Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
RCE of Linux tools and programs.
- Senior Member
- Posts: 1535
- Joined: Wed Dec 08, 2004 11:12 am
well i havent used ida linux much but try using objdump
this could fetch all the rel calls and thier opcodes
Code: Select all
objdump -d /bin/ls -j .text -M intel | grep 'call' | grep 'e8' | more
80499ac: e8 3f fd ff ff call 0x80496f0
80499b8: e8 00 00 00 00 call 0x80499bd
8049a40: e8 bb 65 fb f7 call 0x0
8049a92: e8 39 fb ff ff call 0x80495d0
8049ab0: e8 db fd ff ff call 0x8049890
8049ad2: e8 f9 fa ff ff call 0x80495d0
8049b00: e8 0b fa ff ff call 0x8049510
8049b71: e8 4a f9 ff ff call 0x80494c0
8049b8f: e8 9c fb ff ff call 0x8049730
8049c04: e8 e7 b7 00 00 call 0x80553f0
8049cb8: e8 03 aa 00 00 call 0x80546c0
8049cdc: e8 2f 7e 00 00 call 0x8051b10
8049d03: e8 68 fb ff ff call 0x8049870
8049d17: e8 44 a9 00 00 call 0x8054660
8049d45: e8 26 fb ff ff call 0x8049870
- Junior Member
- Posts: 24
- Joined: Sun May 30, 2004 2:01 pm
That is some really good work. It all makes sense and I agree, patching calls is probably not a good idea for elf libraries.
Cool. Thanks for the great investigation.