All Questions
7
questions
2
votes
3
answers
7k
views
Where can I get Linux malware samples?
There have been numerous sites stated in this wonderful post that one could retrieve malware samples. However, I am having a difficult time (sorry D:) locating Linux-specific malware from those sites ...
- 117
3
votes
1
answer
5k
views
IDA Pro debugging: follow child process
I'm reverse engineering a malware that creates a number of child processes and I'm trying to do dynamic analysis of the ELF binary with IDA Pro and IDA's Local Linux Debugger, but I can't get IDA to ...
- 31
3
votes
1
answer
2k
views
ELF binary injection
I am currently working on an ELF-injector and my approach is standard: find code cave (long enough sequence of 0's), rewrite it with the instructions I want to execute and then jump back to the start ...
6
votes
3
answers
12k
views
Packers/Protectors for Linux
I was wondering if anyone had come across a packer/protector which could be used for ELF binaries. There seem to be quite a few articles on writing packers and protectors for the PE format -- however, ...
user1743
6
votes
1
answer
5k
views
Why are symbols with local binding present in the symbol table of my ELF files?
I found out that there are symbols with binding=LOCAL and visibility=HIDDEN in the symbol table (.symtab) of ELF executables/libraries. What are they needed for? They are not involved in the ...
- 61
2
votes
1
answer
3k
views
Disassemblers resolving (ELF) section names
I'm working with linux executables and was just wondering how it is that section names are resolved to addresses upon disassembly of an ELF.
For example take some random disassembly output from ...
1
vote
1
answer
5k
views
Unable to view stack and memory addresses in IDA Pro [duplicate]
I am debugging a 32-bit ELF executable using remote GDB debugging option of IDA Pro. However, I am unable to view the contents of stack in the stack view. Also, the stack pointer value is: 0xFFFFD328
...
- 765