Questions tagged [elf]
the Executable and Linkable Format is the main executable and object format for Linux, Solaris, *BSD, and many other OSes...
254
questions
1
vote
0
answers
41
views
Is there a way to sync symbol labels in Ghidra Disassembler with its Decompiler?
I swear that in IDA Pro, when I renamed a stack var in the disassembler, that name would port over to the decompiled view, but this doesn't seem to occur in Ghidra. In fact, in Ghidra, when I try to ...
- 1,880
0
votes
2
answers
54
views
Where can I find obfuscated ELF binaries to practice reverse engineering techniques specifically for obfuscated binaries?
I’m trying to get better at reverse engineering obfuscated code (and malware in general) and I’m looking for already obfuscated binaries with increasing levels of difficulty. I’ve looked a bit on ...
- 2,673
0
votes
1
answer
96
views
What ELF `e_flags` are defined for TI MSP430(X)
I have an MSP430 ELF executable file whose e_flags field is 0x0000000E. I cannot find any documentation for e_flags for this architecture. The application note "MSP430 Embedded Application Binary ...
CommunityBot
- 1
1
vote
1
answer
438
views
Adding a program header to ELF
I am a newbie in this, and I am trying to add a program header to a simple ELF64 "Hello World" program on Ubuntu. All in changing the binary data of the ELF.
I went to the end of the program ...
CommunityBot
- 1
0
votes
2
answers
81
views
reduce size of executable ELF program
I'm experimenting on patching my hello world program in order to make it smol.
I started by reducing the size of the program with the following commands:
as --32 ./hello_32.S -o ./hello_32.o
ld -...
- 36.8k
1
vote
1
answer
105
views
Tips for reverse engineering Common Lisp (SBCL) ELF binary
I got to the task of reverse engineering the ELF binary. I found out that it is a compiled SBCL. I have no idea how to do static or dynamic analysis, any tips (where to start, I found basically ...
CommunityBot
- 1
1
vote
1
answer
78
views
Inject ELF with an entierly self-contained code section that can statically call standard library functions
What I want to do
What I want to do is inject an existing ELF binary with additional code that runs before the original .text section and then transfers control back to it.
What I can already do
Now, ...
CommunityBot
- 1
1
vote
1
answer
2k
views
Extract PYZ Error
I successfully recovered some PYC files from an ELF built by PyInstaller (https://github.com/extremecoders-re/pyinstxtractor/wiki/Extracting-Linux-ELF-binaries). There is a PYZ archive in the dump. I ...
CommunityBot
- 1
0
votes
0
answers
61
views
Improving the output of pseudocode C++ code from IDA Pro
I have some specific questions and some general ones about reverse-engineering a dynamic shared library via IDA Pro 8.3:
If I know the compiler used and compiler flags used (via readelf --debug-dump),...
- 143
1
vote
2
answers
592
views
Adding debug symbols with GDB
In CTFs when I'm given some ELF file, it usually wasn't compiled with the -g flag. Is there a way to to somehow edit the file to make it be as if the ELF file was originally compiled with the -g flag?
...
- 1
0
votes
0
answers
47
views
Why is an empty binary larger than one with a variable?
On my own self-learning R.E. Starting with understanding ELF and hopefully whats going on with every byte.
I build 2 simple binaries: 1 with a variable and 1 without. For some reason, the one without ...
0
votes
0
answers
57
views
Attempting to auto reverse XOR
Does anyone know of any helpful tools or a way to automate decryption of XOR in IDA? I know that they have a built in function to do some bare XOR encryption but this one seems a bit more ...
1
vote
1
answer
108
views
Where is IDA getting this symbol?
I'm currently researching how a certain malware works and patches some stuff in a certain Android's library.
Inspecting the library -which is stripped- in IDA I was able to get the symbol for a ...
- 1,297
0
votes
1
answer
72
views
Updating legacy library in an already compiled binary
I'm dealing with a reverse engineering challenge involving a binary application that was statically compiled with a legacy library. While the legacy library is not vulnerable, it lacks certain ...
- 4,488
1
vote
0
answers
58
views
Default linker files and sections: Explain thier origin/history and thier purpose
I have a Linux Ubuntu(20.04) machine with gcc and clang installed. I figured out the directory containing the default linker script:
/usr/lib/x86_64-linux-gnu/ldscripts$ ls
elf32_x86_64.x ...
- 11