Binary Analysis
ELF parsing without a Section Header Nov 06 2006 10:58PM
Chris (em386x gmail com)
Hello,

Im new to this list. I maintain a blog at http://em386.blogspot.com It
mostly focuses on malware analysis on unix. The most recent post is a
short introduction to analyzing ELF objects with a (s)stripped section
header. The post contains some code (
http://em386x.googlepages.com/phdr_syms.c.txt ) on how to extract a
symbol table using the program header. Even in 2006 too many tools use
and trust the section header to parse ELF objects. Im also looking for
ELF packers (besides UPX) to aide in my detection research. Any links
would be helpful. Thanks!

chris

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus