Questions tagged [elf]
the Executable and Linkable Format is the main executable and object format for Linux, Solaris, *BSD, and many other OSes...
254
questions
3
votes
1
answer
421
views
What is the ELF .got section used for?
I'm trying to learn how GOT/PLT works in ELF binaries. The way I see it - there's three sections; .got, .plt and .got.plt.
When the program tries to call an imported function which is lazy binded, it ...
2
votes
0
answers
39
views
Please help with striped binary reverse
Not so long ago I was engaged in reverse and pwn, I came across such a task
This is a normal task with a vulnerability on the heap, but it is striped and I don’t understand where which functions are
I ...
1
vote
0
answers
94
views
Program Analysis on a Wargame Binary
I've recently took it upon myself to research more about reverse engineering, I'm currently testing my intermediate skills on various CTF hosting sites. Interestingly enough I have come across a ...
2
votes
0
answers
166
views
Does AnyOne knows how to reverse python file that is encoded into elf binary .cpython-310.so extension? Please Help me Out
Following is the link to the file that I want to reverse. This is the python file that is encoded in cpython or cython and it is now a binary file.
Please help me to decode it as it is very important ...
2
votes
0
answers
111
views
Merge HEX file into existing ELF file in ghidra
I have an Infineon Tricore ELF file. I have a HEX file that has been patched with minor changes and new code appended (e.g. the hex from the ELF was exported and then had changes made to it manually ...
3
votes
1
answer
395
views
How can I verify section -> segment mapping for ELFs on linux?
I'm looking at at ELF on linux and I have readelf --segments ./myELF which shows:
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR ...
3
votes
1
answer
95
views
x64 buffer overflow - tcp shell payload
ASLR: off
Canary: on
I have a binary that when run, it spawns zombie process on port 9191. I've been using ghidra and gdb to reverse engineer this and have found the buffer, canary, found the pop rdi ...
1
vote
0
answers
92
views
determine the PC of code gadgets in PLT section of ELF file
I am trying to parse an ELF file using custom code. With reference to the image below (output displayed is from objdump), I need to get the address of code gadget starting at , for example 401030 for ...
1
vote
0
answers
2k
views
How can i get the address of a function in memory?
I am currently completing a CTF exercise where i must attempt to overwrite a function pointer on the stack through a buffer overflow here is the code:
#include <err.h>
#include <stdio.h>
#...
1
vote
0
answers
173
views
Intercepting a PHP module with frida
I have a PHP module, and I'm trying to hook the functions of that module.
...
39: 0000000000024a60 1858 FUNC LOCAL DEFAULT 12 zim_ClassName_ClassName_exec
...
90: 0000000000028f10 8 ...
1
vote
0
answers
124
views
how to hide all export functions in a elf so library?
I have this game I want to patch, the game server executable loads a elf so library with functions. I want to add new functions into this library so I patched the game server executable with elfpatch ...
0
votes
1
answer
405
views
Reverse engineering ELF: The e_phentsize field in the ELF header is less than the size of an ELF program header
I have extracted the .so binary libTheArmKing.so (located in lib directory in apk file) from a hack of World War Heroes game (an Android game) from Plantimod Forum.
file output:
libTheArmKing.so: ELF ...
2
votes
0
answers
68
views
Wrong EP on an .elf CrackMe
I am trying to solve an elf CrackMe. I opened it with IDA Pro and I saw start function is on address 0x1E8. I opened the elf with HxD and I saw entry point is 0x1E9 (and no results on file for 01E8)......
1
vote
1
answer
73
views
Patching a B(ranch) causes segfault in ARMv7 binary, while the same patch (with JMP) works on x64 binary
Any ideas why trying to patch a ARMv7 binary causes a segfault while basically the same patch on the Win64 version of the software works as expected?
Here is the Win64 version, that works
UPX0:...
6
votes
1
answer
3k
views
What's the format of Mediatek MRE VXP file and how to create a workable VXP binary?
Background
Mediatek's MRE (MAUI Runtime Environment) is the default runtime on Nokia S30+ platform, replacing the J2ME platform on older Nokia. From MRE's page:
MRE (MAUI Runtime Environment) is a ...