False error report for IoT Malware #1402

lion10 · 2023-03-25T05:16:35Z

Description

I have an IoT malware sample that targets i386 Linux systems. The sample's hash value is 0a1a8ca1ce27a04bf9618fe0f6bc94e6. I ran the sample through capa, but it gave a false error report. Capa is supposed to support Linux, so I'm wondering why the error occurred.

Steps to Reproduce

capa -r rules/ -v 0a1a8ca1ce27a04bf9618fe0f6bc94e6

Expected behavior:

The file should have a specific capability, such as being packed with UPX.

Actual behavior:

Versions

Additional Information

These are yara rules identify the capabilities of Linux Malware. anti-analysis

williballenthin · 2023-03-26T09:01:38Z

readelf for the input file:

readelf -a 677af86345498bb922bf039612027c313b033430f26dd7dc40cd89a70c148350 ELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: Advanced Micro Devices X86-64 Version: 0x1 Entry point address: 0x1078b8 Start of program headers: 64 (bytes into file) Start of section headers: 0 (bytes into file) Flags: 0x0 Size of this header: 64 (bytes) Size of program headers: 56 (bytes) Number of program headers: 3 Size of section headers: 64 (bytes) Number of section headers: 0 (64) Section header string table index: 0 readelf: Warning: Section 1 has an out of range sh_link value of 35316 readelf: Warning: Section 2 has an out of range sh_link value of 4096 readelf: Warning: Section 3 has an out of range sh_link value of 2690402161 readelf: Warning: Section 4 has an out of range sh_link value of 3664425689 readelf: Warning: Section 5 has an out of range sh_link value of 402653513 readelf: Warning: Section 6 has an out of range sh_link value of 655040459 readelf: Warning: Section 6 has an out of range sh_info value of 2900630327 readelf: Warning: Section 7 has an out of range sh_link value of 3859355277 readelf: Warning: Section 8 has an out of range sh_link value of 2955187667 readelf: Warning: Section 8 has an out of range sh_info value of 4249781182 readelf: Warning: Section 9 has an out of range sh_link value of 1167071865 readelf: Warning: Section 9 has an out of range sh_info value of 2260283467 readelf: Warning: Section 10 has an out of range sh_link value of 2194248428 readelf: Warning: Section 10 has an out of range sh_info value of 2174007906 readelf: Warning: Section 11 has an out of range sh_link value of 1824668075 readelf: Warning: Section 11 has an out of range sh_info value of 51518637 readelf: Warning: Section 12 has an out of range sh_link value of 1271563492 readelf: Warning: Section 13 has an out of range sh_link value of 858802080 readelf: Warning: Section 14 has an out of range sh_link value of 1928825447 readelf: Warning: Section 14 has an out of range sh_info value of 341828575 readelf: Warning: Section 15 has an out of range sh_link value of 4131397949 readelf: Warning: Section 15 has an out of range sh_info value of 1207491955 readelf: Warning: Section 16 has an out of range sh_link value of 1861659953 readelf: Warning: Section 17 has an out of range sh_link value of 2346387413 readelf: Warning: Section 17 has an out of range sh_info value of 4003148455 readelf: Warning: Section 18 has an out of range sh_link value of 3512625301 readelf: Warning: Section 18 has an out of range sh_info value of 3601188898 readelf: Warning: Section 19 has an out of range sh_link value of 1316465299 readelf: Warning: Section 19 has an out of range sh_info value of 1554546411 readelf: Warning: Section 20 has an out of range sh_link value of 3330241829 readelf: Warning: Section 20 has an out of range sh_info value of 181360349 readelf: Warning: Section 21 has an out of range sh_link value of 2068090310 readelf: Warning: Section 22 has an out of range sh_link value of 3041250821 readelf: Warning: Section 23 has an out of range sh_link value of 4202820309 readelf: Warning: Section 24 has an out of range sh_link value of 750376870 readelf: Warning: Section 25 has an out of range sh_link value of 298136863 readelf: Warning: Section 26 has an out of range sh_link value of 1810420453 readelf: Warning: Section 26 has an out of range sh_info value of 3791290488 readelf: Warning: Section 27 has an out of range sh_link value of 1650520662 readelf: Warning: Section 27 has an out of range sh_info value of 132284865 readelf: Warning: Section 28 has an out of range sh_link value of 1362291558 readelf: Warning: Section 28 has an out of range sh_info value of 2109541561 readelf: Warning: Section 29 has an out of range sh_link value of 1136030517 readelf: Warning: Section 29 has an out of range sh_info value of 2179792165 readelf: Warning: Section 30 has an out of range sh_link value of 2864118859 readelf: Warning: Section 30 has an out of range sh_info value of 2391974129 readelf: Warning: Section 31 has an out of range sh_link value of 3051757111 readelf: Warning: Section 31 has an out of range sh_info value of 1630849670 readelf: Warning: Section 32 has an out of range sh_link value of 1307566630 readelf: Warning: Section 33 has an out of range sh_link value of 1566613909 readelf: Warning: Section 34 has an out of range sh_link value of 3335171648 readelf: Warning: Section 34 has an out of range sh_info value of 3743311620 readelf: Warning: Section 35 has an out of range sh_link value of 390473681 readelf: Warning: Section 36 has an out of range sh_link value of 2990471035 readelf: Warning: Section 37 has an out of range sh_link value of 1900312966 readelf: Warning: Section 37 has an out of range sh_info value of 1063476612 readelf: Warning: Section 38 has an out of range sh_link value of 1130863239 readelf: Warning: Section 38 has an out of range sh_info value of 3750657381 readelf: Warning: Section 39 has an out of range sh_link value of 1625056560 readelf: Warning: Section 39 has an out of range sh_info value of 2664132399 readelf: Warning: Section 40 has an out of range sh_link value of 1659232576 readelf: Warning: Section 40 has an out of range sh_info value of 150014255 readelf: Warning: Section 41 has an out of range sh_link value of 816390592 readelf: Warning: Section 42 has an out of range sh_link value of 3123577714 readelf: Warning: Section 43 has an out of range sh_link value of 759773024 readelf: Warning: Section 43 has an out of range sh_info value of 1961424870 readelf: Warning: Section 44 has an out of range sh_link value of 3051001694 readelf: Warning: Section 44 has an out of range sh_info value of 4161035276 readelf: Warning: Section 45 has an out of range sh_link value of 2252698922 readelf: Warning: Section 46 has an out of range sh_link value of 899029099 readelf: Warning: Section 46 has an out of range sh_info value of 2277552764 readelf: Warning: Section 47 has an out of range sh_link value of 1507422589 readelf: Warning: Section 48 has an out of range sh_link value of 3253992830 readelf: Warning: Section 48 has an out of range sh_info value of 1059216683 readelf: Warning: Section 49 has an out of range sh_link value of 3113335684 readelf: Warning: Section 50 has an out of range sh_link value of 3184936145 readelf: Warning: Section 50 has an out of range sh_info value of 3704378892 readelf: Warning: Section 51 has an out of range sh_link value of 2166079142 readelf: Warning: Section 52 has an out of range sh_link value of 956155412 readelf: Warning: Section 52 has an out of range sh_info value of 810604699 readelf: Warning: Section 53 has an out of range sh_link value of 1829392346 readelf: Warning: Section 53 has an out of range sh_info value of 4184108334 readelf: Warning: Section 54 has an out of range sh_link value of 4105186470 readelf: Warning: Section 55 has an out of range sh_link value of 33614202 readelf: Warning: Section 55 has an out of range sh_info value of 2455073876 readelf: Warning: Section 56 has an out of range sh_link value of 513758728 readelf: Warning: Section 57 has an out of range sh_link value of 2175892253 readelf: Warning: Section 58 has an out of range sh_link value of 2623492457 readelf: Warning: Section 59 has an out of range sh_link value of 1545094920 readelf: Warning: Section 60 has an out of range sh_link value of 1563267508 readelf: Warning: Section 60 has an out of range sh_info value of 3249196638 readelf: Warning: Section 61 has an out of range sh_link value of 69866420 readelf: Warning: Section 61 has an out of range sh_info value of 1424884424 readelf: Warning: Section 62 has an out of range sh_link value of 4250140222 readelf: Warning: Section 62 has an out of range sh_info value of 3131437143 readelf: Warning: Section 63 has an out of range sh_link value of 2109702334

Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] 00010102: <unkn 00000001003e0002 001078b8
0000000000000040 0000000000400003 0 0 15762873573703680
readelf: Warning: [ 1]: Link field (35316) should index a symtab section.
[ 1] HASH 0000000000100000 00100000
00000000000089f4 0000000600000001 35316 0 1048576
readelf: Warning: [ 2]: Expected link to another section in info field [ 2] NULL 0000000000518870 00000000
0000000000000000 0000000000000000 MSICxxo 4096 0 27455186257
readelf: Warning: [ 3]: Unexpected value (559435861) in info field.
[ 3] NULL 0000000000000000 00000000
0000000000000008 0001963c0001963c 2690402161 559435861 369955140
readelf: Warning: [ 4]: Unexpected value (2191292062) in info field.
readelf: Warning: Size of section 4 is larger than the entire file!
[ 4] 00000053: <unkn 6dfb194b8f6bd091 4e5f3485e3d65ac5
0c0e559f8b056704 8610a27f857b44af AXxxxxxxxxxxx 3664425689 2191292062 6024487361807943261
[ 5] LOUSER+0x555373 a20e34b47b750ad6 f093a30ccc17d77f
0e00007587000113 163ae64c5fc78754 WALTxxxxxxop 402653513 556007427 15923852313346067426
readelf: Warning: [ 6]: Expected link to another section in info field [ 6] LOUSER+0x326c71 f34216dec6d838b6 d74356bdfae316a5
2706f18dad0a153e 26d3ef37ec8295f5 WxMITxxxxoExxxxxxxxxxxxxxxxxxxx 655040459 2900630327 3390101785409595816
[ 7] LOUSER+0x39eef3 1e0edcdd56b28fae e086f924e86c80c0
d38e57e6d0884e5e ec301637b7f99721 AMSLxxxxxoExxxxxxxxxxxxxxxxxx 3859355277 12321035 11893733287425729440
readelf: Warning: [ 8]: Expected link to another section in info field [ 8] LOUSER+0x3579c9 7fbf7d1baabd3b4c fd042b0a3777ddba
dc0aac5699ed1078 19d7146133b24f92 WXxIOGCxxxxolp 2955187667 4249781182 11025911331164016859
readelf: Warning: [ 9]: Expected link to another section in info fieldreadelf: Warning: Size of section 9 is larger than the entire file!
[ 9] 301c0628: <unkn 3aa05247b8889c3e 23c940c90cb89f4d
1dfa62ebc20044a4 440dea31f3f9c557 WXxMILOGTxxxxolp 1167071865 2260283467 4922288514830653817
readelf: Warning: [10]: Expected link to another section in info fieldreadelf: Warning: Size of section 10 is larger than the entire file!
[10] 38f6d91d: <unkn b041e766c95bb457 3afb67787bd85d78
9ffca7f9608ff60c db96e4ff80a7ef68 WAXMSIOxxxxxoExxxxxxxxxxxxxxxxx 2194248428 2174007906 10088879649394606712
readelf: Warning: [11]: Expected link to another section in info field [11] LOUSER+0x60feaa 9957880707ae535c 2a65fc725a1050cb
24e0933d0e80f10c d347192e76d931d9 AxIGxxxxxolxxxxxxxxxxxxxxxxx 1824668075 51518637 15169316249212664288
readelf: Warning: [12]: Unexpected value (4181919163) in info field.
readelf: Warning: Size of section 12 is larger than the entire file!
[12] 22f4bc20: <unkn dd236d684ec338cf d445871cca73cb55
58f7524f6bf0e0f0 09f0bb6db60132f6 WMLOxxxxxolp 1271563492 4181919163 6835208919072993804
[13] LOUSER+0x367dfc 71f3b74cb7630129 978a885341468c70
22a7a1ec4ce7cab7 d47e158cb3c2eef7 WAXxLGCxxxxolp 858802080 2195035715 13791818222307172937
readelf: Warning: [14]: Expected link to another section in info field [14] LOUSER+0x57a23e e723126bbe1dd46b c8eda552afdacd9
434e4313f6e0310b 635f8dfac8e4779e AXxSILGTxxolp 1928825447 341828575 7042848645786978690
readelf: Warning: [15]: Expected link to another section in info field [15] LOUSER+0x70d6f5 645b4ad68af002fe 5747ddb8613d2f30
7c76356fb860e550 c926510dc74c33ab AXxSIGTCxxxxolp 4131397949 1207491955 16202880884502178167
[16] LOUSER+0x782652 7e06e8e101fa105f 4cf2068cc1a6c91
aeb65de18cabf76f 1351712eaba4a465 WxMSOGCxxxxoExxxxxxxxxxxxxxxx 1861659953 1573550718 280399851681323259
readelf: Warning: [17]: Expected link to another section in info fieldreadelf: Warning: Size of section 17 is larger than the entire file!
[17] 33471604: <unkn 3c244f47ae39ab92 2492be612aefec85
43dc84bf4d699052 9e8bf8615ab579bd AXxMIOTCxxxxxxxolxxxxxxxxxxxxxxx 2346387413 4003148455 10963213291385393768
readelf: Warning: [18]: Expected link to another section in info fieldreadelf: Warning: Size of section 18 is larger than the entire file!
[18] 13c36c55: <unkn 526fca2742e3b7d3 de6f6b3fb7e720e8
8f42b71aab82ae1d c49a9f6853131f62 WAXxMILOGCxxxxolxxxxxxxxxxxxxxxxxxxxxx 3512625301 3601188898 8506544561382823453
readelf: Warning: [19]: Expected link to another section in info field [19] LOUSER+0x7f9887 d7f42e7edecda8b4 3656110b872b26fc
3edf3686e1d2f1ac 2a3b84a4c746414e AXxMILGCxxxxxop 1316465299 1554546411 4716845646574840030
readelf: Warning: [20]: Expected link to another section in info fieldreadelf: Warning: Size of section 20 is larger than the entire file!
[20] 4637b3d1: <unkn 2ab339454dcfe299 8f1eca649e388020
050c7b237a2975c7 9490b1230ac5c571 AXxMSILGTCxxolp 3330241829 181360349 4504680814883034110
[21] LOUSER+0x545249 6f8a22cbcf7e9a4f b5d042fac1145727
38ffcba7d60211d3 bbbad37cff91110f WXxOCxxxolp 2068090310 2517608080 2324892883125549823
readelf: Warning: Size of section 22 is larger than the entire file!
[22] 4aa8421b: <unkn d4b05b171b38961c f803a5da65e0757c
b21243933492fb6f 6039e0b06fa298af XMSTCxxxxolp 3041250821 3875062057 12262298291173249565
[23] LOUSER+0x111629 2f3992f834d64736 655ef140ee7217cf
205b3827a375da6f b4b2dc0caa729464 xMSOTCxxxxop 4202820309 3915141544 16666089276627639034
[24] LOUSER+0x23834c 8e64dcd9e0878016 6086b89acc913610
b1a156a4c7f9ae69 a2c49a30a1e69ae4 WXSLOGCxxolp 750376870 3883511760 2142906679179272091
readelf: Warning: Size of section 25 is larger than the entire file!
[25] 10ef5545: <unkn 495aadfd10167749 95f80d79791e4aee
1a7da589d283f8a8 871d5e0589bc37a9 AXSOGTCxxxxxolp 298136863 74987137 13064044743657300729
readelf: Warning: [26]: Expected link to another section in info field [26] LOOS+0xe32175d b4875d3d7c4696e8 59ab9ffa3bddba65
e94646ae54968232 95fd98c89dbc4be0 AXMSILGTCxxxoExxxxxxxxxxxx 1810420453 3791290488 3994616694649647461
readelf: Warning: [27]: Expected link to another section in info field [27] LOPROC+0xc10dcc 87a1e65e2d255a7b 168bee98afbfa89b
1fdd32ad739170c8 cebf3c0011582d24 AxSILGxxxop 1650520662 132284865 4876973166761417484
readelf: Warning: [28]: Expected link to another section in info field [28] LOUSER+0x48c72a 21c145cac9a05911 72897740660c9004
221b10c6c9dccb66 8ffd4d9d7d2f0a6f WAXxIOCxxxxxop 1362291558 2109541561 7215939217741070639
readelf: Warning: [29]: Expected link to another section in info fieldreadelf: Warning: Size of section 29 is larger than the entire file!
[29] 27a1f024: <unkn fb3b502dbf9624cd 6891ed601ab17fa3
642c313ec3a2d044 763fa9c16d390508 XxILCxxxxolp 1136030517 2179792165 355192385226655180
readelf: Warning: [30]: Expected link to another section in info fieldreadelf: Warning: Size of section 30 is larger than the entire file!
[30] 1161a5ec: <unkn 7832055312e8613c 4ba7553aa707101a
d693bf7b38b51213 d885f5b5ebb822cf xSILGTxxxxolp 2864118859 2391974129 5887301140897701829
readelf: Warning: [31]: Expected link to another section in info field [31] LOOS+0x9c39314 c5e049dbfde30283 4b153fdcb36e399b
0e6da2ee4aca7c3f f74373b785f34fcd WMSIGCxxxxolxxxxxxxxxxxxxxxx 3051757111 1630849670 16247091884743910502
readelf: Warning: Size of section 32 is larger than the entire file!
[32] 5aea991f: <unkn ebb64bca630bf245 46094590cfbd836
fe36930f224857eb 9d300eac545eecdf WxLTxxxxolp 1307566630 255991319 1863254084915087904
readelf: Warning: [33]: Unexpected value (3289370060) in info field.
readelf: Warning: Size of section 33 is larger than the entire file!
[33] 262fb8bf: <unkn 7ec3694cf31a1715 dcb2f6988ad5d0ee
a123df1252cfb3c0 4b55ef6edae01aaa WMSLOGTCxxxxxxolExxxxxxxxxxxxxxxxxxxxxxx 1566613909 3289370060 9113910671081832958
readelf: Warning: [34]: Expected link to another section in info field [34] LOUSER+0x1dac88 44e2cdceb8e6e415 bd11418ee4ccd61d
eb06b684c2e14f86 10e22314394e524c AxMSICxxxxop 3335171648 3743311620 10679818691983301765
[35] LOUSER+0x16c537 f28ec4f75880f299 5d3ba5c3f3d10dc3
f0133a7844dacc8a 932543b29b253dca XSLOGTxxxxxolExxxxxxxxxxxxxxxxxx 390473681 4028967385 3418108175516614388
[36] LOUSER+0x252905 962ccf17d9654fa8 cbef2bd7aa457d70
6e9d60cbf9b47c29 7a1d29627ff55b83 XMSLOTCxxop 2990471035 3073101900 3934349759804916989
readelf: Warning: [37]: Expected link to another section in info fieldreadelf: Warning: Size of section 37 is larger than the entire file!
[37] 4cd2cacf: <unkn bbc573ad06d9d482 257f3c9a8282a91d
cc79f2915be3652f fc448fb47e1c7444 WMSILOCxxxxop 1900312966 1063476612 12767073090139310276
readelf: Warning: [38]: Expected link to another section in info field [38] LOPROC+0x63622a ee7acba08803bee0 df16f03e4be403ed
e481b07baaaadb48 dc81d6bd6e3e61b8 AXxMIOxxxolp 1130863239 3750657381 14487935283399326453
readelf: Warning: [39]: Expected link to another section in info field [39] LOUSER+0x633b07 3ea7925fdd6a500d d9a1fac738efe756
1578eeea70f38814 40291ef244504744 xMSILOGxxxolp 1625056560 2664132399 17853706460285050732
readelf: Warning: [40]: Expected link to another section in info field [40] LOOS+0x712b621 c2429955d7c92428 b38866436e459fd0
bf799d9e6e97a24b 5c1a64ecb20eca05 WAXMSILOGTxxoxxxxxxxxxxxx 1659232576 150014255 5352659422940816152
[41] LOUSER+0x52aea0 0fb095c8763dbbb2 45d8b0bb14e8961e
efd3e96e31c089b1 da46937f2ba01153 ASLGCxxxolxxxxxxxxxxxxxxxx 816390592 1031118041 12795451226667803186
readelf: Warning: Size of section 42 is larger than the entire file!
[42] 5745dc82: <unkn d66d7da88878e60f 255e49177fe37079
1be0d16828122354 c131d73c912064fd WAXxLOTCxxxolp 3123577714 1313039137 16809519599038489149
readelf: Warning: [43]: Expected link to another section in info field [43] LOPROC+0xd8b9e5 0f5f1e6ee6daacc9 7872d9a30f4ecdfe
ea040e06c1e19de4 eafa6f8418b82c6d WxIOTCxolExxxxxxxxxxxxxxxxx 759773024 1961424870 17428003075651735913
readelf: Warning: [44]: Expected link to another section in info fieldreadelf: Warning: Size of section 44 is larger than the entire file!
[44] 45fb6f5d: <unkn d2b1f183f42f037c 7f584ea79bc6a747
fc31b1516978ef78 38f4f5fbc0dbb23d AXIOTxxop 3051001694 4161035276 1543927554420511109
readelf: Warning: [45]: Unexpected value (1240022522) in info field.
readelf: Warning: Size of section 45 is larger than the entire file!
[45] 36778366: <unkn 6a04e859f46403f7 c121c41d54ad1541
54ddb618bca2187b 3d80b997a35cb09f WXxxxxolp 2252698922 1240022522 6438169794782436217
readelf: Warning: [46]: Expected link to another section in info fieldreadelf: Warning: Size of section 46 is larger than the entire file!
[46] 1fa33ea6: <unkn 49e761a34f8417fc f33f38c31db577f
42034bc5675385b5 a5a0c7c2ebcca576 WAXIOGCxxxxxxoxxxxxxxxxxxxxxxxxxx 899029099 2277552764 15949412887011269817
[47] LOUSER+0x46e117 458b32897cbf46b9 569c6aca4ccd5451
6e0333cc90121369 72ea16f75d9b5507 WAXxLTCxxxxolExxxxxxxxxxxx 1507422589 826456321 4581972372859932625
readelf: Warning: [48]: Expected link to another section in info field [48] LOUSER+0x250eaf a69daa3e57c0b554 8ab4fd39ec5a9f96
ea896ba722221203 c42006e5352ebd0f AxMILOTCxxxxxolp 3253992830 1059216683 14565969485227205392
readelf: Warning: Size of section 49 is larger than the entire file!
[49] 2a79a40a: <unkn 58df4d65e43f83ff d4e44ced46a2c0a9
8e4eb441d3ca2c52 c6425f70a22fcb2d WxMSGTxxxop 3113335684 3747291857 12166634802538703803
readelf: Warning: [50]: Expected link to another section in info field [50] LOPROC+0x8c2113 5ed6ac95606a159e 2bb97516d67fcbfb
e9a211503f4da319 a4539a3d3b54be4f WITCxxxxxop 3184936145 3704378892 11726793411803609452
[51] LOUSER+0x201c12 aab8582ccd8a7873 a229479e74379cbe
c68fc0459a70cf87 f0b804e3a0ad5378 AXMOGxxop 2166079142 4282180400 12555327269187927795
readelf: Warning: [52]: Expected link to another section in info field [52] LOUSER+0x277350 0288b528532e7113 a62708358a60204
1ab13a1b1d3875b0 08b28269faf53cba xILOGTCxxxxxxop 956155412 810604699 12777408631990945297
readelf: Warning: [53]: Expected link to another section in info fieldreadelf: Warning: Size of section 53 is larger than the entire file!
[53] 468336da: <unkn 5b7da33a9a203cb0 c02220c7a70f543c
f4ee56ec153eac59 7ee202c0f7a788e4 xMSILOxxxxxxxolp 1829392346 4184108334 14388227330685606235
[54] LOUSER+0x578026 13f229d24c03886f 651235c0fd4c6266
e6bbcbe4be5d0627 163470b652f44118 WAXxMOxxxxop 4105186470 292210837 13255347038239636411
readelf: Warning: [55]: Expected link to another section in info field [55] LOUSER+0x773d7c 65a26f458f7e895c fc069d5b57aece55
22ef1743ab2d39b1 a5e4ea7db070a868 SIGTCxxxxxxop 33614202 2455073876 12269805907370343128
readelf: Warning: [56]: Unexpected value (1316354858) in info field.
readelf: Warning: Size of section 56 is larger than the entire file!
[56] 4498edc6: <unkn 7f197d2031cb2bab e5196ca33d72e208
ab912b6ff447fe6f f0daca56a3604dd4 AXMLOGTCxxxxolxxxxxxxxxx 513758728 1316354858 5715170998719101871
readelf: Warning: Size of section 57 is larger than the entire file!
[57] 3c6f9aa3: <unkn 633f925067f1ac13 7ccc168a2fa20826
bf60f85a282341d0 3f37bf0e9e459e6f WMLGxxxxop 2175892253 3974876408 6052443072589500037
[58] LOOS+0x54bc9ff 8bb2a1d2ddb4200b bc8bf691370dbde5
7c151625b427d05f d248a90818133d23 AXMGCxxolp 2623492457 3206399471 14312401372222729475
readelf: Warning: Size of section 59 is larger than the entire file!
[59] 21cc20fb: <unkn cf053a33ff00bfd7 d24180df2a621a71
7412ff9925799e5b 23c45b036ae1bc8c OGxxolp 1545094920 4001589097 16378089097682658211
readelf: Warning: [60]: Expected link to another section in info field [60] LOUSER+0x3257fb a9b2ef5777293ab1 95aaa209691fcf9a
e53e4a4b7ea03ec6 fc7aba914309ff99 WXILOCxxxxxxxolp 1563267508 3249196638 4101271893756483564
readelf: Warning: [61]: Expected link to another section in info fieldreadelf: Warning: Size of section 61 is larger than the entire file!
[61] 5e14dd64: <unkn fecb5abbfe48c5f3 443c8e0e9c7de2ed
f24a13433c163a4e 151ad7d60bac99c6 AXxILCxxxxxxxolp 69866420 1424884424 3898362743742286861
readelf: Warning: [62]: Expected link to another section in info fieldreadelf: Warning: Size of section 62 is larger than the entire file!
[62] 1efd0c28: <unkn 274d01a98b662e18 dff8c218da1222f9
27e5be2c1c84fe0a 4d2bbad87d1b3ab3 AxSITxxxxxolExxxxxxxxxxxxxxxxxxxx 4250140222 3131437143 6180743764636744554
readelf: Warning: Size of section 63 is larger than the entire file!
[63] 0ee22f16: <unkn 7775c40f516dfb26 16e41941194f0e26
29323e2c763f33b3 3f84cc5322c7960e WXMLOGTCxxxxolp 2109702334 1251961086 15311100283684853633
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
D (mbind), l (large), p (processor specific)

There are no section groups in this file.

Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0x0000000000100000 0x0000000000100000
0x00000000000089f4 0x00000000000089f4 R E 0x100000
LOAD 0x0000000000000870 0x0000000000518870 0x0000000000518870
0x0000000000000000 0x0000000000000000 RW 0x1000
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x8

There is no dynamic section in this file.

There are no relocations in this file.
No processor specific unwind information to decode

No version information found in this file.

williballenthin · 2023-03-26T09:03:02Z

readelf for unpacked file:

readelf -a 72f1b91327ffda4cf18a2bf64913b673d39ebbff8cbe50c9cd354b1dcd312bcc ELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: Advanced Micro Devices X86-64 Version: 0x1 Entry point address: 0x400194 Start of program headers: 64 (bytes into file) Start of section headers: 75904 (bytes into file) Flags: 0x0 Size of this header: 64 (bytes) Size of program headers: 56 (bytes) Number of program headers: 3 Size of section headers: 64 (bytes) Number of section headers: 15 Section header string table index: 12

Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .init PROGBITS 00000000004000e8 000000e8
0000000000000013 0000000000000000 AX 0 0 1
[ 2] .text PROGBITS 0000000000400100 00000100
000000000000da78 0000000000000000 AX 0 0 16
[ 3] .fini PROGBITS 000000000040db78 0000db78
000000000000000e 0000000000000000 AX 0 0 1
[ 4] .rodata PROGBITS 000000000040dba0 0000dba0
0000000000003931 0000000000000000 A 0 0 32
[ 5] .eh_frame PROGBITS 00000000004114d4 000114d4
0000000000000004 0000000000000000 A 0 0 4
[ 6] .ctors PROGBITS 00000000005114d8 000114d8
0000000000000010 0000000000000000 WA 0 0 8
[ 7] .dtors PROGBITS 00000000005114e8 000114e8
0000000000000010 0000000000000000 WA 0 0 8
[ 8] .jcr PROGBITS 00000000005114f8 000114f8
0000000000000008 0000000000000000 WA 0 0 8
[ 9] .data PROGBITS 0000000000511500 00011500
00000000000007e8 0000000000000000 WA 0 0 32
[10] .bss NOBITS 0000000000511d00 00011ce8
0000000000006b70 0000000000000000 WA 0 0 32
[11] .comment PROGBITS 0000000000000000 00011ce8
0000000000000b2e 0000000000000000 0 0 1
[12] .shstrtab STRTAB 0000000000000000 00012816
0000000000000066 0000000000000000 0 0 1
[13] .symtab SYMTAB 0000000000000000 00012c40
0000000000004650 0000000000000018 14 262 8
[14] .strtab STRTAB 0000000000000000 00017290
00000000000023ac 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
D (mbind), l (large), p (processor specific)

There are no section groups in this file.

Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
0x00000000000114d8 0x00000000000114d8 R E 0x100000
LOAD 0x00000000000114d8 0x00000000005114d8 0x00000000005114d8
0x0000000000000810 0x0000000000007398 RW 0x100000
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x8

Section to Segment mapping:
Segment Sections...
00 .init .text .fini .rodata .eh_frame
01 .ctors .dtors .jcr .data .bss
02

There is no dynamic section in this file.

There are no relocations in this file.
No processor specific unwind information to decode

