All Questions
Tagged with elf binary-analysis
30
questions
1
vote
1
answer
611
views
Ida cannot open. a files of esp32 (Xtensa)
I tried to open this file with IDA Pro
https://github.com/espressif/esp32-wifi-lib/blob/master/esp32/libpp.a
Ida detect that is ELF for Xtensa (relocatable)
But when I tired to open it I got
Undefined ...
- 281
1
vote
2
answers
2k
views
Is it possible to reverse CGI binary file?
I wanna reverse CGI binary file.
Is it possible?
What are the recommended tools and guides?
Thank you for reading my question.
$ file test.cgi
status.cgi: ELF 32-bit LSB executable, ARM, EABI5 ...
- 119
0
votes
0
answers
1k
views
Modify Strings in a ELF (Executable and Linking Format) that are stored in the .rodata
I have 2 ELF files here, each containing strings in the ".rodata" for an translation that I want to modify.
The first ELF "(binary1)" I have already successfully modified from ...
- 83
13
votes
1
answer
3k
views
Extracting strings from Go binaries
Is there an easy way to extract all of the strings from Go binaries that will work cross architecture?
The problem with Go is that strings are stored without a null terminator, so you can't use the &...
- 231
0
votes
0
answers
616
views
Combine two ELF binaries
Without having access to the original source code, is there a way to combine two ELF binaries with the main() in the first binary pointing to the main() in the second binary ?
In other words, I mean ...
- 156
1
vote
0
answers
146
views
dwarf: variable offset from base
I have a simple code:
int main()
{
int a = 4;
printf("%d\n", a);
a = 8;
if (a == 8)
printf("%d\n", a);
return 0;
}
DIEs for the function and variable:
<1><32a>: Abbrev ...
- 1,807
4
votes
1
answer
8k
views
Dumping the GOT with gdb at run time
I want to see how the plt stubs are being resolved at run time when lazy linking is used and how the GOT is changed along the way. How can I dump the GOT with gdb?
- 427
3
votes
1
answer
273
views
Importance of learning file structures for reverse engineering?
I'm new to reverse engineering and I have started to study the anatomy of specific file formats, specifically PE right now. I really enjoy learning the different parts of the files and the different ...
- 105
3
votes
1
answer
257
views
What is actually loaded here and different hexdump outputs on util-linux hexdump and on cutter and ghidra's hexdump
I was trying to understand what segment of file gets loaded by fourth LOAD header on phdr array.
First 6 headers are shown below from readelf
Program Headers:
Type Offset ...
- 133
1
vote
1
answer
3k
views
How to find the starting address of main function when the binary is stripped and _start doesn't push the absolute address value of main?
So let's say the ELF binary is stripped - meaning no symbol table - and the _start function doesn't push the address of main before calling __libc_start_main.
This happened in a binary when compiled ...
- 518
4
votes
1
answer
363
views
How to find the index of static ilbrary functions in the PLT of the binary?
So right now I'm trying to resolve function calls and their names in my reversing tool
the problem I'm having is that library functions such as printf and fwrite and such do not have a corresponding ...
- 99
1
vote
1
answer
214
views
Why would an ELF SHT_REL section contain relocations outside the section its sh_info refers to?
I have a .so from an Android JNI/NDK application. Here are two of its sections:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[10] .rel.plt REL ...
- 73
1
vote
1
answer
372
views
Unknown Game Client Data
As asking a friend and no amount of Googling yielded an answer, I figured I'd make an account and give this place a go.
I'm working on reverse engineering the server for a relatively old game with no ...
- 41
1
vote
0
answers
2k
views
My core dump's backtrace stops to a signal handler, what can I do?
I obtained an ELF core dump that was provoked by fuzzing a proprietary server. As I do not have access anymore to the machine that hosted this server, and the server is part of a tightly coupled set ...
1
vote
1
answer
4k
views
reversing stripped & statically linked binary with radare2
As the question says I need to reverse a stripped elf binary with radare2. This binary is also statically linked. I already reversed it in IDA by identifying statically linked libraries using lscan ...
- 395