2

So I am reversing an ELF‌ binary, now from my knowledge in C the main function has two argument, argc and argv

but some linux binaries that i am reversing have 3 when i decompile them! one int and the other two are char**, i assume the second is the argv but what is the last one?

one example is this binary for a CTF‌:‌

https://github.com/SPRITZ-Research-Group/ctf-writeups/tree/master/0x00ctf-2017/reverse/challenge-000-50

Improve this question
2

1 Answer 1

Reset to default
4

The third one is an array to environment variables that this program has access to. If you read the documentation of execve it reads as follows:

The argument vector and environment can be accessed by the called program's main function, when it is defined as:

int main(int argc, char *argv[], char *envp[])

Note, however, that the use of a third argument to the main function is not specified in POSIX.1; according to POSIX.1, the environment should be accessed via the external variable environ(7).

Improve this answer
2
  • So this third argument thing is used in linux systems and not in widnows, and is added by the compiler correct?
    – Mery Ted
    Commented Nov 12, 2019 at 6:07
  • That would be my understanding too.
    – Paweł Łukasik
    Commented Nov 12, 2019 at 6:31

Not the answer you're looking for? Browse other questions tagged or ask your own question.