Skip to main content
Reverse Engineering

Questions tagged [elf]

Ask Question

the Executable and Linkable Format is the main executable and object format for Linux, Solaris, *BSD, and many other OSes...

47 questions with no upvoted or accepted answers
Newest Active Bountied Unanswered
4 votes
0 answers
343 views

Modern equivalent to rsymtab for reconstructing symbol table for statically linked / stripped binaries?

I'm working with a 32-bit ELF binary that (I believe) has been statically linked against a few different third-party libraries. It has also been stripped, so I don't have much to go on with respect to ...
Colin's user avatar
Colin
  • 91
2 votes
0 answers
39 views

Please help with striped binary reverse

Not so long ago I was engaged in reverse and pwn, I came across such a task This is a normal task with a vulnerability on the heap, but it is striped and I don’t understand where which functions are I ...
K05t1K_RWX's user avatar
K05t1K_RWX
  • 39
2 votes
0 answers
166 views

Does AnyOne knows how to reverse python file that is encoded into elf binary .cpython-310.so extension? Please Help me Out

Following is the link to the file that I want to reverse. This is the python file that is encoded in cpython or cython and it is now a binary file. Please help me to decode it as it is very important ...
Jameel Safdar's user avatar
Jameel Safdar
  • 21
2 votes
0 answers
111 views

Merge HEX file into existing ELF file in ghidra

I have an Infineon Tricore ELF file. I have a HEX file that has been patched with minor changes and new code appended (e.g. the hex from the ELF was exported and then had changes made to it manually ...
rollsch's user avatar
rollsch
  • 263
2 votes
0 answers
68 views

Wrong EP on an .elf CrackMe

I am trying to solve an elf CrackMe. I opened it with IDA Pro and I saw start function is on address 0x1E8. I opened the elf with HxD and I saw entry point is 0x1E9 (and no results on file for 01E8)......
pericopo10's user avatar
pericopo10
  • 21
2 votes
0 answers
185 views

How do relocations work for imported functions in SH4 ELF?

I build very simple hello world code with sh4 gcc compiler as shared library: #include <stdio.h> void hello() { printf("Hello world!\n"); } But when I load .so file into the ...
Anton Kukoba's user avatar
Anton Kukoba
  • 1,850
2 votes
0 answers
672 views

Tool/parser for symbol tables produced with objdump -t to be used with IDA / Ghidra?

Working with a binary (arm64) file that seems to be some sort of a broken ELF file. The header data is missing and for some reason it contains a symbol table in a format that to me seem to be equal to ...
blubbafett's user avatar
blubbafett
  • 121
2 votes
0 answers
408 views

Shellcode execution segfault

I have been trying to exploit simple buffer overflow caused by scanf. I'm working on x86 Linux. The point is to spawn a shell. I sucesfully overwritten return address and jumped into my shellcode. But ...
user32914's user avatar
user32914
  • 21
2 votes
0 answers
2k views

Debugging a position independent executable ELF

I am trying to follow the write-up about hackercalc (a challenge for DEFCON 2015 quals). First, by loading the challenge into gdb, I observe that: (gdb) info files ... Entry point: 0xcf8 ... So I ...
Ta Thanh Dinh's user avatar
Ta Thanh Dinh
  • 1,410
2 votes
0 answers
612 views

Trying to run MIPS ELF with a cross toolchain but sigbus error

I finally successfuly installed a cross toolchain from this site in order to run and debug a mips elf on my x86-64 . I only have the elf file. I can disassemble it but when i try to run it with : ...
creuchmeuch's user avatar
creuchmeuch
  • 485
2 votes
0 answers
555 views

Patch ELF (arm): remove constructor segment

I got an ELF shared library with a constructor function that is executed every time the library is loaded: .init_array:00005E5C ; ===================================================================== ...
Krypton's user avatar
Krypton
  • 191
2 votes
1 answer
670 views

Debugging Binary using Far Ret to switch Code Segment

It appears that GDB is unable to handle binaries which switch code segments. Using pwntools*, it's trivial to generate a 32-bit intel binary which uses retf to switch to the 64-bit code segment. ...
Zach Riggle's user avatar
Zach Riggle
  • 2,357
1 vote
0 answers
41 views

Is there a way to sync symbol labels in Ghidra Disassembler with its Decompiler?

I swear that in IDA Pro, when I renamed a stack var in the disassembler, that name would port over to the decompiled view, but this doesn't seem to occur in Ghidra. In fact, in Ghidra, when I try to ...
the_endian's user avatar
the_endian
  • 1,880
1 vote
1 answer
78 views

Inject ELF with an entierly self-contained code section that can statically call standard library functions

What I want to do What I want to do is inject an existing ELF binary with additional code that runs before the original .text section and then transfers control back to it. What I can already do Now, ...
PaperTsar's user avatar
PaperTsar
  • 111
1 vote
0 answers
58 views

Default linker files and sections: Explain thier origin/history and thier purpose

I have a Linux Ubuntu(20.04) machine with gcc and clang installed. I figured out the directory containing the default linker script: /usr/lib/x86_64-linux-gnu/ldscripts$ ls elf32_x86_64.x ...
Self's user avatar
Self
  • 11

15 30 50 per page
1
2 3 4