All Questions
21
questions
0
votes
0
answers
47
views
Why is an empty binary larger than one with a variable?
On my own self-learning R.E. Starting with understanding ELF and hopefully whats going on with every byte.
I build 2 simple binaries: 1 with a variable and 1 without. For some reason, the one without ...
0
votes
1
answer
72
views
Updating legacy library in an already compiled binary
I'm dealing with a reverse engineering challenge involving a binary application that was statically compiled with a legacy library. While the legacy library is not vulnerable, it lacks certain ...
- 3
0
votes
1
answer
101
views
ELF - Why does objdump provide a wrong byte value in the .got?
I seriously can't tell if I'm misunderstanding something grossly or if this is a bug in objdump. Newbie alert.
$ objdump -s --start-address=0x3fc0 --stop-address=0x3fc1 test
test: file format ...
2
votes
0
answers
166
views
Does AnyOne knows how to reverse python file that is encoded into elf binary .cpython-310.so extension? Please Help me Out
Following is the link to the file that I want to reverse. This is the python file that is encoded in cpython or cython and it is now a binary file.
Please help me to decode it as it is very important ...
1
vote
0
answers
2k
views
How can i get the address of a function in memory?
I am currently completing a CTF exercise where i must attempt to overwrite a function pointer on the stack through a buffer overflow here is the code:
#include <err.h>
#include <stdio.h>
#...
0
votes
2
answers
508
views
Reversing an obfuscation through a long linear switch statement
I have a program (ELF, 32 bits) that is probably quite short and simple, but which have been obfuscated with the following construction:
i = 0
switch(i):
case 0:
one small instruction
...
- 11
0
votes
1
answer
307
views
Call libc functions from the payload statically injected into ELF binary
I am working on ELF-injector, which given some payload (currently it's an assembly file with .text section only) will inject it into ELF binary. I had related post here.
Now I would like to make it ...
3
votes
1
answer
2k
views
ELF binary injection
I am currently working on an ELF-injector and my approach is standard: find code cave (long enough sequence of 0's), rewrite it with the instructions I want to execute and then jump back to the start ...
7
votes
3
answers
3k
views
Elf x86_64 adding function
I'm trying to see if I can append function code in the .text section of an ELF while still maintaining the execution flow of the original ELF. Ideally, I want to call the new function but that's it's ...
- 73
4
votes
1
answer
363
views
How to find the index of static ilbrary functions in the PLT of the binary?
So right now I'm trying to resolve function calls and their names in my reversing tool
the problem I'm having is that library functions such as printf and fwrite and such do not have a corresponding ...
- 99
2
votes
3
answers
977
views
Is the main function's name in the symbol table of C & C++ programs always 'main'? if not, how to find the name?
So I'm trying to write a reversing tool that parses symbol table to find the main function's address
right now all the binaries I'm checking the name of main function is still main in symbol table
...
- 99
4
votes
1
answer
2k
views
How do I find out what section variables and strings are defined in?
Given a simple program like this,
void main (int argc, char * argv[] ) {
char * arr[] = {"foo", "bar", "baz"};
*(arr[0]) = 'F';
printf( "%s", arr[0] );
}
How do I find out what section ...
- 1,789
3
votes
2
answers
3k
views
How do I approach this CTF Debugging Program?
I have an ELF executable I'm working on (got it from a previous CTF competition). The executable simply asks for a password, and then it prints out "congrats".
The code snippets and my annotations ...
user21677
1
vote
2
answers
2k
views
IDA Pro - Applying function signatures
I have three files:
ELF executable,
ELF dynamically linked library (.so),
C headers file (.h) with function signatures and related structures for that library.
#1 imports a number of functions from #...
- 111
2
votes
2
answers
5k
views
Changing Entrypoint in ELF executable
I wrote some code that does the following:
Searches for and finds an offset in a binary file to add code (looks for a sequence of 00s I can overwrite).
Then, I change the entrypoint of the ELF to ...
- 29