Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Byte patching issue

RCE of Linux tools and programs.
blabberer
Senior Member
Posts: 1535
Joined: Wed Dec 08, 2004 11:12 am

Post by blabberer »

well i havent used ida linux much but try using objdump

for example
this could fetch all the rel calls and thier opcodes

Code: Select all

 objdump -d /bin/ls  -j .text -M intel | grep 'call' | grep 'e8' | more
 80499ac:       e8 3f fd ff ff          call   0x80496f0
 80499b8:       e8 00 00 00 00          call   0x80499bd
 8049a40:       e8 bb 65 fb f7          call   0x0
 8049a92:       e8 39 fb ff ff          call   0x80495d0
 8049ab0:       e8 db fd ff ff          call   0x8049890
 8049ad2:       e8 f9 fa ff ff          call   0x80495d0
 8049b00:       e8 0b fa ff ff          call   0x8049510
 8049b71:       e8 4a f9 ff ff          call   0x80494c0
 8049b8f:       e8 9c fb ff ff          call   0x8049730
 8049c04:       e8 e7 b7 00 00          call   0x80553f0
 8049cb8:       e8 03 aa 00 00          call   0x80546c0
 8049cdc:       e8 2f 7e 00 00          call   0x8051b10
 8049d03:       e8 68 fb ff ff          call   0x8049870
 8049d17:       e8 44 a9 00 00          call   0x8054660
 8049d45:       e8 26 fb ff ff          call   0x8049870
sailor__eda
Junior Member
Posts: 24
Joined: Sun May 30, 2004 2:01 pm

Post by sailor__eda »

Hi Naides,

That is some really good work. It all makes sense and I agree, patching calls is probably not a good idea for elf libraries.
Cool. Thanks for the great investigation.

Sailor_eda
Locked