Master the fundamental concepts of binary formats through this focused micro-challenge.
The .text section contains the executable machine code of a program. It is read-only and mapped into memory with execute permissions. Every instruction your CPU runs from the binary lives here.
To extract it manually:
e_shoff.text using the .shstrtab string tablesh_offset and sh_size from its section headersh_offset in the fileA standard hex dump shows 16 bytes per line. For example, the classic x86-64 prologue appears as:
cLoading…
Those bytes decode to push rbp; mov rbp, rsp; sub rsp, 0x10.
You will find the .text section by name and print a formatted hex dump. Disassemblers start with these raw bytes and decode instructions, and malware analysts often need to extract shellcode from .text when packers encrypt or compress it.
The first bytes of .text often reveal compiler and optimization choices. An unoptimized build shows a full prologue; -O2 may omit the frame pointer. Security analysts compare .text hashes before and after an update to detect unauthorized code injection. Packers may encrypt .text at rest and decrypt it at runtime, which is why extracting this section is a common unpacker first step.
Implement a .text section extractor in C.
Requirements:
Test:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github