Symbol table '.symtab' contains 750 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000004000e8 0 SECTION LOCAL DEFAULT 1 .init
2: 0000000000400100 0 SECTION LOCAL DEFAULT 2 .text
3: 000000000040db78 0 SECTION LOCAL DEFAULT 3 .fini
4: 000000000040dba0 0 SECTION LOCAL DEFAULT 4 .rodata
5: 00000000004114d4 0 SECTION LOCAL DEFAULT 5 .eh_frame
6: 00000000005114d8 0 SECTION LOCAL DEFAULT 6 .ctors
7: 00000000005114e8 0 SECTION LOCAL DEFAULT 7 .dtors
8: 00000000005114f8 0 SECTION LOCAL DEFAULT 8 .jcr
9: 0000000000511500 0 SECTION LOCAL DEFAULT 9 .data
10: 0000000000511d00 0 SECTION LOCAL DEFAULT 10 .bss
11: 0000000000000000 0 SECTION LOCAL DEFAULT 11 .comment
12: 0000000000000000 0 SECTION LOCAL DEFAULT 12 .shstrtab
13: 0000000000000000 0 SECTION LOCAL DEFAULT 13 .symtab
14: 0000000000000000 0 SECTION LOCAL DEFAULT 14 .strtab
15: 0000000000000000 0 FILE LOCAL DEFAULT ABS libc/sysdeps/lin[...]
16: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
17: 00000000005114d8 0 OBJECT LOCAL DEFAULT 6 CTOR_LIST
18: 00000000005114e8 0 OBJECT LOCAL DEFAULT 7 DTOR_LIST
19: 00000000004114d4 0 OBJECT LOCAL DEFAULT 5 EH_FRAME_BEGIN
20: 00000000005114f8 0 OBJECT LOCAL DEFAULT 8 JCR_LIST
21: 0000000000511d00 1 OBJECT LOCAL DEFAULT 10 completed.2761
22: 0000000000511508 0 OBJECT LOCAL DEFAULT 9 p.2759
23: 0000000000400100 0 FUNC LOCAL DEFAULT 2 __do_global_dtors_aux
24: 0000000000511d20 48 OBJECT LOCAL DEFAULT 10 object.2814
25: 0000000000400150 0 FUNC LOCAL DEFAULT 2 frame_dummy
26: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
27: 00000000005114e0 0 OBJECT LOCAL DEFAULT 6 CTOR_END
28: 00000000005114f0 0 OBJECT LOCAL DEFAULT 7 DTOR_END
29: 00000000004114d4 0 OBJECT LOCAL DEFAULT 5 FRAME_END
30: 00000000005114f8 0 OBJECT LOCAL DEFAULT 8 JCR_END
31: 000000000040db40 0 FUNC LOCAL DEFAULT 2 __do_global_ctors_aux
32: 0000000000000000 0 FILE LOCAL DEFAULT ABS initfini.c
33: 0000000000000000 0 FILE LOCAL DEFAULT ABS libc/sysdeps/lin[...]
34: 0000000000000000 0 FILE LOCAL DEFAULT ABS libc/sysdeps/lin[...]
35: 0000000000000000 0 FILE LOCAL DEFAULT ABS godlyhttp.c
36: 0000000000511878 4 OBJECT LOCAL DEFAULT 9 c
37: 0000000000511d80 16384 OBJECT LOCAL DEFAULT 10 Q
38: 000000000051187c 4 OBJECT LOCAL DEFAULT 9 i.4538
39: 00000000004003bd 75 FUNC LOCAL DEFAULT 2 printchar
40: 0000000000400408 223 FUNC LOCAL DEFAULT 2 prints
41: 00000000004004e7 320 FUNC LOCAL DEFAULT 2 printi
42: 0000000000400627 1085 FUNC LOCAL DEFAULT 2 print
43: 0000000000515d80 8 OBJECT LOCAL DEFAULT 10 fdopen_pids
44: 000000000040eb80 2048 OBJECT LOCAL DEFAULT 4 hextable
45: 0000000000511d76 5 OBJECT LOCAL DEFAULT 10 ipState
46: 0000000000511d7b 4 OBJECT LOCAL DEFAULT 10 ipState.5637
47: 000000000040f5e0 288 OBJECT LOCAL DEFAULT 4 C.173.6354
48: 0000000000000000 0 FILE LOCAL DEFAULT ABS libc/sysdeps/lin[...]
49: 0000000000000000 0 FILE LOCAL DEFAULT ABS __syscall_fcntl.c
50: 0000000000000000 0 FILE LOCAL DEFAULT ABS _exit.c
51: 0000000000000000 0 FILE LOCAL DEFAULT ABS chdir.c
52: 0000000000000000 0 FILE LOCAL DEFAULT ABS close.c
53: 0000000000000000 0 FILE LOCAL DEFAULT ABS dup2.c
54: 0000000000000000 0 FILE LOCAL DEFAULT ABS fork.c
55: 0000000000000000 0 FILE LOCAL DEFAULT ABS getcwd.c
56: 0000000000000000 0 FILE LOCAL DEFAULT ABS getdtablesize.c
57: 0000000000000000 0 FILE LOCAL DEFAULT ABS getpagesize.c
58: 0000000000000000 0 FILE LOCAL DEFAULT ABS getpid.c
59: 0000000000000000 0 FILE LOCAL DEFAULT ABS getrlimit.c
60: 0000000000000000 0 FILE LOCAL DEFAULT ABS ioctl.c
61: 0000000000000000 0 FILE LOCAL DEFAULT ABS kill.c
62: 0000000000000000 0 FILE LOCAL DEFAULT ABS open.c
63: 0000000000000000 0 FILE LOCAL DEFAULT ABS pipe.c
64: 0000000000000000 0 FILE LOCAL DEFAULT ABS prctl.c
65: 0000000000000000 0 FILE LOCAL DEFAULT ABS read.c
66: 0000000000000000 0 FILE LOCAL DEFAULT ABS select.c
67: 0000000000000000 0 FILE LOCAL DEFAULT ABS setsid.c
68: 0000000000000000 0 FILE LOCAL DEFAULT ABS sigprocmask.c
69: 0000000000000000 0 FILE LOCAL DEFAULT ABS time.c
70: 0000000000000000 0 FILE LOCAL DEFAULT ABS waitpid.c
71: 0000000000000000 0 FILE LOCAL DEFAULT ABS write.c
72: 0000000000000000 0 FILE LOCAL DEFAULT ABS isspace.c
73: 0000000000000000 0 FILE LOCAL DEFAULT ABS toupper.c
74: 0000000000000000 0 FILE LOCAL DEFAULT ABS __C_ctype_b.c
75: 0000000000000000 0 FILE LOCAL DEFAULT ABS __C_ctype_toupper.c
76: 0000000000000000 0 FILE LOCAL DEFAULT ABS __errno_location.c
77: 0000000000000000 0 FILE LOCAL DEFAULT ABS fclose.c
78: 0000000000000000 0 FILE LOCAL DEFAULT ABS fopen.c
79: 0000000000000000 0 FILE LOCAL DEFAULT ABS sprintf.c
80: 0000000000000000 0 FILE LOCAL DEFAULT ABS vsnprintf.c
81: 0000000000000000 0 FILE LOCAL DEFAULT ABS _fopen.c
82: 0000000000000000 0 FILE LOCAL DEFAULT ABS _stdio.c
83: 0000000000511960 384 OBJECT LOCAL DEFAULT 9 _stdio_streams
84: 000000000040fe80 40 OBJECT LOCAL DEFAULT 4 __stdio_mutex_in[...]
85: 0000000000515dc0 8192 OBJECT LOCAL DEFAULT 10 _fixed_buffers
86: 0000000000000000 0 FILE LOCAL DEFAULT ABS _wcommit.c
87: 0000000000000000 0 FILE LOCAL DEFAULT ABS _vfprintf_internal.c
88: 000000000040695c 68 FUNC LOCAL DEFAULT 2 _charpad
89: 00000000004069a0 120 FUNC LOCAL DEFAULT 2 _fp_out_narrow
90: 000000000040fec1 7 OBJECT LOCAL DEFAULT 4 spec_base.4493
91: 000000000040feb5 12 OBJECT LOCAL DEFAULT 4 prefix.4494
92: 0000000000000000 0 FILE LOCAL DEFAULT ABS ppfs_init.c
93: 0000000000000000 0 FILE LOCAL DEFAULT ABS ppfs_prepargs.c
94: 0000000000000000 0 FILE LOCAL DEFAULT ABS ppfs_setargs.c
95: 0000000000000000 0 FILE LOCAL DEFAULT ABS ppfs_parsespec.c
96: 00000000004072d8 46 FUNC LOCAL DEFAULT 2 promoted_size
97: 000000000040ff40 24 OBJECT LOCAL DEFAULT 4 type_codes
98: 000000000040ff58 12 OBJECT LOCAL DEFAULT 4 type_sizes
99: 000000000040ff35 8 OBJECT LOCAL DEFAULT 4 spec_flags.4493
100: 000000000040fed0 20 OBJECT LOCAL DEFAULT 4 qual_chars.4498
101: 000000000040ff20 21 OBJECT LOCAL DEFAULT 4 spec_chars.4494
102: 000000000040ff10 9 OBJECT LOCAL DEFAULT 4 spec_ranges.4495
103: 000000000040ff00 16 OBJECT LOCAL DEFAULT 4 spec_or_mask.4496
104: 000000000040fef0 16 OBJECT LOCAL DEFAULT 4 spec_and_mask.4497
105: 0000000000000000 0 FILE LOCAL DEFAULT ABS feof.c
106: 0000000000000000 0 FILE LOCAL DEFAULT ABS fgets.c
107: 0000000000000000 0 FILE LOCAL DEFAULT ABS fputs.c
108: 0000000000000000 0 FILE LOCAL DEFAULT ABS fflush_unlocked.c
109: 0000000000000000 0 FILE LOCAL DEFAULT ABS fgets_unlocked.c
110: 0000000000000000 0 FILE LOCAL DEFAULT ABS fputs_unlocked.c
111: 0000000000000000 0 FILE LOCAL DEFAULT ABS fwrite_unlocked.c
112: 0000000000000000 0 FILE LOCAL DEFAULT ABS libc/string/x86[...]
113: 0000000000000000 0 FILE LOCAL DEFAULT ABS libc/string/x86[...]
114: 0000000000000000 0 FILE LOCAL DEFAULT ABS libc/string/x86[...]
115: 0000000000000000 0 FILE LOCAL DEFAULT ABS libc/string/x86[...]
116: 0000000000000000 0 FILE LOCAL DEFAULT ABS libc/string/x86[...]
117: 0000000000000000 0 FILE LOCAL DEFAULT ABS strncpy.c
118: 0000000000000000 0 FILE LOCAL DEFAULT ABS strnlen.c
119: 0000000000000000 0 FILE LOCAL DEFAULT ABS strstr.c
120: 0000000000000000 0 FILE LOCAL DEFAULT ABS __glibc_strerror_r.c
121: 0000000000000000 0 FILE LOCAL DEFAULT ABS __xpg_strerror_r.c
122: 000000000040ff64 14 OBJECT LOCAL DEFAULT 4 unknown.2050
123: 0000000000000000 0 FILE LOCAL DEFAULT ABS _string_syserrmsgs.c
124: 0000000000000000 0 FILE LOCAL DEFAULT ABS bcopy.c
125: 0000000000000000 0 FILE LOCAL DEFAULT ABS strcasecmp.c
126: 0000000000000000 0 FILE LOCAL DEFAULT ABS strcasestr.c
127: 0000000000000000 0 FILE LOCAL DEFAULT ABS strtok.c
128: 0000000000517dc0 8 OBJECT LOCAL DEFAULT 10 next_start.1440
129: 0000000000000000 0 FILE LOCAL DEFAULT ABS isatty.c
130: 0000000000000000 0 FILE LOCAL DEFAULT ABS tcgetattr.c
131: 0000000000000000 0 FILE LOCAL DEFAULT ABS ntohl.c
132: 0000000000000000 0 FILE LOCAL DEFAULT ABS inet_ntoa.c
133: 0000000000517dd0 16 OBJECT LOCAL DEFAULT 10 buf.2989
134: 0000000000000000 0 FILE LOCAL DEFAULT ABS inet_makeaddr.c
135: 0000000000000000 0 FILE LOCAL DEFAULT ABS gethostbyname.c
136: 0000000000517de0 500 OBJECT LOCAL DEFAULT 10 buf.5285
137: 0000000000517fe0 32 OBJECT LOCAL DEFAULT 10 h.5284
138: 0000000000000000 0 FILE LOCAL DEFAULT ABS gethostbyname_r.c
139: 0000000000000000 0 FILE LOCAL DEFAULT ABS connect.c
140: 0000000000000000 0 FILE LOCAL DEFAULT ABS getsockname.c
141: 0000000000000000 0 FILE LOCAL DEFAULT ABS getsockopt.c
142: 0000000000000000 0 FILE LOCAL DEFAULT ABS recv.c
143: 0000000000000000 0 FILE LOCAL DEFAULT ABS recvfrom.c
144: 0000000000000000 0 FILE LOCAL DEFAULT ABS send.c
145: 0000000000000000 0 FILE LOCAL DEFAULT ABS sendto.c
146: 0000000000000000 0 FILE LOCAL DEFAULT ABS setsockopt.c
147: 0000000000000000 0 FILE LOCAL DEFAULT ABS socket.c
148: 0000000000000000 0 FILE LOCAL DEFAULT ABS sigaddset.c
149: 0000000000000000 0 FILE LOCAL DEFAULT ABS sigempty.c
150: 0000000000000000 0 FILE LOCAL DEFAULT ABS signal.c
151: 0000000000000000 0 FILE LOCAL DEFAULT ABS sigsetops.c
152: 0000000000000000 0 FILE LOCAL DEFAULT ABS malloc.c
153: 0000000000408b4c 96 FUNC LOCAL DEFAULT 2 __malloc_largebi[...]
154: 0000000000000000 0 FILE LOCAL DEFAULT ABS realloc.c
155: 0000000000000000 0 FILE LOCAL DEFAULT ABS free.c
156: 0000000000409770 153 FUNC LOCAL DEFAULT 2 __malloc_trim
157: 0000000000000000 0 FILE LOCAL DEFAULT ABS abort.c
158: 0000000000511b20 40 OBJECT LOCAL DEFAULT 9 mylock
159: 0000000000518000 4 OBJECT LOCAL DEFAULT 10 been_there_done_that
160: 0000000000000000 0 FILE LOCAL DEFAULT ABS rand.c
161: 0000000000000000 0 FILE LOCAL DEFAULT ABS random.c
162: 0000000000511b60 40 OBJECT LOCAL DEFAULT 9 mylock
163: 0000000000511ba0 48 OBJECT LOCAL DEFAULT 9 unsafe_state
164: 0000000000511be0 128 OBJECT LOCAL DEFAULT 9 randtbl
165: 0000000000000000 0 FILE LOCAL DEFAULT ABS random_r.c
166: 0000000000410ae0 40 OBJECT LOCAL DEFAULT 4 random_poly_info
167: 0000000000000000 0 FILE LOCAL DEFAULT ABS atoi.c
168: 0000000000000000 0 FILE LOCAL DEFAULT ABS strtol.c
169: 0000000000000000 0 FILE LOCAL DEFAULT ABS _stdlib_strto_l.c
170: 0000000000000000 0 FILE LOCAL DEFAULT ABS exit.c
171: 0000000000000000 0 FILE LOCAL DEFAULT ABS execl.c
172: 0000000000000000 0 FILE LOCAL DEFAULT ABS sleep.c
173: 0000000000000000 0 FILE LOCAL DEFAULT ABS sysconf.c
174: 0000000000000000 0 FILE LOCAL DEFAULT ABS usleep.c
175: 0000000000000000 0 FILE LOCAL DEFAULT ABS __uClibc_main.c
176: 000000000040a6ea 3 FUNC LOCAL DEFAULT 2 __pthread_return_0
177: 000000000040a6ed 1 FUNC LOCAL DEFAULT 2 __pthread_return_void
178: 000000000040a6ee 53 FUNC LOCAL DEFAULT 2 _check_one_fd
179: 0000000000518038 4 OBJECT LOCAL DEFAULT 10 been_there_done[...]
180: 0000000000000000 0 FILE LOCAL DEFAULT ABS sigaction.c
181: 000000000040a950 0 NOTYPE LOCAL DEFAULT 2 __restore_rt
182: 0000000000000000 0 FILE LOCAL DEFAULT ABS __syscall_error.c
183: 0000000000000000 0 FILE LOCAL DEFAULT ABS mmap.c
184: 0000000000000000 0 FILE LOCAL DEFAULT ABS clock_getres.c
185: 0000000000000000 0 FILE LOCAL DEFAULT ABS execve.c
186: 0000000000000000 0 FILE LOCAL DEFAULT ABS getegid.c
187: 0000000000000000 0 FILE LOCAL DEFAULT ABS geteuid.c
188: 0000000000000000 0 FILE LOCAL DEFAULT ABS getgid.c
