Questions tagged [elf]
the Executable and Linkable Format is the main executable and object format for Linux, Solaris, *BSD, and many other OSes...
252
questions
0
votes
2
answers
79
views
reduce size of executable ELF program
I'm experimenting on patching my hello world program in order to make it smol.
I started by reducing the size of the program with the following commands:
as --32 ./hello_32.S -o ./hello_32.o
ld -...
1
vote
1
answer
76
views
Inject ELF with an entierly self-contained code section that can statically call standard library functions
What I want to do
What I want to do is inject an existing ELF binary with additional code that runs before the original .text section and then transfers control back to it.
What I can already do
Now, ...
1
vote
1
answer
104
views
Tips for reverse engineering Common Lisp (SBCL) ELF binary
I got to the task of reverse engineering the ELF binary. I found out that it is a compiled SBCL. I have no idea how to do static or dynamic analysis, any tips (where to start, I found basically ...
0
votes
0
answers
59
views
Improving the output of pseudocode C++ code from IDA Pro
I have some specific questions and some general ones about reverse-engineering a dynamic shared library via IDA Pro 8.3:
If I know the compiler used and compiler flags used (via readelf --debug-dump),...
0
votes
0
answers
47
views
Why is an empty binary larger than one with a variable?
On my own self-learning R.E. Starting with understanding ELF and hopefully whats going on with every byte.
I build 2 simple binaries: 1 with a variable and 1 without. For some reason, the one without ...
0
votes
0
answers
57
views
Attempting to auto reverse XOR
Does anyone know of any helpful tools or a way to automate decryption of XOR in IDA? I know that they have a built in function to do some bare XOR encryption but this one seems a bit more ...
1
vote
1
answer
108
views
Where is IDA getting this symbol?
I'm currently researching how a certain malware works and patches some stuff in a certain Android's library.
Inspecting the library -which is stripped- in IDA I was able to get the symbol for a ...
0
votes
1
answer
72
views
Updating legacy library in an already compiled binary
I'm dealing with a reverse engineering challenge involving a binary application that was statically compiled with a legacy library. While the legacy library is not vulnerable, it lacks certain ...
1
vote
1
answer
437
views
Adding a program header to ELF
I am a newbie in this, and I am trying to add a program header to a simple ELF64 "Hello World" program on Ubuntu. All in changing the binary data of the ELF.
I went to the end of the program ...
1
vote
0
answers
57
views
Default linker files and sections: Explain thier origin/history and thier purpose
I have a Linux Ubuntu(20.04) machine with gcc and clang installed. I figured out the directory containing the default linker script:
/usr/lib/x86_64-linux-gnu/ldscripts$ ls
elf32_x86_64.x ...
0
votes
1
answer
96
views
What ELF `e_flags` are defined for TI MSP430(X)
I have an MSP430 ELF executable file whose e_flags field is 0x0000000E. I cannot find any documentation for e_flags for this architecture. The application note "MSP430 Embedded Application Binary ...
0
votes
1
answer
101
views
ELF - Why does objdump provide a wrong byte value in the .got?
I seriously can't tell if I'm misunderstanding something grossly or if this is a bug in objdump. Newbie alert.
$ objdump -s --start-address=0x3fc0 --stop-address=0x3fc1 test
test: file format ...
1
vote
2
answers
590
views
Adding debug symbols with GDB
In CTFs when I'm given some ELF file, it usually wasn't compiled with the -g flag. Is there a way to to somehow edit the file to make it be as if the ELF file was originally compiled with the -g flag?
...
3
votes
1
answer
420
views
What is the ELF .got section used for?
I'm trying to learn how GOT/PLT works in ELF binaries. The way I see it - there's three sections; .got, .plt and .got.plt.
When the program tries to call an imported function which is lazy binded, it ...
2
votes
0
answers
39
views
Please help with striped binary reverse
Not so long ago I was engaged in reverse and pwn, I came across such a task
This is a normal task with a vulnerability on the heap, but it is striped and I don’t understand where which functions are
I ...