concepts such as “Linker chaining”, and “ELF transforms” that revolutionize ELF binary patching capabilities. The Shiva code-base is expanding quickly, and intends to continue innovating powerful solutions while adapting to new architectures. "Revolutionizing ELF Binary Patching With Shiva" at Defcon 31 elfmaster[at]