189: 0000000000000000 0 FILE LOCAL DEFAULT ABS getuid.c
190: 0000000000000000 0 FILE LOCAL DEFAULT ABS mremap.c
191: 0000000000000000 0 FILE LOCAL DEFAULT ABS munmap.c
192: 0000000000000000 0 FILE LOCAL DEFAULT ABS nanosleep.c
193: 0000000000000000 0 FILE LOCAL DEFAULT ABS sbrk.c
194: 0000000000000000 0 FILE LOCAL DEFAULT ABS wait4.c
195: 0000000000000000 0 FILE LOCAL DEFAULT ABS __C_ctype_tolower.c
196: 0000000000000000 0 FILE LOCAL DEFAULT ABS errno.c
197: 0000000000000000 0 FILE LOCAL DEFAULT ABS __h_errno_location.c
198: 0000000000000000 0 FILE LOCAL DEFAULT ABS wcrtomb.c
199: 0000000000000000 0 FILE LOCAL DEFAULT ABS wcsrtombs.c
200: 0000000000000000 0 FILE LOCAL DEFAULT ABS wcsnrtombs.c
201: 0000000000000000 0 FILE LOCAL DEFAULT ABS _WRITE.c
202: 0000000000000000 0 FILE LOCAL DEFAULT ABS _fwrite.c
203: 0000000000000000 0 FILE LOCAL DEFAULT ABS _trans2w.c
204: 0000000000000000 0 FILE LOCAL DEFAULT ABS _load_inttype.c
205: 0000000000000000 0 FILE LOCAL DEFAULT ABS _store_inttype.c
206: 0000000000000000 0 FILE LOCAL DEFAULT ABS _uintmaxtostr.c
207: 0000000000000000 0 FILE LOCAL DEFAULT ABS fpmaxtostr.c
208: 0000000000411300 20 OBJECT LOCAL DEFAULT 4 fmt
209: 0000000000411320 208 OBJECT LOCAL DEFAULT 4 exp10_table
210: 0000000000000000 0 FILE LOCAL DEFAULT ABS fgetc_unlocked.c
211: 0000000000000000 0 FILE LOCAL DEFAULT ABS libc/string/x86[...]
212: 0000000000000000 0 FILE LOCAL DEFAULT ABS memchr.c
213: 0000000000000000 0 FILE LOCAL DEFAULT ABS memmove.c
214: 0000000000000000 0 FILE LOCAL DEFAULT ABS memrchr.c
215: 0000000000000000 0 FILE LOCAL DEFAULT ABS strtok_r.c
216: 0000000000000000 0 FILE LOCAL DEFAULT ABS inet_aton.c
217: 0000000000000000 0 FILE LOCAL DEFAULT ABS dnslookup.c
218: 0000000000518060 40 OBJECT LOCAL DEFAULT 10 mylock
219: 0000000000518088 4 OBJECT LOCAL DEFAULT 10 static_ns
220: 0000000000511ca0 2 OBJECT LOCAL DEFAULT 9 static_id
221: 0000000000000000 0 FILE LOCAL DEFAULT ABS opennameservers.c
222: 0000000000000000 0 FILE LOCAL DEFAULT ABS get_hosts_byname_r.c
223: 0000000000000000 0 FILE LOCAL DEFAULT ABS raise.c
224: 0000000000000000 0 FILE LOCAL DEFAULT ABS dl-support.c
225: 0000000000000000 0 FILE LOCAL DEFAULT ABS brk.c
226: 0000000000000000 0 FILE LOCAL DEFAULT ABS poll.c
227: 0000000000000000 0 FILE LOCAL DEFAULT ABS fseeko.c
228: 0000000000000000 0 FILE LOCAL DEFAULT ABS fseeko64.c
229: 0000000000000000 0 FILE LOCAL DEFAULT ABS _READ.c
230: 0000000000000000 0 FILE LOCAL DEFAULT ABS _adjust_pos.c
231: 0000000000000000 0 FILE LOCAL DEFAULT ABS rfill.c
232: 0000000000000000 0 FILE LOCAL DEFAULT ABS trans2r.c
233: 0000000000000000 0 FILE LOCAL DEFAULT ABS cs_funcs.c
234: 0000000000000000 0 FILE LOCAL DEFAULT ABS libc/string/x86[...]
235: 0000000000000000 0 FILE LOCAL DEFAULT ABS libc/string/x86[...]
236: 0000000000000000 0 FILE LOCAL DEFAULT ABS libc/string/x86[...]
237: 0000000000000000 0 FILE LOCAL DEFAULT ABS rawmemchr.c
238: 0000000000000000 0 FILE LOCAL DEFAULT ABS strncat.c
239: 0000000000000000 0 FILE LOCAL DEFAULT ABS strdup.c
240: 0000000000000000 0 FILE LOCAL DEFAULT ABS ntop.c
241: 000000000040cd68 135 FUNC LOCAL DEFAULT 2 inet_pton4
242: 00000000004114a0 17 OBJECT LOCAL DEFAULT 4 xdigits.3747
243: 000000000040cfdc 280 FUNC LOCAL DEFAULT 2 inet_ntop4
244: 0000000000000000 0 FILE LOCAL DEFAULT ABS encodeh.c
245: 0000000000000000 0 FILE LOCAL DEFAULT ABS decodeh.c
246: 0000000000000000 0 FILE LOCAL DEFAULT ABS encodeq.c
247: 0000000000000000 0 FILE LOCAL DEFAULT ABS lengthq.c
248: 0000000000000000 0 FILE LOCAL DEFAULT ABS decodea.c
249: 0000000000000000 0 FILE LOCAL DEFAULT ABS read_etc_hosts_r.c
250: 0000000000000000 0 FILE LOCAL DEFAULT ABS llseek.c
251: 0000000000000000 0 FILE LOCAL DEFAULT ABS lseek.c
252: 0000000000000000 0 FILE LOCAL DEFAULT ABS tolower.c
253: 0000000000000000 0 FILE LOCAL DEFAULT ABS encoded.c
254: 0000000000000000 0 FILE LOCAL DEFAULT ABS decoded.c
255: 0000000000000000 0 FILE LOCAL DEFAULT ABS lengthd.c
256: 00000000005114d8 0 NOTYPE LOCAL HIDDEN ABS __fini_array_end
257: 00000000005114d8 0 NOTYPE LOCAL HIDDEN ABS __fini_array_start
258: 00000000005114d8 0 NOTYPE LOCAL HIDDEN ABS __init_array_end
259: 00000000005114d8 0 NOTYPE LOCAL HIDDEN ABS __preinit_array_end
260: 00000000005114d8 0 NOTYPE LOCAL HIDDEN ABS __init_array_start
261: 00000000005114d8 0 NOTYPE LOCAL HIDDEN ABS __preinit_array_start
262: 000000000040d5ce 830 FUNC GLOBAL HIDDEN 2 __read_etc_hosts_r
263: 000000000040aac4 38 FUNC GLOBAL HIDDEN 2 __GI_execve
264: 000000000040a959 247 FUNC GLOBAL DEFAULT 2 __libc_sigaction
265: 0000000000407e90 213 FUNC GLOBAL DEFAULT 2 strcpy
266: 0000000000405e40 100 FUNC WEAK HIDDEN 2 __GI_fcntl64
267: 0000000000401419 570 FUNC GLOBAL DEFAULT 2 recvLine
268: 0000000000408a10 35 FUNC GLOBAL HIDDEN 2 __GI_sigaddset
269: 0000000000511888 8 OBJECT GLOBAL HIDDEN 9 __GI___ctype_b
270: 000000000040b86c 240 FUNC GLOBAL HIDDEN 2 __GI_memchr
271: 0000000000408264 14 FUNC GLOBAL HIDDEN 2 __GI___glibc_str[...]
272: 0000000000406328 7 FUNC WEAK DEFAULT 2 waitpid
273: 000000000040c560 597 FUNC GLOBAL HIDDEN 2 __open_nameservers
274: 000000000040649c 10 FUNC GLOBAL HIDDEN 2 __GI_fopen
275: 00000000004060a4 40 FUNC GLOBAL DEFAULT 2 getrlimit
276: 00000000004060cc 104 FUNC GLOBAL DEFAULT 2 ioctl
277: 0000000000515da0 4 OBJECT GLOBAL DEFAULT 10 stdio_openlist[...]
278: 0000000000409faf 185 FUNC GLOBAL HIDDEN 2 __GI_initstate_r
279: 000000000040a959 247 FUNC WEAK HIDDEN 2 __GI_sigaction
280: 000000000040bd2c 94 FUNC GLOBAL DEFAULT 2 strtok_r
281: 000000000040fb80 768 OBJECT GLOBAL HIDDEN 4 __GI___C_ctype_t[...]
282: 0000000000406300 39 FUNC GLOBAL HIDDEN 2 __GI_time
283: 000000000040ab3c 38 FUNC GLOBAL DEFAULT 2 getgid
284: 000000000040a510 351 FUNC GLOBAL DEFAULT 2 sysconf
285: 00000000005118a8 8 OBJECT GLOBAL DEFAULT 9 stdout
286: 0000000000409ca4 72 FUNC GLOBAL DEFAULT 2 random
287: 000000000040cd30 54 FUNC GLOBAL HIDDEN 2 __GI_strdup
288: 0000000000406068 19 FUNC GLOBAL HIDDEN 2 __GI_getpagesize
289: 0000000000406044 35 FUNC GLOBAL DEFAULT 2 getdtablesize
290: 0000000000518040 4 OBJECT GLOBAL HIDDEN 10 __GI_h_errno
291: 0000000000401886 33 FUNC GLOBAL DEFAULT 2 contains_fail
292: 000000000040d49c 19 FUNC GLOBAL HIDDEN 2 __length_question
293: 0000000000511898 8 OBJECT GLOBAL HIDDEN 9 __GI___ctype_toupper
294: 0000000000408348 48 FUNC GLOBAL HIDDEN 2 __GI_strcasecmp
295: 000000000040d944 30 FUNC GLOBAL HIDDEN 2 __GI_tolower
296: 0000000000408930 11 FUNC WEAK DEFAULT 2 recv
297: 00000000004088a4 43 FUNC WEAK DEFAULT 2 connect
298: 000000000040d44c 80 FUNC GLOBAL HIDDEN 2 __encode_question
299: 0000000000402130 1115 FUNC GLOBAL DEFAULT 2 GetRandomPublicIP
300: 000000000040a6a4 70 FUNC GLOBAL HIDDEN 2 __GI___uClibc_fini
301: 0000000000511d68 8 OBJECT GLOBAL DEFAULT 10 numpids
302: 000000000040d304 163 FUNC GLOBAL HIDDEN 2 __encode_header
303: 000000000040ccb8 119 FUNC GLOBAL HIDDEN 2 __GI_strncat
304: 0000000000408a34 20 FUNC GLOBAL DEFAULT 2 sigemptyset
305: 000000000040a6ea 3 FUNC WEAK DEFAULT 2 __pthread_mutex_lock
306: 000000000040516f 298 FUNC GLOBAL DEFAULT 2 initConnection
307: 0000000000408b2c 30 FUNC GLOBAL DEFAULT 2 __sigdelset
308: 000000000040aa98 41 FUNC GLOBAL HIDDEN 2 __GI_clock_getres
309: 000000000040a6a4 70 FUNC GLOBAL DEFAULT 2 __uClibc_fini
310: 000000000040bc3c 237 FUNC GLOBAL DEFAULT 2 memrchr
311: 000000000040ab14 38 FUNC GLOBAL DEFAULT 2 geteuid
312: 000000000040cdef 493 FUNC GLOBAL DEFAULT 2 inet_pton
313: 0000000000406540 199 FUNC GLOBAL HIDDEN 2 __GI_vsnprintf
314: 0000000000406280 38 FUNC GLOBAL HIDDEN 2 __GI_setsid
315: 000000000040b95c 734 FUNC WEAK DEFAULT 2 memmove
316: 0000000000403ea8 1554 FUNC GLOBAL DEFAULT 2 sendTCP
317: 0000000000408a48 168 FUNC GLOBAL HIDDEN 2 __bsd_signal
318: 000000000040cae0 140 FUNC GLOBAL HIDDEN 2 __GI_strpbrk
319: 000000000040ca3c 90 FUNC GLOBAL HIDDEN 2 __stdio_trans2r_o
320: 000000000040abb8 38 FUNC GLOBAL DEFAULT 2 munmap
321: 00000000004089a8 53 FUNC GLOBAL HIDDEN 2 __GI_setsockopt
322: 0000000000518010 8 OBJECT GLOBAL DEFAULT 10 __libc_stack_end
323: 0000000000406398 259 FUNC GLOBAL HIDDEN 2 __GI_fclose
324: 000000000040ace0 140 FUNC GLOBAL HIDDEN 2 __GI_wcsnrtombs
325: 00000000004061d8 38 FUNC GLOBAL HIDDEN 2 __GI_pipe
326: 000000000040b020 187 FUNC GLOBAL HIDDEN 2 _uintmaxtostr
327: 0000000000405e40 100 FUNC GLOBAL DEFAULT 2 __libc_fcntl
328: 0000000000518040 4 OBJECT WEAK DEFAULT 10 _h_errno
329: 000000000040b724 222 FUNC GLOBAL DEFAULT 2 getc_unlocked
330: 0000000000511888 8 OBJECT GLOBAL DEFAULT 9 __ctype_b
331: 000000000040a07c 10 FUNC GLOBAL DEFAULT 2 strtoimax
332: 0000000000409eac 90 FUNC GLOBAL HIDDEN 2 __GI_random_r
333: 0000000000511660 72 OBJECT GLOBAL DEFAULT 9 usernames
334: 000000000051803c 4 OBJECT GLOBAL DEFAULT 10 errno
335: 000000000040aaec 38 FUNC GLOBAL DEFAULT 2 getegid
336: 0000000000401673 118 FUNC GLOBAL DEFAULT 2 read_until_response
337: 000000000040ac08 74 FUNC GLOBAL HIDDEN 2 __GI_sbrk
338: 0000000000400a64 227 FUNC GLOBAL DEFAULT 2 zprintf
339: 000000000040a723 67 FUNC GLOBAL HIDDEN 2 __GI___uClibc_init
340: 000000000040a670 52 FUNC GLOBAL DEFAULT 2 usleep
341: 000000000040aac4 38 FUNC GLOBAL DEFAULT 2 execve
342: 0000000000406068 19 FUNC GLOBAL DEFAULT 2 getpagesize
343: 000000000040607c 38 FUNC WEAK DEFAULT 2 getpid
344: 000000000040d90c 5 FUNC WEAK HIDDEN 2 __GI_lseek64
345: 0000000000409e04 168 FUNC GLOBAL DEFAULT 2 setstate_r
346: 0000000000407758 109 FUNC GLOBAL DEFAULT 2 fgets
347: 0000000000401330 65 FUNC GLOBAL DEFAULT 2 getHost
348: 000000000040607c 38 FUNC GLOBAL DEFAULT 2 __libc_getpid
349: 00000000004011fc 308 FUNC GLOBAL DEFAULT 2 wildString
350: 0000000000408274 194 FUNC GLOBAL DEFAULT 2 __xpg_strerror_r
351: 0000000000405e40 100 FUNC WEAK DEFAULT 2 fcntl64
352: 00000000004060a4 40 FUNC GLOBAL DEFAULT 2 getrlimit64
353: 0000000000406200 44 FUNC GLOBAL DEFAULT 2 prctl
354: 0000000000407b90 102 FUNC GLOBAL DEFAULT 2 memcpy
355: 00000000004013ac 109 FUNC GLOBAL DEFAULT 2 makeRandomStr
356: 0000000000407ac4 56 FUNC GLOBAL HIDDEN 2 __GI_fputs_unlocked
357: 000000000040a250 287 FUNC GLOBAL DEFAULT 2 execl
358: 0000000000407758 109 FUNC GLOBAL HIDDEN 2 __GI_fgets
359: 00000000004037e4 430 FUNC GLOBAL DEFAULT 2 sendHTTP
360: 00000000004061ca 14 FUNC WEAK DEFAULT 2 creat
361: 000000000040782c 216 FUNC GLOBAL DEFAULT 2 stdio_openlist[...]
362: 0000000000402785 46 FUNC GLOBAL DEFAULT 2 sclose
363: 0000000000406254 44 FUNC GLOBAL DEFAULT 2 __libc_select
364: 0000000000407054 114 FUNC GLOBAL HIDDEN 2 _ppfs_init
365: 0000000000511890 8 OBJECT GLOBAL HIDDEN 9 __GI___C_ctype_t[...]
366: 000000000040b724 222 FUNC GLOBAL HIDDEN 2 __GI_fgetc_unlocked
367: 000000000040abe0 38 FUNC GLOBAL DEFAULT 2 __libc_nanosleep
368: 00000000004002f0 205 FUNC GLOBAL DEFAULT 2 trim
369: 0000000000407a50 116 FUNC GLOBAL HIDDEN 2 __GI_fgets_unlocked
370: 0000000000405f24 44 FUNC GLOBAL DEFAULT 2 dup2
371: 000000000040a6ea 3 FUNC WEAK DEFAULT 2 __pthread_mutex_init
372: 000000000040258b 47 FUNC GLOBAL DEFAULT 2 GetRandomIP
373: 000000000040d944 30 FUNC GLOBAL DEFAULT 2 tolower
374: 000000000040ab64 38 FUNC GLOBAL DEFAULT 2 getuid
