Skip to main content
Reverse Engineering

All Questions

Ask Question
Tagged with
9 questions
Newest Active Bountied Unanswered
0 votes
1 answer
486 views

What does this function do?

I'm trying to understand what client sends to server. I already did most of the work, but one function left. I can't understand what to do with this function and what it does. I've tried to change ...
Sergey's user avatar
Sergey
  • 1
1 vote
0 answers
135 views

Statically injecting translated NASM assembly into existing ELF binary

I'm trying to statically patching ELF binaries in order to incorporate code that can help provide run-time protection. In an effort to save time writing and debugging assembly, I took the following no-...
alcao758's user avatar
alcao758
  • 111
1 vote
1 answer
3k views

How to find the starting address of main function when the binary is stripped and _start doesn't push the absolute address value of main?

So let's say the ELF binary is stripped - meaning no symbol table - and the _start function doesn't push the address of main before calling __libc_start_main. This happened in a binary when compiled ...
OneAndOnly's user avatar
OneAndOnly
  • 518
1 vote
0 answers
2k views

Finding function call (with arguments) in ELF file

I have two kinds of ELF files, built from C++. .so files: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, BuildID[sha1]=5e751e769912aef28bc63b888e5e4904b867a180, ...
afsantos's user avatar
afsantos
  • 111
0 votes
1 answer
2k views

Parsing .rodata (ELF)

IDA pro is able to display the data contained in the read only data section of ELF files, but the section is defined as type SHT_PROGBITS. To my knowledge, we cannot parse sections of this type to ...
Marius.pharoe's user avatar
Marius.pharoe
  • 71
1 vote
1 answer
3k views

Elf file format finding .got and .got.plt segments

I'm writing ELF parser and simple disassembler x86. Having code like this .text:000B5A2A call 0000B470 ;e.g. _glXSwapBuffers ... ... got.plt:0000B470 jmp dword ptr [ebx+240h] ;jump to ....
krusty's user avatar
krusty
  • 367
1 vote
1 answer
10k views

Reverse engineering a golang binary file

I compiled docker by myself with some modifications. I would like to perform some static analysis to the binary. Mostly to see which parts of the code take more memory, etc. It's on linux (elf). Any ...
0x90's user avatar
0x90
  • 677
1 vote
2 answers
556 views

Figure out whether a function has return value of not?

I am doing binary analysis on x86-64bit ELF binaries. All the binaries are compiled from C language. Basically, for a given function, I would like to figure out whether this function has a return ...
lllllllllllll's user avatar
lllllllllllll
  • 2,485
5 votes
1 answer
6k views

How to create a IDA FLIRT signature for a PPC library?

I'd like to create a IDA FLIRT signature for the following PPC uClibc library: libuClibc-0.9.15.so: ELF 32-bit MSB shared object, PowerPC or cisco 4500, version 1 (SYSV), dynamically linked, for GNU/...
Zulakis's user avatar
Zulakis
  • 227