the Executable and Linkable Format is the main executable and object format for Linux, Solaris, *BSD, and many other OSes...
Questions tagged [elf]
251 questions
8
votes
2 answers
Reassembling ELF binary files
I have been doing a number of CTF activities when I came across something I’m unfamiliar with. As I am somewhat new to exploitation and reverse engineering, this was unfamiliar to me.
I have 7 pieces of an ELF binary file. I’ve been using readelf to…
t3nt0nbr1ck
- 81
- 4
7
votes
3 answers
No dynamic symbol table but resolution of method from shared libraries is working
I want to find how can I identify calls to shared libraries in GDB only. On a stripped binary, I cannot found the dynamic symbol table:
$> objdump -tT crackme-01
crackme-01: file format elf32-i386
objdump: crackme-01: not a dynamic…
Kartoch
- 173
- 1
- 5
6
votes
2 answers
Meaning of Flags in ELF Section header?
Given this classic helloworld.c example,
#include
int main() {
printf("Hello world!\n");
}
In below sections output, the value for Flags presents a couple of different values, e.g. A, AI, AX, WA, etc.
From man elf, I understand A…
Jiaming
- 95
- 1
- 6
3
votes
1 answer
Maximum size of .text section?
When the ELF file loading process, .text section is mapped to a memory segment. I would like to know:
What is the maximum value of a segment size ?
What is the maximum value of .text section size ?
user6903
- 411
- 4
- 11
2
votes
2 answers
Making ELF's .data section Executable at static time
Is it possible to make the .data section of an ELF file executable?
I've tried to make the .data section executable by changing the flags of the .data section, but it simply doesn't work.
Is it not possible by system design? I'm looking for a method…
user10007
- 41
- 2
2
votes
2 answers
How to reverse engineering ARM architecture ELF file on AMD linux?
I am reversing an ELF file, it's ARM architecture file.
But my OS is AMD linux.
How can I do reversing work for the ARM ELF file on AMD linux?
three2zero
- 119
- 1
- 12
2
votes
1 answer
ELF imported symbols colision
From what I understand, the ELF format doesn't specify which symbols come from which file - Every ELF that uses import has a list of symbols to import and list of file names, and the loader is trying to locate those symbols in the file names.
But…
macro_controller
- 1,858
- 10
- 28
2
votes
2 answers
ptrace TRACE_PEEKER: Input/output error accessing virtual address contents when traced file is a shared object file
I'm using updated Kali and compiling this for 64- bit
Working through Learning Linux Binary Analysis,'simple ptrace-based debugger' on page 57.
Source code and testfile to debug included.
Problem is accessing the return value of lookup_symbol from…
flerb
- 131
- 7
1
vote
1 answer
Figure out method name with _dl_runtime_resolve_xsavec
I have a packed Linux shared library that decrypts function stub with INIT_ARRAY.
When it's decrypted I'm unable to determine the method name. All method calls are redirected with relocation table. Something similar to this:
push 34h
jmp …
daisy
- 123
- 4
1
vote
1 answer
Is an ELF SHT_RELA section with a 0 `sh_link` valid?
I have an 64-bit s390x ELF binary with a RELA section named ".rela.plt" whose sh_link field is 0. I was under the impression that the sh_link is a required value, providing the id of the section where the symbols used by the relocations are…
John Källén
- 1,070
- 9
- 17
0
votes
1 answer
What ELF `e_flags` are defined for TI MSP430(X)
I have an MSP430 ELF executable file whose e_flags field is 0x0000000E. I cannot find any documentation for e_flags for this architecture. The application note "MSP430 Embedded Application Binary Interface" from TI explicitly states:
There are no…
John Källén
- 1,070
- 9
- 17
-1
votes
1 answer
How reverse a stripped binary (Find the main function)
I'm learning the reverse, and I'm trying to reverse a stripped binary (flag: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, stripped). I manage to go to the entry address that points to the _start function. But…
jukebox
- 193
- 1
- 7