375: 000000000040d5a4 42 FUNC GLOBAL HIDDEN 2 __open_etc_hosts
376: 0000000000407704 83 FUNC GLOBAL DEFAULT 2 feof
377: 0000000000408bac 2149 FUNC GLOBAL DEFAULT 2 malloc
378: 00000000004083cc 25 FUNC GLOBAL DEFAULT 2 isatty
379: 000000000040a370 415 FUNC GLOBAL DEFAULT 2 sleep
380: 000000000040a07c 10 FUNC GLOBAL DEFAULT 2 strtoll
381: 0000000000406540 199 FUNC GLOBAL DEFAULT 2 vsnprintf
382: 000000000040be18 1862 FUNC GLOBAL HIDDEN 2 __dns_lookup
383: 000000000040622c 39 FUNC WEAK HIDDEN 2 __GI_read
384: 000000000040893c 45 FUNC WEAK DEFAULT 2 recvfrom
385: 0000000000511c90 8 OBJECT GLOBAL DEFAULT 9 __C_ctype_tolower
386: 0000000000409eac 90 FUNC GLOBAL DEFAULT 2 random_r
387: 0000000000511500 0 OBJECT GLOBAL HIDDEN 9 __dso_handle
388: 000000000040aa98 41 FUNC GLOBAL DEFAULT 2 clock_getres
389: 0000000000408520 897 FUNC GLOBAL DEFAULT 2 gethostbyname_r
390: 000000000040262d 191 FUNC GLOBAL DEFAULT 2 tcpcsum
391: 0000000000401841 36 FUNC GLOBAL DEFAULT 2 reset_telstate
392: 0000000000400fb8 368 FUNC GLOBAL DEFAULT 2 fdpclose
393: 00000000004089e0 47 FUNC GLOBAL DEFAULT 2 socket
394: 0000000000405f24 44 FUNC GLOBAL HIDDEN 2 __GI_dup2
395: 0000000000406254 44 FUNC WEAK DEFAULT 2 select
396: 000000000040a6ed 1 FUNC WEAK DEFAULT 2 _pthread_cleanup[...]
397: 000000000040ac8c 68 FUNC GLOBAL HIDDEN 2 __GI_wcrtomb
398: 0000000000405e40 100 FUNC GLOBAL HIDDEN 2 __GI___libc_fcntl
399: 0000000000407c00 210 FUNC GLOBAL HIDDEN 2 __GI_memset
400: 000000000040635c 18 FUNC GLOBAL DEFAULT 2 isspace
401: 000000000040ca98 31 FUNC GLOBAL HIDDEN 2 __stdio_seek
402: 000000000040b810 90 FUNC GLOBAL DEFAULT 2 mempcpy
403: 000000000040cab8 33 FUNC GLOBAL HIDDEN 2 __GI_strcoll
404: 0000000000406330 42 FUNC WEAK HIDDEN 2 __GI_write
405: 0000000000511898 8 OBJECT GLOBAL DEFAULT 9 __ctype_toupper
406: 000000000040622c 39 FUNC GLOBAL DEFAULT 2 __libc_read
407: 000000000040ff80 2906 OBJECT GLOBAL HIDDEN 4 _string_syserrmsgs
408: 0000000000406160 106 FUNC WEAK HIDDEN 2 __GI_open
409: 0000000000407ce0 417 FUNC GLOBAL HIDDEN 2 __GI_strchr
410: 0000000000518820 32 OBJECT GLOBAL HIDDEN 10 __searchdomain
411: 0000000000511648 8 OBJECT GLOBAL DEFAULT 9 HeliosServer
412: 000000000040d914 45 FUNC WEAK DEFAULT 2 lseek
413: 0000000000408a10 35 FUNC GLOBAL DEFAULT 2 sigaddset
414: 00000000004083e8 110 FUNC GLOBAL HIDDEN 2 __GI_tcgetattr
415: 0000000000518018 8 OBJECT GLOBAL DEFAULT 10 __environ
416: 000000000040aa68 48 FUNC GLOBAL DEFAULT 2 mmap
417: 000000000040ace0 140 FUNC GLOBAL DEFAULT 2 wcsnrtombs
418: 00000000004026ec 153 FUNC GLOBAL DEFAULT 2 makeIPPacket
419: 00000000004084c1 10 FUNC GLOBAL HIDDEN 2 __GI_inet_ntoa
420: 000000000040896c 11 FUNC WEAK DEFAULT 2 send
421: 000000000040b724 222 FUNC GLOBAL DEFAULT 2 __fgetc_unlocked
422: 0000000000409b84 276 FUNC GLOBAL DEFAULT 2 abort
423: 0000000000405e40 100 FUNC WEAK HIDDEN 2 __GI_fcntl
424: 000000000040acd0 15 FUNC GLOBAL HIDDEN 2 __GI_wcsrtombs
425: 0000000000407afc 134 FUNC GLOBAL HIDDEN 2 __GI_fwrite_unlocked
426: 000000000040ab3c 38 FUNC GLOBAL HIDDEN 2 __GI_getgid
427: 0000000000409f06 169 FUNC GLOBAL DEFAULT 2 srandom_r
428: 00000000004077c8 97 FUNC GLOBAL HIDDEN 2 __GI_fputs
429: 00000000004000e8 5 FUNC GLOBAL DEFAULT 1 _init
430: 0000000000408474 77 FUNC GLOBAL HIDDEN 2 __GI_inet_ntoa_r
431: 0000000000409e04 168 FUNC GLOBAL HIDDEN 2 __GI_setstate_r
432: 00000000004011a8 84 FUNC GLOBAL DEFAULT 2 parseHex
433: 000000000040a07c 10 FUNC GLOBAL DEFAULT 2 strtol
434: 00000000004061d8 38 FUNC GLOBAL DEFAULT 2 pipe
435: 000000000040d90c 5 FUNC GLOBAL DEFAULT 2 __libc_lseek64
436: 00000000004080d8 206 FUNC GLOBAL DEFAULT 2 strnlen
437: 000000000040cbf8 190 FUNC GLOBAL DEFAULT 2 rawmemchr
438: 000000000040b810 90 FUNC GLOBAL HIDDEN 2 __GI_mempcpy
439: 0000000000518140 1752 OBJECT GLOBAL DEFAULT 10 __malloc_state
440: 000000000040f880 768 OBJECT GLOBAL HIDDEN 4 __GI___C_ctype_b_data
441: 0000000000408b10 28 FUNC GLOBAL DEFAULT 2 __sigaddset
442: 000000000040abe0 38 FUNC WEAK DEFAULT 2 nanosleep
443: 000000000040896c 11 FUNC WEAK HIDDEN 2 __GI_send
444: 0000000000518040 4 OBJECT GLOBAL DEFAULT 10 h_errno
445: 000000000040a6ea 3 FUNC WEAK DEFAULT 2 _pthread_mutex[...]
446: 000000000040ac54 47 FUNC GLOBAL DEFAULT 2 wait4
447: 000000000040a1f4 92 FUNC GLOBAL HIDDEN 2 __GI_exit
448: 0000000000518028 8 OBJECT GLOBAL HIDDEN 10 __app_fini
449: 00000000004025ba 115 FUNC GLOBAL DEFAULT 2 csum
450: 0000000000518008 8 OBJECT GLOBAL HIDDEN 10 __exit_cleanup
451: 000000000040a250 287 FUNC GLOBAL HIDDEN 2 __GI_execl
452: 0000000000409f06 169 FUNC GLOBAL HIDDEN 2 __GI_srandom_r
453: 0000000000511c98 8 OBJECT GLOBAL HIDDEN 9 __GI___ctype_tolower
454: 0000000000406330 42 FUNC WEAK DEFAULT 2 write
455: 0000000000518018 8 OBJECT WEAK DEFAULT 10 environ
456: 0000000000405ef8 41 FUNC WEAK HIDDEN 2 __GI_close
457: 000000000040547d 11 FUNC GLOBAL DEFAULT 2 getBuild
458: 0000000000511cc0 40 OBJECT GLOBAL DEFAULT 9 __resolv_lock
459: 0000000000406134 44 FUNC GLOBAL DEFAULT 2 kill
460: 0000000000407ac4 56 FUNC GLOBAL DEFAULT 2 fputs_unlocked
461: 000000000040a6ea 3 FUNC WEAK DEFAULT 2 _pthread_mutex[...]
462: 000000000040c814 43 FUNC GLOBAL HIDDEN 2 __GI_brk
463: 000000000040abe0 38 FUNC WEAK HIDDEN 2 __GI_nanosleep
464: 00000000004083c0 10 FUNC GLOBAL HIDDEN 2 __GI_strtok
465: 0000000000511d60 4 OBJECT GLOBAL DEFAULT 10 HeliosCommSock
466: 00000000005118c8 8 OBJECT GLOBAL DEFAULT 9 _stdio_openlist
467: 00000000004062a8 85 FUNC GLOBAL HIDDEN 2 __GI_sigprocmask
468: 00000000004084cc 28 FUNC GLOBAL DEFAULT 2 inet_addr
469: 000000000040846d 5 FUNC GLOBAL DEFAULT 2 ntohl
470: 000000000040c86c 5 FUNC GLOBAL HIDDEN 2 __GI_fseek
471: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __deregister_fra[...]
472: 0000000000518098 4 OBJECT GLOBAL DEFAULT 10 ourIP
473: 0000000000405ed0 38 FUNC GLOBAL DEFAULT 2 chdir
474: 000000000040c86c 5 FUNC GLOBAL DEFAULT 2 fseeko
475: 0000000000515da4 4 OBJECT GLOBAL DEFAULT 10 stdio_openlist[...]
476: 000000000040196a 572 FUNC GLOBAL DEFAULT 2 connectTimeout
477: 000000000040c7e8 18 FUNC GLOBAL HIDDEN 2 __raise
478: 00000000004089a8 53 FUNC GLOBAL DEFAULT 2 setsockopt
479: 0000000000408a48 168 FUNC GLOBAL DEFAULT 2 bsd_signal
480: 000000000040c86c 5 FUNC GLOBAL DEFAULT 2 fseek
481: 000000000040ab8c 42 FUNC GLOBAL DEFAULT 2 mremap
482: 0000000000406134 44 FUNC GLOBAL HIDDEN 2 __GI_kill
483: 000000000040cab8 33 FUNC GLOBAL HIDDEN 2 __GI_strcmp
484: 000000000040b95c 734 FUNC GLOBAL HIDDEN 2 __GI_memmove
485: 0000000000403654 400 FUNC GLOBAL DEFAULT 2 sendSTD
486: 0000000000409cec 98 FUNC GLOBAL DEFAULT 2 setstate
487: 000000000040da04 246 FUNC GLOBAL HIDDEN 2 __decode_dotted
488: 000000000040c950 58 FUNC GLOBAL HIDDEN 2 __stdio_READ
489: 000000000040b86c 240 FUNC WEAK DEFAULT 2 memchr
490: 0000000000406370 30 FUNC GLOBAL HIDDEN 2 __GI_toupper
491: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __pthread_initia[...]
492: 0000000000408930 11 FUNC WEAK HIDDEN 2 __GI_recv
493: 0000000000511720 88 OBJECT GLOBAL DEFAULT 9 tmpdirs
494: 00000000005118b8 8 OBJECT GLOBAL DEFAULT 9 __stdin
495: 00000000005118a0 8 OBJECT GLOBAL DEFAULT 9 stdin
496: 00000000004083cc 25 FUNC GLOBAL HIDDEN 2 __GI_isatty
497: 0000000000408378 70 FUNC GLOBAL DEFAULT 2 strcasestr
498: 0000000000400194 42 FUNC GLOBAL DEFAULT 2 _start
499: 00000000004081a8 187 FUNC GLOBAL DEFAULT 2 strstr
500: 00000000004060cc 104 FUNC GLOBAL HIDDEN 2 __GI_ioctl
501: 00000000004001c0 125 FUNC GLOBAL DEFAULT 2 init_rand
502: 0000000000409c98 11 FUNC GLOBAL DEFAULT 2 rand
503: 0000000000408a48 168 FUNC GLOBAL DEFAULT 2 signal
504: 000000000040622c 39 FUNC WEAK DEFAULT 2 read
505: 000000000040d3a8 161 FUNC GLOBAL HIDDEN 2 __decode_header
506: 000000000040ac84 6 FUNC WEAK HIDDEN 2 __GI___h_errno_l[...]
507: 0000000000407b90 102 FUNC GLOBAL HIDDEN 2 __GI_memcpy
508: 000000000040cab8 33 FUNC GLOBAL DEFAULT 2 strcoll
509: 000000000040acd0 15 FUNC GLOBAL DEFAULT 2 wcsrtombs
510: 0000000000511948 4 OBJECT GLOBAL DEFAULT 9 _stdio_user_locking
511: 0000000000408054 131 FUNC GLOBAL DEFAULT 2 strncpy
512: 0000000000408348 48 FUNC GLOBAL DEFAULT 2 strcasecmp
513: 0000000000408460 5 FUNC GLOBAL DEFAULT 2 htonl
514: 0000000000408978 48 FUNC WEAK DEFAULT 2 sendto
515: 0000000000511890 8 OBJECT GLOBAL DEFAULT 9 __C_ctype_toupper
516: 000000000040288b 3529 FUNC GLOBAL DEFAULT 2 StartTheLelz
517: 0000000000511880 8 OBJECT GLOBAL HIDDEN 9 __GI___C_ctype_b
518: 0000000000409414 857 FUNC GLOBAL DEFAULT 2 realloc
519: 0000000000408520 897 FUNC GLOBAL HIDDEN 2 __GI_gethostbyname_r
520: 0000000000408054 131 FUNC GLOBAL HIDDEN 2 __GI_strncpy
521: 000000000040896c 11 FUNC GLOBAL DEFAULT 2 __libc_send
522: 0000000000408274 194 FUNC GLOBAL HIDDEN 2 __GI___xpg_strerror_r
523: 0000000000511708 4 OBJECT GLOBAL DEFAULT 9 currentServer
524: 0000000000511c90 8 OBJECT GLOBAL HIDDEN 9 __GI___C_ctype_t[...]
525: 000000000040893c 45 FUNC WEAK HIDDEN 2 __GI_recvfrom
526: 00000000004060a4 40 FUNC GLOBAL HIDDEN 2 __GI_getrlimit
527: 0000000000408338 14 FUNC GLOBAL DEFAULT 2 bcopy
528: 0000000000407e90 213 FUNC GLOBAL HIDDEN 2 __GI_strcpy
529: 000000000040d0f4 527 FUNC GLOBAL HIDDEN 2 __GI_inet_ntop
530: 00000000004083c0 10 FUNC GLOBAL DEFAULT 2 strtok
531: 000000000040c98c 133 FUNC GLOBAL HIDDEN 2 __stdio_adjust_p[...]
532: 0000000000409b67 28 FUNC GLOBAL DEFAULT 2 malloc_trim
533: 000000000040c840 41 FUNC WEAK HIDDEN 2 __GI_poll
534: 0000000000406a18 1595 FUNC GLOBAL HIDDEN 2 _vfprintf_internal
535: 0000000000408378 70 FUNC GLOBAL HIDDEN 2 __GI_strcasestr
536: 0000000000405f50 38 FUNC WEAK DEFAULT 2 fork
537: 000000000040ca14 37 FUNC GLOBAL HIDDEN 2 __stdio_rfill
538: 000000000040ccb8 119 FUNC GLOBAL DEFAULT 2 strncat
539: 0000000000511d64 4 OBJECT GLOBAL DEFAULT 10 gotIP
540: 000000000040a370 415 FUNC GLOBAL HIDDEN 2 __GI_sleep
541: 000000000040a959 247 FUNC WEAK DEFAULT 2 sigaction
542: 00000000004084e8 53 FUNC GLOBAL HIDDEN 2 __GI_gethostbyname
543: 0000000000518860 8 OBJECT GLOBAL DEFAULT 10 _dl_phdr
544: 000000000040b724 222 FUNC GLOBAL HIDDEN 2 __GI_getc_unlocked
545: 000000000040a723 67 FUNC GLOBAL DEFAULT 2 __uClibc_init
546: 000000000040abb8 38 FUNC GLOBAL HIDDEN 2 __GI_munmap
547: 000000000040aff0 46 FUNC GLOBAL HIDDEN 2 _store_inttype
548: 000000000040dafc 59 FUNC GLOBAL HIDDEN 2 __length_dotted
549: 0000000000406068 19 FUNC GLOBAL DEFAULT 2 __getpagesize
550: 0000000000409ca4 72 FUNC GLOBAL HIDDEN 2 __GI_random
551: 000000000040ab8c 42 FUNC GLOBAL HIDDEN 2 __GI_mremap
552: 000000000040aa50 22 FUNC GLOBAL HIDDEN 2 __syscall_error
553: 0000000000511c88 8 OBJECT GLOBAL HIDDEN 9 __uclibc_progname
554: 000000000040aaec 38 FUNC GLOBAL HIDDEN 2 __GI_getegid
555: 000000000040ac54 47 FUNC GLOBAL HIDDEN 2 __GI_wait4
556: 0000000000511ae0 40 OBJECT GLOBAL DEFAULT 9 __malloc_lock
557: 000000000040a766 489 FUNC GLOBAL DEFAULT 2 __uClibc_main
558: 000000000040ac08 74 FUNC GLOBAL DEFAULT 2 sbrk
559: 0000000000518030 8 OBJECT GLOBAL HIDDEN 10 __rtld_fini
560: 0000000000405f50 38 FUNC WEAK HIDDEN 2 __GI_fork
561: 000000000040cd30 54 FUNC WEAK DEFAULT 2 strdup
562: 0000000000405ef8 41 FUNC GLOBAL DEFAULT 2 __libc_close
