Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Finding strings in the text section

Tags:

c

gcc

I have as example the following code:

Foo( "Test1" );

void Foo(const char* const i_Test )
{
     // Some logic
}

The i_Test pointer in Foo() hold a pointer to the string in the .rodata section.

Is there any way to search the i_Text pointer value in the binary file to find the related String? Or can I produce any debug info using the gcc that will hold that info?

like image 916
Yoav Avatar asked Apr 29 '15 06:04

Yoav

2 Answers

If you are talking about the ELF file format, constant strings are stored in the .rodata (read-only-data) section. Basically, only instructions (code) of your program are stored in the .text section in that binary file. You can investigate these sections by using an object dump program (e.g. objdump) like the following:

objdump -drS program.o           // to see .text section of your program

objdump -s -j .rodata program.o  // to see .rodata section of your program

In your example code above, the "Test1" string that you are passing to your Foo function will be treated as a constant string by the compiler. Thus, you can find its relative memory address before the loading stage and the i_Test pointer will be pointing to this constant string. However, if you have compiled your code as position independent (by using the -fPIC option in gcc), you may also find that the compiler will add a writable attribute to that read-only .rodata section. Furthermore, you may also use the readelf binary utility to display detailed information about the sections of your ELF formatted object file.

More information about the ELF file format can be found here

like image 176
Unavailable Avatar answered Sep 29 '22 14:09

Unavailable

Actually, constant strings are not kept in the .text section, but in the .rodata section.

In order to see all your constant strings, you can run:

readelf -S ./[your binary file]

Note the section number for the .rodata section from the output above

readelf -p [.rodata section number you got before] ./[your binary name]

What this command does is print all strings inside a section, since the strings are constant data, you'll get all the strings in the file. You can also alter these strings by calculating the .rodata section address and the offset within it, but I find it much easier to open a hex editor, look for the string and manipulate it (assuming I'm not changing to a longer string)

EDIT

You can use readelf -p .rodata directly instead of providing the section number

like image 28
Ishay Peled Avatar answered Sep 29 '22 13:09

Ishay Peled
Sign in to Comment

Related questions

Move text cursor to particular screen coordinate?
KMALLOC size allocation
Printing string in hex? [closed]
Does float always auto-convert to double when multiplying mixed data types?
How to look up sine of different frequencies from a fixed sized lookup table?
What does a C cast really do?
c/c++ - safest way to send time_t over socket
initialize static char const *somevar
valgrind Conditional jump or move depends on uninitialised value(s) , does this indicate memory leak?
Calculate inverse of a function--Library [closed]
Why is the fgets function deprecated?
Identify the platform linux or windows using C/C++ code [duplicate]
Compiling program containing extern "C"
Passing matrix as a parameter in function
Floating point error in while loop in C++
C socket get IP address from filedescriptor returned from accept
Sorting an array of struct pointers using qsort
clustering image segments in opencv
redirection of ./a.out is not capturing segmentation fault
libuv allocated memory buffers re-use techniques

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!