I do not have zero knowledge about how the ELF format works or how to access its headers and data through code, however I need to check if the ELF compressed (packed) binary file was with UPX for Linux.
Checking the binary with. stringsI saw a line UPX!, so I think I can use it. Hexediting the binary shows a string for a position in binary format. I can consider it part of one of the ELF headers (please correct me if I am wrong). This is a dump:
00000000 .ELF........................4...
00000020 ........4. ...(.................
00000040 ........................@...@...
00000060 @.....................[.UPX!....
00000080 ............T............?d..ELF
I don't know if this looks good, sorry.
Does anyone know how to detect UPX on Linux? If not, how to access the headers and get the string UPX!(header name?)?
I looked at the UPX source code, but it's all C ++, I'm looking for code for this in C, and it's really hard to execute.
Thanks, any help is appreciated.
EDIT: About generosity. They answer, they must give a good example that works, since I tried different approaches, and they do not always work, as an example below.
Thanks you
source
share