563: 000000000040607c 38 FUNC WEAK HIDDEN 2 __GI_getpid
564: 000000000040bd8c 137 FUNC GLOBAL DEFAULT 2 inet_aton
565: 0000000000511520 296 OBJECT GLOBAL DEFAULT 9 UserAgents
566: 0000000000407ce0 417 FUNC GLOBAL DEFAULT 2 index
567: 000000000040a6ed 1 FUNC WEAK DEFAULT 2 _pthread_cleanup[...]
568: 00000000004044ba 3253 FUNC GLOBAL DEFAULT 2 processCmd
569: 0000000000408af0 32 FUNC GLOBAL DEFAULT 2 __sigismember
570: 000000000040649c 10 FUNC GLOBAL DEFAULT 2 fopen
571: 0000000000511ce8 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
572: 0000000000406160 106 FUNC GLOBAL DEFAULT 2 __libc_open
573: 0000000000405299 484 FUNC GLOBAL DEFAULT 2 getOurIP
574: 0000000000401653 32 FUNC GLOBAL DEFAULT 2 get_telstate_host
575: 0000000000407c00 210 FUNC GLOBAL DEFAULT 2 memset
576: 00000000004089e0 47 FUNC GLOBAL HIDDEN 2 __GI_socket
577: 0000000000400c2c 432 FUNC GLOBAL DEFAULT 2 Heliosprintf
578: 0000000000405488 2461 FUNC GLOBAL DEFAULT 2 main
579: 000000000040d914 45 FUNC GLOBAL HIDDEN 2 __GI___libc_lseek
580: 0000000000408264 14 FUNC GLOBAL DEFAULT 2 __glibc_strerror_r
581: 000000000051809c 4 OBJECT GLOBAL DEFAULT 10 ourPublicIP
582: 0000000000401ba6 201 FUNC GLOBAL DEFAULT 2 listFork
583: 0000000000410fe0 768 OBJECT GLOBAL HIDDEN 4 __GI___C_ctype_t[...]
584: 000000000040ae00 259 FUNC GLOBAL HIDDEN 2 __stdio_fwrite
585: 0000000000401c6f 286 FUNC GLOBAL DEFAULT 2 negotiate
586: 0000000000409dbc 72 FUNC GLOBAL DEFAULT 2 srand
587: 0000000000409d4e 110 FUNC GLOBAL DEFAULT 2 initstate
588: 0000000000406398 259 FUNC GLOBAL DEFAULT 2 fclose
589: 0000000000408465 8 FUNC GLOBAL DEFAULT 2 ntohs
590: 0000000000403992 1302 FUNC GLOBAL DEFAULT 2 sendUDP
591: 00000000004084c1 10 FUNC GLOBAL DEFAULT 2 inet_ntoa
592: 00000000004083e8 110 FUNC GLOBAL DEFAULT 2 tcgetattr
593: 0000000000410fe0 768 OBJECT GLOBAL DEFAULT 4 __C_ctype_tolowe[...]
594: 000000000040893c 45 FUNC GLOBAL DEFAULT 2 __libc_recvfrom
595: 0000000000406300 39 FUNC GLOBAL DEFAULT 2 time
596: 0000000000409b84 276 FUNC GLOBAL HIDDEN 2 __GI_abort
597: 000000000040c840 41 FUNC WEAK DEFAULT 2 poll
598: 0000000000400ddc 476 FUNC GLOBAL DEFAULT 2 fdpopen
599: 000000000040c7b8 48 FUNC GLOBAL HIDDEN 2 __get_hosts_byname_r
600: 000000000040689b 15 FUNC GLOBAL HIDDEN 2 __stdio_init_mutex
601: 0000000000405ea4 42 FUNC GLOBAL HIDDEN 2 __GI__exit
602: 000000000040cab8 33 FUNC GLOBAL DEFAULT 2 strcmp
603: 0000000000511820 88 OBJECT GLOBAL DEFAULT 9 advances2
604: 0000000000518840 24 OBJECT GLOBAL HIDDEN 10 __nameserver
605: 0000000000511510 0 NOTYPE WEAK DEFAULT 9 data_start
606: 000000000040a510 351 FUNC GLOBAL HIDDEN 2 __GI_sysconf
607: 0000000000511650 8 OBJECT GLOBAL DEFAULT 9 infect
608: 000000000040ac84 6 FUNC WEAK DEFAULT 2 __h_errno_location
609: 0000000000401d8d 345 FUNC GLOBAL DEFAULT 2 matchPrompt
610: 0000000000405f78 203 FUNC GLOBAL DEFAULT 2 getcwd
611: 000000000040f880 768 OBJECT GLOBAL DEFAULT 4 __C_ctype_b_data
612: 000000000040cdef 493 FUNC GLOBAL HIDDEN 2 __GI_inet_pton
613: 00000000004084e8 53 FUNC GLOBAL DEFAULT 2 gethostbyname
614: 0000000000406608 551 FUNC GLOBAL HIDDEN 2 _stdio_fopen
615: 00000000004017ee 83 FUNC GLOBAL DEFAULT 2 advance_state
616: 000000000040db78 5 FUNC GLOBAL DEFAULT 3 _fini
617: 0000000000405ed0 38 FUNC GLOBAL HIDDEN 2 __GI_chdir
618: 0000000000405e28 21 FUNC GLOBAL HIDDEN 2 __vfork
619: 000000000040aa68 48 FUNC GLOBAL HIDDEN 2 __GI_mmap
620: 0000000000401865 33 FUNC GLOBAL DEFAULT 2 contains_success
621: 00000000004064a8 149 FUNC GLOBAL DEFAULT 2 sprintf
622: 0000000000401128 128 FUNC GLOBAL DEFAULT 2 fdgets
623: 0000000000408274 194 FUNC WEAK DEFAULT 2 strerror_r
624: 0000000000406254 44 FUNC WEAK HIDDEN 2 __GI_select
625: 0000000000406328 7 FUNC GLOBAL DEFAULT 2 __libc_waitpid
626: 00000000004027b3 216 FUNC GLOBAL DEFAULT 2 socket_connect
627: 0000000000406328 7 FUNC WEAK HIDDEN 2 __GI_waitpid
628: 00000000004068aa 135 FUNC GLOBAL HIDDEN 2 _stdio_term
629: 000000000040d4b0 242 FUNC GLOBAL HIDDEN 2 __decode_answer
630: 0000000000408a48 168 FUNC GLOBAL HIDDEN 2 __GI_signal
631: 00000000005118b0 8 OBJECT GLOBAL DEFAULT 9 stderr
632: 00000000005117c0 64 OBJECT GLOBAL DEFAULT 9 fails
633: 0000000000405e28 21 FUNC WEAK DEFAULT 2 vfork
634: 0000000000511880 8 OBJECT GLOBAL DEFAULT 9 __C_ctype_b
635: 0000000000409dbc 72 FUNC GLOBAL DEFAULT 2 srandom
636: 000000000040710c 457 FUNC GLOBAL HIDDEN 2 _ppfs_setargs
637: 0000000000408978 48 FUNC WEAK HIDDEN 2 __GI_sendto
638: 0000000000408a34 20 FUNC GLOBAL HIDDEN 2 __GI_sigemptyset
639: 0000000000405f50 38 FUNC GLOBAL DEFAULT 2 __libc_fork
640: 0000000000511c60 40 OBJECT GLOBAL DEFAULT 9 __atexit_lock
641: 00000000005180a0 4 OBJECT GLOBAL DEFAULT 10 scanPid
642: 000000000040023d 179 FUNC GLOBAL DEFAULT 2 rand_cmwc
643: 000000000040d914 45 FUNC GLOBAL DEFAULT 2 __libc_lseek
644: 0000000000511780 40 OBJECT GLOBAL DEFAULT 9 advances
645: 0000000000405e40 100 FUNC GLOBAL DEFAULT 2 __libc_fcntl64
646: 00000000004088fc 50 FUNC GLOBAL DEFAULT 2 getsockopt
647: 000000000040c874 218 FUNC GLOBAL HIDDEN 2 __GI_fseeko64
648: 0000000000407904 329 FUNC GLOBAL DEFAULT 2 fflush_unlocked
649: 0000000000406934 39 FUNC GLOBAL HIDDEN 2 __stdio_wcommit
650: 00000000004018e2 136 FUNC GLOBAL DEFAULT 2 contains_string
651: 000000000040b724 222 FUNC GLOBAL HIDDEN 2 __GI___fgetc_unlocked
652: 0000000000518858 4 OBJECT GLOBAL HIDDEN 10 __nameservers
653: 0000000000407afc 134 FUNC GLOBAL DEFAULT 2 fwrite_unlocked
654: 0000000000408474 77 FUNC GLOBAL DEFAULT 2 inet_ntoa_r
655: 0000000000518020 8 OBJECT GLOBAL DEFAULT 10 __pagesize
656: 00000000005118e0 40 OBJECT GLOBAL DEFAULT 9 stdio_openlist[...]
657: 0000000000406044 35 FUNC GLOBAL HIDDEN 2 __GI_getdtablesize
658: 00000000004018a7 59 FUNC GLOBAL DEFAULT 2 contains_response
659: 0000000000511ce8 0 NOTYPE GLOBAL DEFAULT ABS _edata
660: 00000000005118c0 8 OBJECT GLOBAL DEFAULT 9 __stdout
661: 000000000040bc3c 237 FUNC GLOBAL HIDDEN 2 __GI_memrchr
662: 0000000000407904 329 FUNC GLOBAL HIDDEN 2 __GI_fflush_unlocked
663: 00000000004081a8 187 FUNC GLOBAL HIDDEN 2 __GI_strstr
664: 000000000051885c 4 OBJECT GLOBAL HIDDEN 10 __searchdomains
665: 0000000000518870 0 NOTYPE GLOBAL DEFAULT ABS _end
666: 0000000000408458 8 FUNC GLOBAL DEFAULT 2 htons
667: 00000000005180c0 128 OBJECT GLOBAL HIDDEN 10 _sigintr
668: 00000000004070c8 67 FUNC GLOBAL HIDDEN 2 _ppfs_prepargs
669: 000000000040cb70 135 FUNC GLOBAL HIDDEN 2 __GI_strspn
670: 000000000040b724 222 FUNC GLOBAL DEFAULT 2 fgetc_unlocked
671: 0000000000409faf 185 FUNC GLOBAL DEFAULT 2 initstate_r
672: 00000000004088a4 43 FUNC WEAK HIDDEN 2 __GI_connect
673: 0000000000518090 8 OBJECT GLOBAL HIDDEN 10 __curbrk
674: 000000000040c840 41 FUNC GLOBAL DEFAULT 2 __libc_poll
675: 0000000000518868 8 OBJECT GLOBAL DEFAULT 10 _dl_phnum
676: 000000000040b0dc 1608 FUNC GLOBAL HIDDEN 2 _fpmaxtostr
677: 0000000000406390 6 FUNC WEAK DEFAULT 2 __errno_location
678: 0000000000401371 59 FUNC GLOBAL DEFAULT 2 uppercase
679: 000000000040a088 362 FUNC GLOBAL HIDDEN 2 _stdlib_strto_l
680: 0000000000406160 106 FUNC GLOBAL HIDDEN 2 __GI___libc_open
681: 000000000040a1f4 92 FUNC GLOBAL DEFAULT 2 exit
682: 000000000040ad6c 147 FUNC GLOBAL HIDDEN 2 __stdio_WRITE
683: 0000000000406830 107 FUNC GLOBAL HIDDEN 2 _stdio_init
684: 000000000040ab14 38 FUNC GLOBAL HIDDEN 2 __GI_geteuid
685: 000000000040d0f4 527 FUNC GLOBAL DEFAULT 2 inet_ntop
686: 000000000040c814 43 FUNC GLOBAL DEFAULT 2 brk
687: 000000000040fb80 768 OBJECT GLOBAL DEFAULT 4 __C_ctype_touppe[...]
688: 0000000000405f78 203 FUNC GLOBAL HIDDEN 2 __GI_getcwd
689: 000000000040c7fc 23 FUNC GLOBAL DEFAULT 2 _dl_aux_init
690: 000000000051803c 4 OBJECT WEAK DEFAULT 10 _errno
691: 000000000040a068 18 FUNC GLOBAL DEFAULT 2 atoi
692: 0000000000511800 32 OBJECT GLOBAL DEFAULT 9 successes
693: 0000000000511920 40 OBJECT GLOBAL DEFAULT 9 stdio_openlist[...]
694: 000000000040bd8c 137 FUNC GLOBAL HIDDEN 2 __GI_inet_aton
695: 0000000000407a50 116 FUNC GLOBAL DEFAULT 2 fgets_unlocked
696: 0000000000405ea4 42 FUNC GLOBAL DEFAULT 2 _exit
697: 0000000000400b47 229 FUNC GLOBAL DEFAULT 2 szprintf
698: 000000000040d914 45 FUNC WEAK HIDDEN 2 __GI_lseek
699: 000000000040cb70 135 FUNC GLOBAL DEFAULT 2 strspn
700: 000000000040a07c 10 FUNC GLOBAL HIDDEN 2 __GI_strtoll
701: 0000000000408930 11 FUNC GLOBAL DEFAULT 2 __libc_recv
702: 00000000004061ca 14 FUNC GLOBAL DEFAULT 2 __libc_creat
703: 0000000000407f70 225 FUNC GLOBAL DEFAULT 2 strlen
704: 000000000040d90c 5 FUNC WEAK DEFAULT 2 lseek64
705: 0000000000406160 106 FUNC WEAK DEFAULT 2 open
706: 0000000000406370 30 FUNC GLOBAL DEFAULT 2 toupper
707: 0000000000406330 42 FUNC GLOBAL DEFAULT 2 __libc_write
708: 0000000000409809 410 FUNC GLOBAL HIDDEN 2 __malloc_consolidate
709: 0000000000407306 1022 FUNC GLOBAL HIDDEN 2 _ppfs_parsespec
710: 000000000040a07c 10 FUNC GLOBAL HIDDEN 2 __GI_strtol
711: 000000000040ab64 38 FUNC GLOBAL HIDDEN 2 __GI_getuid
712: 000000000040bd2c 94 FUNC GLOBAL HIDDEN 2 __GI_strtok_r
713: 000000000051803c 4 OBJECT GLOBAL HIDDEN 10 __GI_errno
714: 0000000000408978 48 FUNC GLOBAL DEFAULT 2 __libc_sendto
715: 000000000040af04 148 FUNC GLOBAL HIDDEN 2 __stdio_trans2w_o
716: 0000000000405e28 21 FUNC WEAK HIDDEN 2 __GI_vfork
717: 0000000000407ce0 417 FUNC GLOBAL DEFAULT 2 strchr
718: 000000000040cbf8 190 FUNC GLOBAL HIDDEN 2 __GI_rawmemchr
719: 00000000004077c8 97 FUNC GLOBAL DEFAULT 2 fputs
720: 000000000040c7e8 18 FUNC WEAK HIDDEN 2 __GI_raise
721: 0000000000511510 0 NOTYPE GLOBAL DEFAULT 9 __data_start
722: 0000000000406280 38 FUNC GLOBAL DEFAULT 2 setsid
723: 00000000004084cc 28 FUNC GLOBAL HIDDEN 2 __GI_inet_addr
724: 000000000040d964 160 FUNC GLOBAL HIDDEN 2 __encode_dotted
725: 00000000004080d8 206 FUNC GLOBAL HIDDEN 2 __GI_strnlen
726: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
727: 0000000000511d70 6 OBJECT GLOBAL DEFAULT 10 macAddress
728: 0000000000406390 6 FUNC WEAK HIDDEN 2 __GI___errno_location
729: 0000000000401ee6 586 FUNC GLOBAL DEFAULT 2 readUntil
730: 0000000000405e40 100 FUNC WEAK DEFAULT 2 fcntl
731: 00000000004016e9 261 FUNC GLOBAL DEFAULT 2 read_with_timeout
732: 000000000040a068 18 FUNC GLOBAL HIDDEN 2 __GI_atoi
733: 000000000040c874 218 FUNC GLOBAL DEFAULT 2 fseeko64
734: 00000000004064a8 149 FUNC GLOBAL HIDDEN 2 __GI_sprintf
735: 0000000000511c98 8 OBJECT GLOBAL DEFAULT 9 __ctype_tolower
736: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __register_frame_info
737: 000000000040ac8c 68 FUNC GLOBAL DEFAULT 2 wcrtomb
738: 00000000004088d0 41 FUNC GLOBAL HIDDEN 2 __GI_getsockname
739: 0000000000405ef8 41 FUNC WEAK DEFAULT 2 close
740: 00000000004088a4 43 FUNC GLOBAL DEFAULT 2 __libc_connect
741: 00000000005116c0 72 OBJECT GLOBAL DEFAULT 9 passwords
742: 0000000000407f70 225 FUNC GLOBAL HIDDEN 2 __GI_strlen
743: 00000000005180a8 8 OBJECT GLOBAL DEFAULT 10 pids
744: 000000000040cae0 140 FUNC GLOBAL DEFAULT 2 strpbrk
745: 000000000040af98 85 FUNC GLOBAL HIDDEN 2 _load_inttype
746: 000000000040c7e8 18 FUNC GLOBAL DEFAULT 2 raise
747: 00000000004099a3 452 FUNC GLOBAL DEFAULT 2 free
748: 00000000004062a8 85 FUNC GLOBAL DEFAULT 2 sigprocmask
749: 00000000004088d0 41 FUNC GLOBAL DEFAULT 2 getsockname

