Skip to main content
Reverse Engineering

All Questions

Ask Question
Tagged with
9 questions
Newest Active Bountied Unanswered
1 vote
1 answer
108 views

Where is IDA getting this symbol?

I'm currently researching how a certain malware works and patches some stuff in a certain Android's library. Inspecting the library -which is stripped- in IDA I was able to get the symbol for a ...
Arget's user avatar
Arget
  • 13
0 votes
1 answer
72 views

Updating legacy library in an already compiled binary

I'm dealing with a reverse engineering challenge involving a binary application that was statically compiled with a legacy library. While the legacy library is not vulnerable, it lacks certain ...
st0l4s's user avatar
st0l4s
  • 3
1 vote
1 answer
157 views

How to split bytes into instructions in binary ELF file for x86

I'm working on a static code injector for ELF files. I need to "steal" some bytes in order to write jump to my code on their place and then execute stolen instructions somewhere in the ...
Nazar Pasternak's user avatar
Nazar Pasternak
  • 47
0 votes
1 answer
237 views

How to determine when/where pointers in .ctors get mapped?

So I am learning about ELF, and am looking through a binary in Ghidra as I do. I've made sense of the ELF header, and now I am looking through the program header table. My binary has a bunch of ...
pooley1994's user avatar
pooley1994
  • 129
1 vote
0 answers
2k views

Finding function call (with arguments) in ELF file

I have two kinds of ELF files, built from C++. .so files: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, BuildID[sha1]=5e751e769912aef28bc63b888e5e4904b867a180, ...
afsantos's user avatar
afsantos
  • 111
4 votes
1 answer
2k views

What are the first 16 bytes in .rodata section?

What are the first 16 bytes in the .rodata section? For example, I have the following code: #include <cstdio> void myprintf(const char* ptr) { printf("%p\n", ptr); } int main() { ...
HCSF's user avatar
HCSF
  • 143
4 votes
1 answer
121 views

What does a C++ identifier ending in $_## mean?

In trying to understand a .so from an Android game made with Cocos2d-x, I've come across identifiers like the following (after demangling): SceneActionMap::updateTalkMode(float)::$_37 SceneActionMap::...
Squ's user avatar
Squ
  • 73
7 votes
2 answers
4k views

How to recover information stored in .ctors section?

Test is on x86, 32-bit Linux. I am using g++ 4.6.3 and objdump 2.22 Here is a simple C++ code I am working on: #include <iostream> using namespace std; main() { cout << "Hello ...
lllllllllllll's user avatar
lllllllllllll
  • 2,485
4 votes
6 answers
11k views

How to match disassembled instructions back to C/C++ source?

Basically here's what I want to know, if you have a disassembled instruction say: jz 0x8048e1a And, you also have the source code. How do you go about figuring out what this instruction relates to ...
Faheem's user avatar
Faheem
  • 191