0

I have binary for example https://github.com/andrew-d/static-binaries/blob/master/binaries/linux/x86_64/nmap

1) How to find what is the address of this series of bytes :48 8B 45 A8 48 8D 1C 02 48 8B 45 C8 ? , the result need to be 0x6B0C67

2)How to find out the 12 bytes that in address 0x6B0C67 ? the result need to be 48 8B 45 A8 48 8D 1C 02 48 8B 45 C8 .

3) How to find which address call to specific string? for example i + 1 == features[i].index that locate in 0x6FC272 ? the result need to be 0x4022F6

How can I find all of this without open Ida? only with python/c code?

thanks

Improve this question

1 Answer 1

Reset to default
1

For 1) Is your file small enough to be loaded into memory? Then it's as simple as 

offset = open(file, 'rb').read().find(
    bytes.fromhex("48 8B 45 A8 48 8D 1C 02 48 8B 45 C8")
)

# offset will be -1 if not found

If not, you will need to read it in chunks.

For 2), do 

with open(file, 'rb') as stream:
   stream.seek(0x6b0c67)
   data = stream.read(12)

I'm afraid I don't understand the question in 3)...

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

The question seems to be asking about a linux executable file, which should definitely be small enough to be loaded into memory.
@ChristophBurschka 1+2 not work, you guese that binary starting from offset 0x0,, that not correct, Ida load it from another offset ,
Could you expand on what lda does and what is the relationship between file offsets and "addresses"? It sounds like you need some more advanced disassembly tools beyond just reading the raw bytes of the file?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.