I have a ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), which is also stripped, and I want to explore it. Does anyone know how to decompile such a file?
IDA plus Hex-Rays decompiler can decompile (to pseudo-C code) most of 32-bit x86 code, including Linux ELF files.
Disclaimer: I work for Hex-Rays.
Related
I directly use the binary file you released to test on my arm64-based computer. But the test result is not normal operation. The reason is that nw interpreter needs to be /lib/ld-linux-aarch64.so.1 instead of /lib/ld-linux-armhf.so.3 on Linux version 4.19.172 for arm64.
How to compile the binary file so that the interpreter of this file is /lib/ld-linux-aarch64.so?
$ file ./nwjs-chromium-ffmpeg-branding/nwjs-v0.52.3-linux-arm/nw
$ ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 3.2.0, BuildID[xxHash]=4c8a98c5d541ac00, stripped
But, I want to get a binary executable file like this:
$ file ./nwjs-chromium-ffmpeg-branding/nwjs-v0.52.3-linux-arm/nw
$ ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.2.0, BuildID[xxHash]=4c8a98c5d541ac00, stripped
I am trying to execute a elf file (call it precompiled) and it gives:
Illegal instruction (core dumped)
Compiling from source works fine
gcc source.c
./a.out
Debug info:
file precompiled
precompiled: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=<BUILD ID HERE>, not stripped
file a
a: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=<BUILD ID HERE>, not stripped
What can be causing this error? If it is the different GNU/Linux version, how can I download from the terminal the necessary packages?
It means the compiled binary contains an instruction(possibly more than one instruction) that's not valid on the architecture where you're running it.
You can run your binary under gdb to find out specific instruction:
gdb ./precompiled
(gdb) run
(gdb) bt
(gdb) disassemble
Then type run and then when it fails, run bt (backtrace) to see where it fails. Use disassemble to see the specific instruction that's causing the failure.
There's not much you can do to fix it. You could potentially edit the binary by disassembling it and editing the assembly and again compiling it into a binary. Given that you have the source code, it's simpler to re-compile on your target machine.
You may be able to avoid specific instructions (when compiling on a different machine -- where you compiled precompiled binary) by using compiler switches based on your target architecture.
I have a compiled binary of Dropbear. When I do file dbclient I get the following :
dbclient: ELF 32-bit LSB executable, ARM, version 1 (SYSV),
dynamically linked (uses shared libs), stripped
When I am trying to compile it on my own (very beginner) with
./configure --host=arm-linux-gnueabi --prefix=/ --disable-zlib
CC=arm-linux-gnueabi-gcc LD=arm-linux-gnueabi-ld make make install
I get the following after it compiled
dbclient: ELF 32-bit LSB executable, ARM, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.31,
BuildID[sha1]=0x016ac7e729afb02d60248393619b41380379777d, not stripped
For the stripped part, I don't care I could strip it later.
But my question is how to specify the "for GNU/Linux 2.6.31". What does it mean and how do I change it to target Linux 3.10.49 armv5tejl?
I'm trying to generate ARM Object file under ubuntu using arm-none-eabi package but without success.
url describing this format:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0041c/BCEJDJBC.html
root#ubuntu:~/arm/blink# arm-none-eabi-as hello.S
root#ubuntu:~/arm/blink# file a.out
a.out: ELF 32-bit LSB relocatable, ARM, version 1 (SYSV), not stripped
Is there a way to know what shared libraries are used from a executable file ?
From DivFix++ for example:
$ file DivFix++
DivFix++: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped
Using ldd:
$ ldd DivFix++
You can use the ldd command which prints the shared library dependencies:
ldd DivFix++