RE

Intro Assuming you’ve got ELF headers like Elf64_Ehdr or Elf32_Ehdr at your fingertips, and you’re armed with the know-how and tools to decipher their contents effortlessly. For this article I’ll be using the below C code to generate the ELF file. /* file: hello_world.c */ #include <stdio.h> // A macro #define HELLO_MSG1 "Hello World1" // A global variable char HELLO_MSG2[] = "Hello World2"; // main function int main() { // local variable for main char HELLO_MSG3[] = "Hello World3"; // Print messages printf("%s\n", HELLO_MSG1); printf("%s\n", HELLO_MSG2); printf("%s\n", HELLO_MSG3); return 0; } You can get the ELF binary by compiling this code....

Hexdumps In the fascinating world of computers, we’re stuck conversing in binary, a rather dull language of just ones and zeros. But because we mere humans love things to be a tad more exciting and concise, we’ve come up with our own nifty number system - “hexadecimal” or “hex” for short. This system ditches the binary bore and adds a touch of flair with 16 snazzy symbols. It’s got your usual digits from 0 to 9, plus those fancy A to F letters to make data a bit more, well, hexadecimal-chic!...

When an operating system (OS) runs a program, the program is first loaded into main memory. Memory is utilized for both program’s machine instructions and program’s data…this includes parameters, dynamic variables, (un)initialized variables, and so on. Most computers today use paged memory allocations, which allow the amount of memory assigned to a program to increase/decrease as the needs of the application change. Memory is allocated to the program and reclaimed by the operating system in fixed-size chunks known as pages....

We covered a wide range of topics in earlier articles that were helpful in comprehending how many lower-level processes operate. This blog will concentrate on applying those ideas to recreate C program after reverse engineering a simple calculator binary. It is always a good idea to observe how the target software responds to various inputs. This gives you a sense of the internal logic that might be operating. If we run this program without any arguments, we will get an error message stating that we need to pass more arguments as well as the usage guide is printed....

In the previous blog, I discussed some of the basic C program’s disassembly structures, concentrating on the variables and their memory layouts. This article, a follow-up to the previous one, focuses on basic operations and functions in C programs. In the previous blogs, we have seen what an empty C program looks like void main() {} Disassembly: main: push rbp mov rbp, rsp nop pop rbp ret Arithmatic operators Now if we want to work with operations, we’ll have to add 2 local variables to the function....