Device architecture: ARM
I have a statically linked executable file without any symbolic information. Moreover, it is obfuscated.
But, thanks God, it is possible to get some useful information about this file with help of one interesting utility "strings".
As "man" says:
.strings - print the strings of printable characters in files
The result of
Code: Select all
ElfData::ElfData(): ELF data storage is broken ElfData::addToSection(): can't create the output section data ElfSection::ElfSection(): ELF data storage is broken ElfSection::ElfSection(): NULL section name ElfSection::addToElf(): can't allocate the new section ElfSection::addToElf(): can't get the new section header ElfSection::addToElf(): can't create the output section data for BSS ... UnwindStructure::Fragment::readStandardDescriptors: impossible combination UnwindStructure::Fragment::writeStandardDescriptors: undefined action = ... UnwindStructure::Fragment::readStandardDescriptors: impossible combination UnwindStructure::Fragment::writeStandardDescriptors: undefined action = ... vector::_M_insert_aux vector::_M_fill_insert vector::_M_range_insert ... java Class for ... java resource ...
I was really surprised of two last lines. What do they do in executable ELF file for ARM architecture?
Does it mean that executable uses Java in some way or these strings have some other purpose?
I guess, that with help of this "string-information" it is possible to detect what libraries were used to link this file. It is very important, because in this case
I can use IDA FLIRT and FLAIR tools to separate the library functions from regular functions even when the file has no symbolic information.
What else It is possible to get from all these strings? Any ideas? It would be interesting to hear somebody's experience.
Another question is :
libc.a = standart C library
What static file corresponds to standart C++ library?
As far, as I understood, executable uses STL (STL is a part of a standart C++ library, as far as I know), may be boost-library or something other.
Is the way to detect the static or dynamic library by the name of functions, or variables, or header files (any string information from executable file).
Any help would be appreciated.
With best regards, Cristianu!