Get hardcoded char array from compiled C++ source

Question

It is well known that literal strings can be retrieved from C++ compilates. For example, the output of

g++ a.cpp

on

int main(void)
{
    const char * secret0 = "abcdefghijklmnopqrstuvwxyz";
    const char secret1[] = {
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
    };
    return 0;
}

can be inspected with strings. The output contains the strings:

strings a.out | grep -i xyz

abcdefghijklmnopqrstuvwxyz

Is something like that possible for the hardcoded char array {0x01, 0x02, 0x03, 0x04, ...} as well?

Strings will output that if the charecters are within printable ascii range and size is greater than threshhold levels. If the chars are not in printable range then it is guess game. And heuristics For example a continuous 0x90 in text section might be nop whereas the same might be prefilled buffer in a read only section — blabb, Oct 04 '23 at 03:22
If your query was as answered by mimak then you dont need anything more than grep -obUaP escaped_hex — blabb, Oct 04 '23 at 15:01

mimak · Answer 1 · 2023-10-04T08:27:57.320

0

Constants are usually saved in the .data segment (assuming ELF format), including arrays. You should be able to find it with any hex editor with a search function, for instance Ghidra's Search Memory.

edited Oct 04 '23 at 08:27

answered Oct 04 '23 at 08:18

mimak

579
1
3
15

Get hardcoded char array from compiled C++ source

1 Answers1