反汇编由 msfvenom 创建的 elf 文件

逆向工程 拆卸 转储
2021-06-25 00:45:31

elf用这个命令创建:(Dowanlod 文件- 是 elf32)

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=5150 -f elf  -o ./rt

它运行良好,我想拆卸它但不起作用:

$ file ./rt
./rt: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, corrupted section header size

$ objdump -D ./rt

./rt:     file format elf32-i386

$ objdump -d ./rt

./rt:     file format elf32-i386

$ readelf -a ./rt
ELF Header:
  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF32
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Intel 80386
  Version:                           0x1
  Entry point address:               0x8048054
  Start of program headers:          52 (bytes into file)
  Start of section headers:          0 (bytes into file)
  Flags:                             0x0
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         1
  Size of section headers:           0 (bytes)
  Number of section headers:         0
  Section header string table index: 0

There are no sections in this file.

There are no sections to group in this file.

Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  LOAD           0x000000 0x08048000 0x08048000 0x0009b 0x000e2 RWE 0x1000

There is no dynamic section in this file.

There are no relocations in this file.

There are no unwind sections in this file.

No version information found in this file.

如何拆卸它?

1个回答

使用支持没有节的 ELF 文件的反汇编程序(objdump基于无法处理无节 ELF 的BFD 库)。

或者,将其反汇编为纯二进制,而不是 ELF ( objdump -b binary -m i386 -D file.elf),但在这种情况下,您必须自己区分代码和数据。

其它你可能感兴趣的问题
上一篇不在函数中。在此处输入“df”来定义它 下一篇Frida 操作参数 - Android