Questions tagged [elf]
the Executable and Linkable Format is the main executable and object format for Linux, Solaris, *BSD, and many other OSes...
254
questions
0
votes
0
answers
734
views
Basic buffer-overflow on a remote program with Python/pwntools
I work on a online program in which I should do a buffer Overflow.
When I run the program, I have to complete a sum of two numbers generated randomly) :
>>> 451389913 + 1587598959 =
If I put ...
- 101
1
vote
0
answers
83
views
Normal artifact or something else?
I'm working on a Linux ELF challenge.
I have found this bit of code in the .text disassembly using objdump -d -M intel program
922: 83 c4 10 add esp,0x10
925: c7 45 f4 00 00 00 ...
- 141
1
vote
1
answer
611
views
Ida cannot open. a files of esp32 (Xtensa)
I tried to open this file with IDA Pro
https://github.com/espressif/esp32-wifi-lib/blob/master/esp32/libpp.a
Ida detect that is ELF for Xtensa (relocatable)
But when I tired to open it I got
Undefined ...
- 281
0
votes
2
answers
508
views
Reversing an obfuscation through a long linear switch statement
I have a program (ELF, 32 bits) that is probably quite short and simple, but which have been obfuscated with the following construction:
i = 0
switch(i):
case 0:
one small instruction
...
- 11
1
vote
1
answer
617
views
Figure out method name with _dl_runtime_resolve_xsavec
I have a packed Linux shared library that decrypts function stub with INIT_ARRAY.
When it's decrypted I'm unable to determine the method name. All method calls are redirected with relocation table. ...
- 123
1
vote
0
answers
180
views
silvio packer for shared libray leads to error: "ELF load command address/offset not properly aligned"
I'm trying to implement a packer based on silvio infection. The packer works fine for ET_EXEC. However, it failed with "ELF load command address/offset not properly aligned" error for the ...
- 81
1
vote
0
answers
72
views
failed to trigger packer's loader by overwritting the entry of rela.dyn on aarch64
I have implemented packer of x86_64 shared library.
Briefly, a loader is injected to a shared library, and
the rela.dyn entry is modified such that it points to the address of the loader. Once the ...
- 81
3
votes
1
answer
285
views
Code caves in arm assembly
In a disassembled elf binary i found these arm thumb instructions:
function0
0x002cc3a8 8079 ldrb r0, [r0, #6]
0x002cc3aa 7047 bx lr
In the codecave these were the initial hex ...
- 164
2
votes
0
answers
185
views
How do relocations work for imported functions in SH4 ELF?
I build very simple hello world code with sh4 gcc compiler as shared library:
#include <stdio.h>
void hello()
{
printf("Hello world!\n");
}
But when I load .so file into the ...
- 1,850
0
votes
1
answer
2k
views
Running ELF file built for ARM arhitecture
My goal is to run and debug ELF file (c444) which is compiled for the ARM architecture. I have some experience with x32 and x64 Intel architectures. However, I down know how to proceed with ARM-based ...
- 1
0
votes
1
answer
486
views
What does this function do?
I'm trying to understand what client sends to server. I already did most of the work, but one function left. I can't understand what to do with this function and what it does. I've tried to change ...
- 1
5
votes
2
answers
8k
views
How to decompile external functions of *.so library in ELF with Ghidra?
There are some *.so libraries in my ELF file.
I can see the *.so names in "Imports" directory of "Symbol Tree" Window in Ghidra tool.
I think there are some external functions in ...
- 119
2
votes
1
answer
2k
views
How can I find an external function code correctly in Ghidra and Radare2?
This is a code to call an external function(get_random_name) in the main function
push {fp, lr}
add fp, sp, 4
sub sp, sp, 0x1d8
str r0, [fp, -0x1d8]
str r1, [fp, -0x1dc]
sub r3, fp, 0x44
...
- 119
2
votes
2
answers
1k
views
How to reverse engineering ARM architecture ELF file on AMD linux?
I am reversing an ELF file, it's ARM architecture file.
But my OS is AMD linux.
How can I do reversing work for the ARM ELF file on AMD linux?
- 119
1
vote
2
answers
2k
views
Is it possible to reverse CGI binary file?
I wanna reverse CGI binary file.
Is it possible?
What are the recommended tools and guides?
Thank you for reading my question.
$ file test.cgi
status.cgi: ELF 32-bit LSB executable, ARM, EABI5 ...
- 119