Menu
I have a ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), which is also stripped, and I want to explore it. Does anyone know how to decompile such a file?
710
you can use readelf and objdump to read parts of an elf file. You can also use 'hexdump filename' to get a hexdump of the contents of a binary file (this is likely only useful if you like reading machine code or you are writing an assembler).
“LSB” here stands for “least-significant byte” (first), as opposed to “MSB”, “most-significant byte”. It means that the binary is little-endian. file determines this from the sixth byte of the ELF header.
An ELF file consists of zero or more segments, and describe how to create a process/memory image for runtime execution. When the kernel sees these segments, it uses them to map them into virtual address space, using the mmap(2) system call. In other words, it converts predefined instructions into a memory image.
ELF is the standard binary format on operating systems such as Linux. Some of the capabilities of ELF are dynamic linking, dynamic loading, imposing run-time control on a program, and an improved method for creating shared libraries.
IDA plus Hex-Rays decompiler can decompile (to pseudo-C code) most of 32-bit x86 code, including Linux ELF files.
Disclaimer: I work for Hex-Rays.
50
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
