ELF binaries are intimidating, Any tips?

So, I consider myself a confident C programmer. So pointers, don’t scare me, I know the basics of computer architecture and theory, binary,registers,memory etc. etc. However I’ve always been interested in how a virus works. And just low level programming in general. I’ve been going through a book ‘Learning Linux Binary Analysis’. And it’s really interesting. There’s a lot of information to absorb, especially chapter 2. However i feel like I’m understanding everything so far. And realizing how executable files are an amazing feat in engineering, and It’s igniting my passion to learn more.

However Going through the book I realize I have a long way to go, like long way… It’s quite intimidating. Like i need to brush up on hexadecimal, as it’s everywhere. I know it’s important to do projects, the only thing I’ve created is a basic ELF parser, and looking into injection based patching, which the theory seems straight forward enough…

I have a few questions:

1.what was your humble beginnings like getting into learning about ELF binaries?

2.How did you go about learning and absorbing all the information?

3.How long did it take you to feel confident and competent with knowing ur way around binaries and messing around with binaries?

  1. Any other advice?
1 Like

Helloes, This is very honest and I like it. I wish I could help as I am a Windows user myself but when I first started with Windows the PE File Format scared the living heck out of me.

It’s a convoluted piece of work… but what helped me is to print a copy of it onto my desk and learn it to the point where I know how every major structure in it operates. Also since processes injection and Hooking deals a lot of the File Header you might benefit from learning how to make these.

I hope this kinda helped :slight_smile:

Always remember that these things take time and eventually you’ll look at the ELF file format for so long you’d just memorize it haha!

Come visit us at the public discord channel, there is a channel dedicated to *nix and its very active.

5 Likes

Hi @digitalXmage,

When I got started with ELF I was already familiar with binary files… mostly image formats. Those are way simpler, but you get use to deal with fields of specific sizes, flags and so on. So, for ELF I just read a couple of tutorials and then jumped into the spec… It is smaller/simpler, than you may think (compared to other specifications out there) . I do not think that would help you.

I’d say you start with simpler tutorials (compared to the book you mentioned that is great by the way). Have you read this? It may help. There are a lot of information about ELF in the site. Use the search box :wink:

Also, use the available tools (readelf, elfsh,…) … don’t look at hex directly… that can burn your eyes :slight_smile:… jk. Use the tools that is easier and eventually those hex values will just got stuck in your head.

I believe that what you are doing (a simple parser and looking into injection) is perfect. Just keep that path, and whenever you find something that you do not understand… try to find out what is going on first by yourself (you learn a lot more that way) and if that doesn’t work then ask here. In no time you will manage to solve your doubts by yourself (as far as you want to put the required effort in)

Also @Danus message gives a very good advice . There is no magic recipe, it just takes time and effort.

5 Likes

Thanks man :slight_smile: will do. Thanks for sharing. It’s been insightful.

Thank you for sharing. Really useful information. And the links you’ve provided have really started to clear a few things up already. Thanks.