Questions tagged [elf]
the Executable and Linkable Format is the main executable and object format for Linux, Solaris, *BSD, and many other OSes...
254
questions
2
votes
2
answers
678
views
debugging an older version of libc
I'm trying to understand heap exploitation better. Therefore, I compiled the following file:
https://github.com/shellphish/how2heap/blob/master/glibc_2.25/fastbin_dup_into_stack.c
I have the newest ...
- 21
0
votes
0
answers
1k
views
Modify Strings in a ELF (Executable and Linking Format) that are stored in the .rodata
I have 2 ELF files here, each containing strings in the ".rodata" for an translation that I want to modify.
The first ELF "(binary1)" I have already successfully modified from ...
- 83
1
vote
1
answer
5k
views
How to open new window of decompiler or resize the decompiler of Ghidra?
This is very small and inconvenient to read. How do i open new Window (any shortcut key) or resize it, for some reason i cant resize.
Any help?
EDIT: Oh thanks Shane Riley, i clicked the blue button ...
- 113
0
votes
1
answer
553
views
Generating an elf header
To get a basic understanding of the ELF format, I'm writing a basic program to generate a valid elf file from the most basic assembly output. I'm going step-by-step so I'll probably ask a few ...
- 103
1
vote
0
answers
135
views
Statically injecting translated NASM assembly into existing ELF binary
I'm trying to statically patching ELF binaries in order to incorporate code that can help provide run-time protection.
In an effort to save time writing and debugging assembly, I took the following no-...
- 111
0
votes
0
answers
172
views
How is ELF symbol resolution and relocation different from PE symbol resolution?
I've learned extensively about PE and PE64 format a while back. I am now digging deeper into ELF format. However, I've not found as many thorough resources for ELF as I did for PE, such as ARTeam's PE ...
- 1,880
1
vote
1
answer
64
views
How are members of a Structure Type positioned on the stack?
Some of the structure types have members that are not stacked next to each other. Check out the structure type at 0x33E6 in bzip2_base (x86-64) here. There's an int at location offset 0, a char at 4 ...
- 15
0
votes
1
answer
145
views
How is padding size calculated for members of structure types?
Looking at DWARFs of bzip2_base I see different offsets between members of a structure type although they are of the same type. Check _IO_FILE structure at the offset 0x9c here. All the way until the ...
- 15
1
vote
1
answer
69
views
GDB exited when running library
I'm new with gdb and I have spent hours looking for direction but I can't find any.
I need to analyze an executable to find how this program process the arguments and where the output came from. I ...
- 13
13
votes
1
answer
3k
views
Extracting strings from Go binaries
Is there an easy way to extract all of the strings from Go binaries that will work cross architecture?
The problem with Go is that strings are stored without a null terminator, so you can't use the &...
- 231
0
votes
0
answers
616
views
Combine two ELF binaries
Without having access to the original source code, is there a way to combine two ELF binaries with the main() in the first binary pointing to the main() in the second binary ?
In other words, I mean ...
- 156
1
vote
0
answers
146
views
dwarf: variable offset from base
I have a simple code:
int main()
{
int a = 4;
printf("%d\n", a);
a = 8;
if (a == 8)
printf("%d\n", a);
return 0;
}
DIEs for the function and variable:
<1><32a>: Abbrev ...
- 1,807
2
votes
0
answers
408
views
Shellcode execution segfault
I have been trying to exploit simple buffer overflow caused by scanf. I'm working on x86 Linux. The point is to spawn a shell. I sucesfully overwritten return address and jumped into my shellcode. But ...
- 21
0
votes
1
answer
220
views
"check:" keyword in Ghidra
I have disassembled the crackme0x06 challenge (http://security.cs.rpi.edu/courses/binexp-spring2015 inside challenges.zip). It's an ELF 32bit unstripped binary. The decompiled C code using Ghidra ...
- 3
3
votes
1
answer
3k
views
Ghidra python - get program base address
What is the way to get the program base address in Ghidra?
- 1,858