All Questions
20
questions
1
vote
2
answers
592
views
Adding debug symbols with GDB
In CTFs when I'm given some ELF file, it usually wasn't compiled with the -g flag. Is there a way to to somehow edit the file to make it be as if the ELF file was originally compiled with the -g flag?
...
- 141
3
votes
1
answer
395
views
How can I verify section -> segment mapping for ELFs on linux?
I'm looking at at ELF on linux and I have readelf --segments ./myELF which shows:
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR ...
- 1,880
3
votes
3
answers
5k
views
startup program exits with code 126 when executing program at entrypoint
I want to reverse engineer a program. I managed to find the entry point but every time I want to launch the application I get the same error `During startup program exited with code 126.
Here is what ...
3
votes
1
answer
2k
views
ELF binary injection
I am currently working on an ELF-injector and my approach is standard: find code cave (long enough sequence of 0's), rewrite it with the instructions I want to execute and then jump back to the start ...
1
vote
0
answers
315
views
Dynamic Analysis with gdb on ELF binaries with no compilation/linking information
I am trying to do some dynamic analysis on a couple of ELF binaries with gdb. However, since those two are directly downloaded (ELF binary file only) with no additional information related to ...
- 11
1
vote
1
answer
69
views
GDB exited when running library
I'm new with gdb and I have spent hours looking for direction but I can't find any.
I need to analyze an executable to find how this program process the arguments and where the output came from. I ...
- 13
4
votes
1
answer
8k
views
Dumping the GOT with gdb at run time
I want to see how the plt stubs are being resolved at run time when lazy linking is used and how the GOT is changed along the way. How can I dump the GOT with gdb?
- 427
1
vote
0
answers
4k
views
Reversing ELF 64-bit LSB pie executable [duplicate]
I have a file crackme, which is an executable.
hamuto@hamuto-pc:~/Security/NOOB/FruitSalad$ file crackme
crackme: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, ...
- 111
-2
votes
1
answer
259
views
DT_DEBUG not filled on dlopen [closed]
A target library "lib42.so" has DT_DEBUG entry in the .dynamic section.
After dlopen("lib42.so", RTLD_LOCAL | RTLD_NOW) succeded, r_debug->d_un.d_ptr is equal to zero. Why?
- 99
8
votes
2
answers
25k
views
Find base address and memory size of program debugged in gdb
I want to find out the base address and the imagesize of the program being debugged in gdb. As in, where it got loaded in memory. For shared libraries I can do "info sharedlibrary" and I get very ...
- 463
2
votes
1
answer
670
views
Debugging Binary using Far Ret to switch Code Segment
It appears that GDB is unable to handle binaries which switch code segments.
Using pwntools*, it's trivial to generate a 32-bit intel binary which uses retf to switch to the 64-bit code segment. ...
- 2,357
1
vote
0
answers
2k
views
My core dump's backtrace stops to a signal handler, what can I do?
I obtained an ELF core dump that was provoked by fuzzing a proprietary server. As I do not have access anymore to the machine that hosted this server, and the server is part of a tightly coupled set ...
7
votes
1
answer
2k
views
Understanding gdb output
So I was messing with gdb and came across something rather interesting. I ran the following code into gdb:
int i, g = 1;
for (i = 0; i < 100; i++)
g++;
Before execution, disas main ...
- 427
2
votes
2
answers
5k
views
Changing Entrypoint in ELF executable
I wrote some code that does the following:
Searches for and finds an offset in a binary file to add code (looks for a sequence of 00s I can overwrite).
Then, I change the entrypoint of the ELF to ...
- 29
7
votes
2
answers
14k
views
Fixing corrupt ELF header field "e_shnum" for use in GDB
If the ELF header which usually can be read using readelf has been manually manipulated, let's say by increasing the value for the "Size of section headers" the binary still can be executed and works ...
- 125