All Questions
15
questions
0
votes
0
answers
61
views
Improving the output of pseudocode C++ code from IDA Pro
I have some specific questions and some general ones about reverse-engineering a dynamic shared library via IDA Pro 8.3:
If I know the compiler used and compiler flags used (via readelf --debug-dump),...
- 143
0
votes
1
answer
101
views
ELF - Why does objdump provide a wrong byte value in the .got?
I seriously can't tell if I'm misunderstanding something grossly or if this is a bug in objdump. Newbie alert.
$ objdump -s --start-address=0x3fc0 --stop-address=0x3fc1 test
test: file format ...
1
vote
0
answers
94
views
Program Analysis on a Wargame Binary
I've recently took it upon myself to research more about reverse engineering, I'm currently testing my intermediate skills on various CTF hosting sites. Interestingly enough I have come across a ...
- 11
3
votes
1
answer
95
views
x64 buffer overflow - tcp shell payload
ASLR: off
Canary: on
I have a binary that when run, it spawns zombie process on port 9191. I've been using ghidra and gdb to reverse engineer this and have found the buffer, canary, found the pop rdi ...
- 31
1
vote
0
answers
180
views
silvio packer for shared libray leads to error: "ELF load command address/offset not properly aligned"
I'm trying to implement a packer based on silvio infection. The packer works fine for ET_EXEC. However, it failed with "ELF load command address/offset not properly aligned" error for the ...
- 81
3
votes
3
answers
5k
views
startup program exits with code 126 when executing program at entrypoint
I want to reverse engineer a program. I managed to find the entry point but every time I want to launch the application I get the same error `During startup program exited with code 126.
Here is what ...
0
votes
1
answer
237
views
How to determine when/where pointers in .ctors get mapped?
So I am learning about ELF, and am looking through a binary in Ghidra as I do. I've made sense of the ELF header, and now I am looking through the program header table.
My binary has a bunch of ...
- 129
7
votes
3
answers
3k
views
Elf x86_64 adding function
I'm trying to see if I can append function code in the .text section of an ELF while still maintaining the execution flow of the original ELF. Ideally, I want to call the new function but that's it's ...
- 73
1
vote
1
answer
2k
views
Changing entry-point of and ELF file
I'm trying to conduct a little experiment which basically consists of changing the EP of an ELF file and executing an exit(9) syscall, without returning to the OEP. As shown in the image everything ...
- 427
2
votes
3
answers
977
views
Is the main function's name in the symbol table of C & C++ programs always 'main'? if not, how to find the name?
So I'm trying to write a reversing tool that parses symbol table to find the main function's address
right now all the binaries I'm checking the name of main function is still main in symbol table
...
- 99
3
votes
2
answers
840
views
What are these LOAD segments in an assembly ELF64?
I wrote the following (fasm) assembly program:
format ELF64 executable
segment readable executable
; sys_exit, sys_write, strlen and print are from io.inc and
; unistd64.inc at: https://github.com/...
- 31
2
votes
0
answers
467
views
Using __kernel_vsyscall on x64 linux machine [closed]
I am trying to use __kernel_vsyscall instead of syscall/int 80 on linux x64.
I have read that it can be done on Intel chips (I have one), but i can't find how can one do it. I have x32 version:
int ...
- 43
1
vote
1
answer
414
views
Is it possible to rebuild an nexe file if I can read at arbitrary untrusted memory addresses?
Ok, I’m in a remote situation where I don’t have access to the remote filesystem but where I can run arbitrary python code (except I can’t fork processes and I don’t have access to ulimit and uname).
...
- 143
1
vote
2
answers
556
views
Figure out whether a function has return value of not?
I am doing binary analysis on x86-64bit ELF binaries. All the binaries are compiled from C language. Basically, for a given function, I would like to figure out whether this function has a return ...
- 2,485
28
votes
1
answer
112k
views
Reversing ELF 64-bit LSB executable, x86-64 ,gdb
I'm a newbie and just got into RE.
I got a ELF 64-bit LSB executable, x86-64. I'm trying to reverse it.
First I tried to set a break point on line 1 using
gdb ./filename
break 1
The gdb says
No ...
- 433