I have 2 packed shared libraries, the second one is probably dependent on first one.
The first one is packed with UPX, and the unpacking code is in .init_proc. I have tried attaching a debugger and dumping the application in .init_proc, but i cant get to it while debugging. It just skips to the EP. And segfaults. Which is very strange. It is being loaded using LD_PRELOAD.
Anoter executable has the unpacking code in the EP, but it is unknown which packer have been used to pack it. This library segfaults when i try to load it too. Also, both are prooven to work on another machine.
So my question is, is there any guide to unpacking ELF executables or anything like that?
Asked by Mikel Frejie
(1 rep)
Nov 25, 2020, 05:41 PM