All Questions
9
questions
1
vote
1
answer
108
views
Where is IDA getting this symbol?
I'm currently researching how a certain malware works and patches some stuff in a certain Android's library.
Inspecting the library -which is stripped- in IDA I was able to get the symbol for a ...
0
votes
1
answer
72
views
Updating legacy library in an already compiled binary
I'm dealing with a reverse engineering challenge involving a binary application that was statically compiled with a legacy library. While the legacy library is not vulnerable, it lacks certain ...
1
vote
1
answer
157
views
How to split bytes into instructions in binary ELF file for x86
I'm working on a static code injector for ELF files. I need to "steal" some bytes in order to write jump to my code on their place and then execute stolen instructions somewhere in the ...
0
votes
1
answer
237
views
How to determine when/where pointers in .ctors get mapped?
So I am learning about ELF, and am looking through a binary in Ghidra as I do. I've made sense of the ELF header, and now I am looking through the program header table.
My binary has a bunch of ...
1
vote
0
answers
2k
views
Finding function call (with arguments) in ELF file
I have two kinds of ELF files, built from C++.
.so files:
ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, BuildID[sha1]=5e751e769912aef28bc63b888e5e4904b867a180, ...
4
votes
1
answer
2k
views
What are the first 16 bytes in .rodata section?
What are the first 16 bytes in the .rodata section?
For example, I have the following code:
#include <cstdio>
void myprintf(const char* ptr) {
printf("%p\n", ptr);
}
int main() {
...
4
votes
1
answer
121
views
What does a C++ identifier ending in $_## mean?
In trying to understand a .so from an Android game made with Cocos2d-x, I've come across identifiers like the following (after demangling):
SceneActionMap::updateTalkMode(float)::$_37
SceneActionMap::...
7
votes
2
answers
4k
views
How to recover information stored in .ctors section?
Test is on x86, 32-bit Linux. I am using g++ 4.6.3 and objdump 2.22
Here is a simple C++ code I am working on:
#include <iostream>
using namespace std;
main()
{
cout << "Hello ...
4
votes
6
answers
11k
views
How to match disassembled instructions back to C/C++ source?
Basically here's what I want to know, if you have a disassembled instruction say:
jz 0x8048e1a
And, you also have the source code. How do you go about figuring out what this instruction relates to ...