All Questions
12
questions
1
vote
1
answer
108
views
Where is IDA getting this symbol?
I'm currently researching how a certain malware works and patches some stuff in a certain Android's library.
Inspecting the library -which is stripped- in IDA I was able to get the symbol for a ...
- 13
1
vote
0
answers
92
views
determine the PC of code gadgets in PLT section of ELF file
I am trying to parse an ELF file using custom code. With reference to the image below (output displayed is from objdump), I need to get the address of code gadget starting at , for example 401030 for ...
- 11
2
votes
0
answers
672
views
Tool/parser for symbol tables produced with objdump -t to be used with IDA / Ghidra?
Working with a binary (arm64) file that seems to be some sort of a broken ELF file. The header data is missing and for some reason it contains a symbol table in a format that to me seem to be equal to ...
- 121
1
vote
0
answers
146
views
dwarf: variable offset from base
I have a simple code:
int main()
{
int a = 4;
printf("%d\n", a);
a = 8;
if (a == 8)
printf("%d\n", a);
return 0;
}
DIEs for the function and variable:
<1><32a>: Abbrev ...
- 1,807
1
vote
1
answer
274
views
GCC is not recognizing symbol table in my hand-made ELF file
For learning purposes I've created (using a hex editor and some macros) the following ELF file:
hello.o: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
xxd hello.o:
00000000: ...
- 11
5
votes
1
answer
2k
views
Find function in a stripped dynamic ELF library
Im currently reverse engineering an android app and this app calls a function named "getUserInfo" in an ARM 32bit ELF library called "libcms.so" (from TikTok) via the Java Native Interface.
My ...
- 153
3
votes
1
answer
1k
views
How can you get the symbol visibility with radare?
I created a quick x86_64 Assembly file with NASM to generate the four different visibility classes for ELF 64. With readelf --symbols I get the Symbol Visibility in the Vis column: DEFAULT, INTERNAL, ...
- 1,789
1
vote
1
answer
1k
views
How to find ELF symbol table reference?
In a huge ELF binary, I find some functions which use some kind of (string) constant. The constant itself seems to be stored inside the binary itself but I can't figure out, how to resolve IDA's ...
- 25
1
vote
1
answer
2k
views
How do you compile a C program with missing symbols?
In Learning Linux Binary Analysis by Ryan "elfmaster" O'Neill. On Page 33, the author compiles a program with a symbol reference and no definition,
Let's take a look at the source code:
_start()
...
- 1,789
1
vote
1
answer
759
views
Relocate ELF symbols
How can I apply relocations of symbols in an elffile? I'm currently trying to archive this with pyelftools. Strangely, I could hardly find any information on how to do this, although some projects ...
- 2,906
4
votes
0
answers
343
views
Modern equivalent to rsymtab for reconstructing symbol table for statically linked / stripped binaries?
I'm working with a 32-bit ELF binary that (I believe) has been statically linked against a few different third-party libraries. It has also been stripped, so I don't have much to go on with respect to ...
- 91
1
vote
1
answer
296
views
Reuse symbols in disassembling/reassembling a C++ program
it's me again. I am working on a tool can that disassemble/reassemble stripped binaries and now I am sucked in a (external) symbol reuse issue.
The test is on 32-bit Linux x86 platform.
Suppose I ...
- 2,485