Skip to main content
Reverse Engineering

All Questions

Ask Question
Tagged with
45 questions
Newest Active Bountied Unanswered
20 votes
2 answers
6k views

Why are GOT and PLT still present in Linux static stripped binaries?

I am looking at statically linked linux x86 stripped binary. I noticed that there are .got and .plt sections. I wonder what does a statically linked binary need got and plt sections for ? Anyone ?
daehee's user avatar
daehee
  • 603
12 votes
1 answer
5k views

How are stripped shared libraries linked against?

Lately I've been reversing the Android framework for the Nexus S mobile phone. 99% of the source code is of course open, but there are few propriety shared libraries which needs to be downloaded in ...
Mellowcandle's user avatar
Mellowcandle
  • 4,825
11 votes
4 answers
8k views

How can I generate a call graph from an unstripped x86 Linux ELF?

There's a piece of software, for which I only have the binary, not the source code. It's: unobfuscated (so, not polymorphic or anything. It is optimized a bit, though) unstripped x86 32 bit ...
Parthian Shot's user avatar
Parthian Shot
  • 281
11 votes
2 answers
16k views

Which python library for parsing Linux ELF files?

I want to be able to parse 32 and 64 bit ELF files - but not create or modify them (e.g. as discussed in this thread). The ELF binaries may possibly come from embedded Linux systems, that is, the ...
langlauf.io's user avatar
langlauf.io
  • 1,560
6 votes
1 answer
5k views

Why are symbols with local binding present in the symbol table of my ELF files?

I found out that there are symbols with binding=LOCAL and visibility=HIDDEN in the symbol table (.symtab) of ELF executables/libraries. What are they needed for? They are not involved in the ...
user19496's user avatar
user19496
  • 61
6 votes
3 answers
12k views

Packers/Protectors for Linux

I was wondering if anyone had come across a packer/protector which could be used for ELF binaries. There seem to be quite a few articles on writing packers and protectors for the PE format -- however, ...
user avatar
user1743
6 votes
1 answer
5k views

Why have two symbols tables?

Why have two symbol tables if .symtab already contains everything that's in .dynsym ?
Itra's user avatar
Itra
  • 85
6 votes
3 answers
9k views

How to SUCCESSFULLY add a code section to an executable file in Linux?

I am in Linux, and I have seen this question a few times but never, nobody answered how to really make this work. I need to add a section to an already compiled binary. Lets say for a moment is an ...
0xfede7c8's user avatar
0xfede7c8
  • 243
5 votes
1 answer
3k views

Merging elf shared-objects

Let say I have libA.so and libB.so, is there any way for me to combine them into a single shared library libC.so that contains all exported symbols of both libA.so and libB.so?
Krypton's user avatar
Krypton
  • 191
4 votes
1 answer
3k views

Is there a way to debug an elf file that runs with no problems with damaged header?

My question is general, but to have an example to work with, let us take one from Whirlwind Tutorial. ; tiny.asm BITS 32 org 0x00010000 db 0x7F, "ELF" ; ...
Tahtisilma's user avatar
Tahtisilma
  • 141
4 votes
1 answer
6k views

How to disassemble/run mips ELF file ? (with readelf error)

So i want to disassemble and then run a MIPS elf file for the first time. As i don't have MIPS hardware i am using mipsel-unknown-linux-gnu toolchain.Here comes the problem. The output of the command ...
creuchmeuch's user avatar
creuchmeuch
  • 485
4 votes
1 answer
770 views

IAT vs GOT address resolving: which of them resolve during runtime and which during load time by default?

So based on my knowledge on windows apps, as far as i know the IAT gets filled with correct addresses when the library gets loaded (correct me if I'm wrong) now in linux, they use GOT, and again ...
OneAndOnly's user avatar
OneAndOnly
  • 518
4 votes
1 answer
876 views

Changing parameter of function call in ELF executable

I want to alter a ELF executable function call and replace one of it's parameters. The executable calls dlopen() function and passes RTLD_NOW as the flag parameter. I want to change it to RTLD_LAZY. ...
Mellowcandle's user avatar
Mellowcandle
  • 4,825
4 votes
0 answers
343 views

Modern equivalent to rsymtab for reconstructing symbol table for statically linked / stripped binaries?

I'm working with a 32-bit ELF binary that (I believe) has been statically linked against a few different third-party libraries. It has also been stripped, so I don't have much to go on with respect to ...
Colin's user avatar
Colin
  • 91
3 votes
1 answer
4k views

ELF link_map when linked as RELRO

When linking a binary with -Wl,-z,relro,-z,now, all relocations are performed at start-up before passing control to the binary. Because of this, there is no need for the .got.plt segment. Normally, ...
Zach Riggle's user avatar
Zach Riggle
  • 2,357

15 30 50 per page
1
2 3