All Questions
16
questions
1
vote
0
answers
72
views
failed to trigger packer's loader by overwritting the entry of rela.dyn on aarch64
I have implemented packer of x86_64 shared library.
Briefly, a loader is injected to a shared library, and
the rela.dyn entry is modified such that it points to the address of the loader. Once the ...
1
vote
0
answers
135
views
Statically injecting translated NASM assembly into existing ELF binary
I'm trying to statically patching ELF binaries in order to incorporate code that can help provide run-time protection.
In an effort to save time writing and debugging assembly, I took the following no-...
0
votes
1
answer
220
views
"check:" keyword in Ghidra
I have disassembled the crackme0x06 challenge (http://security.cs.rpi.edu/courses/binexp-spring2015 inside challenges.zip). It's an ELF 32bit unstripped binary. The decompiled C code using Ghidra ...
4
votes
0
answers
93
views
Any way to edit an ELF binary without hex? [duplicate]
So, this is a noob question, I am a complete beginner in this field, so sorry if I'm wasting your time in any way.
I wanted to know, if there is a way to edit an ELF binary without using a hex editor....
3
votes
2
answers
840
views
What are these LOAD segments in an assembly ELF64?
I wrote the following (fasm) assembly program:
format ELF64 executable
segment readable executable
; sys_exit, sys_write, strlen and print are from io.inc and
; unistd64.inc at: https://github.com/...
0
votes
1
answer
949
views
ARM ELF Obfuscation [closed]
Metamorphic is a technique to obfuscate a binary and change the opcode sequence and create new samples with same functionality. In my case, I have some elf binary of ARM processor type and their ...
3
votes
2
answers
3k
views
How do I approach this CTF Debugging Program?
I have an ELF executable I'm working on (got it from a previous CTF competition). The executable simply asks for a password, and then it prints out "congrats".
The code snippets and my annotations ...
3
votes
1
answer
2k
views
Finding hidden string location using radare2 on ELF binaries
I'm working through some reverse engineering sample programs (IOLI crackmes) crackme0x00 - crackme0x09 which are gcc compiled ELF format binaries. I was provided these by a colleague and can be ...
2
votes
0
answers
467
views
Using __kernel_vsyscall on x64 linux machine [closed]
I am trying to use __kernel_vsyscall instead of syscall/int 80 on linux x64.
I have read that it can be done on Intel chips (I have one), but i can't find how can one do it. I have x32 version:
int ...
0
votes
3
answers
513
views
What exactly is this piece of assembly code doing?
This assembly is for Intel x86-64 bit, seems to be too baffling to me.
How come the jz instruction jump to a non-instruction (0x400AC9)?
How come the call invokes a non-existing address?
For curious ...
4
votes
1
answer
3k
views
Injecting shellcode in ELF binary
I am trying to inject a piece of shellcode inside a 32-bit ELF executable. I am running Ubuntu 14.04 64-bit. Hence, all the commands I have run require explicit switches to produce 32-bit code. I am ...
1
vote
0
answers
635
views
Define new code section in assembly code to compile ELF binary
I defined a new code section in my assembly program, which is going to be compiled into 32-bit ELF binary, on x86.
I use the linker scripts to assign a specified address for this new code section, it ...
1
vote
1
answer
296
views
Reuse symbols in disassembling/reassembling a C++ program
it's me again. I am working on a tool can that disassemble/reassemble stripped binaries and now I am sucked in a (external) symbol reuse issue.
The test is on 32-bit Linux x86 platform.
Suppose I ...
1
vote
1
answer
851
views
How to load library defined symbols to a specified location?
The test is on Ubuntu 12.04, 32-bit, with gcc 4.6.3.
Basically I am doing some binary manipulation work on ELF binaries, and what I have to do now is to assemble a assembly program and guarantee the ...
3
votes
1
answer
816
views
How to reuse symbol/data defined in .bss section?
So basically I am trying to re-use some assembly code/data dumped by objdump from 32 bit ELF binary on Linux.
So basically, in the disassembled binary, I found some symbol referring to .bss section ...