No version information found in this file.

williballenthin · 2023-03-26T09:11:59Z

because the ELF file format doesn't have a dedicated field to indicate the targetted OS, capa uses a number of heuristics to guess at the OS. these don't seem to be sufficient for neither the packed nor unpacked image.

the packed image is somewhat broken and there are no good artifacts present. since capa expects to be run against unpacked binaries, im not sure that we'll be able to do anything here.

fortunately you can unpack the sample easily: upx -d 0a1a8ca1ce27a04bf9618fe0f6bc94e6 -o unpacked.bin.

the unpacked image also doesn't match any of the existing heuristics; however, there's a potential new hint: .symtab entries for libc resources related to linux:

    15: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS libc/sysdeps/linux/x86_64/crti.S
    33: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS libc/sysdeps/linux/x86_64/crtn.S
    34: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS libc/sysdeps/linux/x86_64/crt1.S
    48: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS libc/sysdeps/linux/x86_64/vfork.S

we should update our OS detection (here: https://github.com/mandiant/capa/blob/master/capa/features/extractors/elf.py) to use these entries to identify the underlying OS as linux.

williballenthin · 2023-03-26T09:18:58Z

even when the OS is specified manually, we don't get many results. we should spend some time writing rules that match the interesting behavior for this ELF/Linux sample:

capa tests/data/72f1b91327ffda4cf18a2bf64913b673d39ebbff8cbe50c9cd354b1dcd312bcc --os linux
matching: 100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 297/297 [00:04<00:00, 63.43 functions/s, skipped 0 library functions]
+------------------------+------------------------------------------------------------------------------------+
| md5                    | 2bf18d0403677378adad9001b1243211                                                   |
| sha1                   | 21693bf5c29c5dbc973047e0c1607ebdd000de9b                                           |
| sha256                 | 72f1b91327ffda4cf18a2bf64913b673d39ebbff8cbe50c9cd354b1dcd312bcc                   |
| os                     | linux                                                                              |
| format                 | elf                                                                                |
| arch                   | amd64                                                                              |
| path                   | tests/data/72f1b91327ffda4cf18a2bf64913b673d39ebbff8cbe50c9cd354b1dcd312bcc        |
+------------------------+------------------------------------------------------------------------------------+



+------------------------------------------------------+------------------------------------------------------+
| CAPABILITY                                           | NAMESPACE                                            |
|------------------------------------------------------+------------------------------------------------------|
| reference Google Public DNS server                   | communication/dns                                    |
+------------------------------------------------------+------------------------------------------------------+

mr-tz · 2023-04-03T13:02:36Z

Thanks for the issue. We've tweaked the OS detection will track rule additions for this in mandiant/capa-rules#736.

williballenthin mentioned this issue Mar 26, 2023

detect ELF OS via libc sysdeps .symtab entries #1403

Closed

williballenthin mentioned this issue Mar 26, 2023

rules for ELF/Linux sample mandiant/capa-rules#736

Open

This was referenced Apr 2, 2023

ELF OS detection: add support for guessing that's based on .symtab entries #1422

Merged

Add sample to test ELF symbol table OS detection mandiant/capa-testfiles#170

Merged

mr-tz closed this as completed Apr 3, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

False error report for IoT Malware #1402

False error report for IoT Malware #1402

lion10 commented Mar 25, 2023

williballenthin commented Mar 26, 2023

williballenthin commented Mar 26, 2023

williballenthin commented Mar 26, 2023

williballenthin commented Mar 26, 2023

mr-tz commented Apr 3, 2023

False error report for IoT Malware #1402

False error report for IoT Malware #1402

Comments

lion10 commented Mar 25, 2023

Description

Steps to Reproduce

Versions

Additional Information

williballenthin commented Mar 26, 2023

williballenthin commented Mar 26, 2023

williballenthin commented Mar 26, 2023

williballenthin commented Mar 26, 2023

mr-tz commented Apr 3, 2023