3

I am new to reverse engineering and after some research, I haven't found a clear way to do what I want to do.

I have an ELF file, but not the original source code that generated it. It is really simple and just prints some numbers. I wanted to make a small change in the range of numbers it prints. I have disassembled it and figured out where the change must be made, but I am not sure how to make this change.

Is there a way to edit disassembled code and still generate an executable file? Or should I figure out where in the hex file is the corresponding information that I want to change and use a hex editor?

Improve this question
0

1 Answer 1

Reset to default
6

Since no details about the binary are provided in the question, only a general answer can be given. It sounds like you are trying to statically modify an executable ELF binary. This is also referred to as patching. This is different from dynamic modification, or program runtime instrumentation.

Tools and Examples

Tools that can be used for patching include gdb, radare2, the ERESI suite, xxd and hexedit.

Radare2

Patch a elf binary in linux with radare2

Tutorial 1 - Simple Patch

fixing bugs in binaries using r2

GDB

Use gdb to Modify Binary

Using GDB to modify an executable

xxd

Doing a Reverse Hex Dump

hexedit

Modifying Linux ELF Binaries - Changing Callq Addresses

Similar questions:

How can I change the values in esp?

How do I add functionality to an existing binary executable?

What are the available libraries to statically modify ELF executables?

Improve this answer
1
  • 1
    Thanks! That was a great and complete answer. Turns out that what I needed was really simple. I used objdump to check the hex of the things that I needed to change and edited them using hexedit. But your answer will help me study more advanced techniques.
    – franchzilla
    Commented Mar 28, 2017 at 21:48

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.