All Questions
16
questions
1
vote
1
answer
105
views
Tips for reverse engineering Common Lisp (SBCL) ELF binary
I got to the task of reverse engineering the ELF binary. I found out that it is a compiled SBCL. I have no idea how to do static or dynamic analysis, any tips (where to start, I found basically ...
1
vote
0
answers
315
views
Dynamic Analysis with gdb on ELF binaries with no compilation/linking information
I am trying to do some dynamic analysis on a couple of ELF binaries with gdb. However, since those two are directly downloaded (ELF binary file only) with no additional information related to ...
1
vote
1
answer
5k
views
How to open new window of decompiler or resize the decompiler of Ghidra?
This is very small and inconvenient to read. How do i open new Window (any shortcut key) or resize it, for some reason i cant resize.
Any help?
EDIT: Oh thanks Shane Riley, i clicked the blue button ...
0
votes
1
answer
425
views
How to identify different memory regions of an elf binary in radare2?
I'm just starting out with reverse engineering, one thing I'm finding difficult is identifying different areas of memory. I'm using radare2, and I would like to be able to easily seek and identify ...
8
votes
2
answers
25k
views
Find base address and memory size of program debugged in gdb
I want to find out the base address and the imagesize of the program being debugged in gdb. As in, where it got loaded in memory. For shared libraries I can do "info sharedlibrary" and I get very ...
1
vote
1
answer
2k
views
IDA - Remote debug on linux
I am trying to debug remotly an ELF from my windows 10 (the ELF runs on my ubuntu 32 bit vm) (the ELF is from pwnable.kr - unlink).
Because the exploit is via gets() I try to pass input through the "...
3
votes
2
answers
3k
views
How do I approach this CTF Debugging Program?
I have an ELF executable I'm working on (got it from a previous CTF competition). The executable simply asks for a password, and then it prints out "congrats".
The code snippets and my annotations ...
3
votes
1
answer
5k
views
IDA Pro debugging: follow child process
I'm reverse engineering a malware that creates a number of child processes and I'm trying to do dynamic analysis of the ELF binary with IDA Pro and IDA's Local Linux Debugger, but I can't get IDA to ...
4
votes
1
answer
3k
views
Is there a way to debug an elf file that runs with no problems with damaged header?
My question is general, but to have an example to work with, let us take one from Whirlwind Tutorial.
; tiny.asm
BITS 32
org 0x00010000
db 0x7F, "ELF" ; ...
1
vote
2
answers
15k
views
Is it possible to debug an ELF file with a Windows-based disassembler?
Problem : How can I debug an ELF file in MS Windows? is it possible?
Scenario :
I have an ELF file compiled to work on hardware with VXWorks 5.5 OS and SH4 CPU. IDA68 is able to disassemble the file ...
2
votes
1
answer
18k
views
Debug ELF executable
I cannot load the following executable type in OllyDbg:
- ELF 32-bit LSB executable, Intel 80386
Why can OllyDbg not handle this kind of executables? What are good (OllyDbg-like) debuggers to debug ...
1
vote
1
answer
5k
views
Unable to view stack and memory addresses in IDA Pro [duplicate]
I am debugging a 32-bit ELF executable using remote GDB debugging option of IDA Pro. However, I am unable to view the contents of stack in the stack view. Also, the stack pointer value is: 0xFFFFD328
...
2
votes
0
answers
2k
views
Debugging a position independent executable ELF
I am trying to follow the write-up about hackercalc (a challenge for DEFCON 2015 quals). First, by loading the challenge into gdb, I observe that:
(gdb) info files
...
Entry point: 0xcf8
...
So I ...
31
votes
4
answers
44k
views
Cross debugging for ARM / MIPS ELF with QEMU/toolchain
as i'm new about cross-debugging and cross-compilation i need some help because i feel so confused. I have a MIPS elf file, [myelf][1] .You can see bellow the output of file myelf:
myelf: ELF 32-bit ...
20
votes
4
answers
27k
views
Set a breakpoint on GDB entry point for stripped PIE binaries without disabling ASLR
Given a position-independent, statically-linked, stripped binary, there does not appear to be a way in GDB to set a breakpoint at the entry point without disabling ASLR.
break start and similar ...