undefined reference to `main'

[dbwodlf3]

When use memcpy for change code in main and it recompile(after lifting), linker error cccurs. No problem till lifting binary to bc.

(.text+0x20): undefined reference to `main'

https://gist.github.com/dbwodlf3/328831dda00f341cafb9107ca8da513b/#file-test-c-L15

[kumarak]

IDA may not be able to identify the entrypoint main. It could be merged into the previous function or recovered with a different name (_main). Could you check your IDA logs?

[dbwodlf3]

yes. you are right. Do you know what is function, what is not function in mcsema and why don't lift that?

now i am seeing get_cfg.py and there, mcsema is rocovering function. only. i think define what is function is IDA PRO. but, i don't know what are specifications of function in ida pro.

test.log

400590 is not a function! Not recovering.

but,

readelf -s main.out

64: 0000000000400590   191 FUNC    GLOBAL DEFAULT   13 main

objdump -d test.out
0000000000400590 <main>:
  400590:       55                      push   %rbp
  400591:       48 89 e5                mov    %rsp,%rbp
  400594:       48 83 ec 20             sub    $0x20,%rsp
  400598:       48 b8 90 05 40 00 00    movabs $0x400590,%rax
  40059f:       00 00 00 
  4005a2:       c7 45 fc 00 00 00 00    movl   $0x0,-0x4(%rbp)
  4005a9:       48 89 c7                mov    %rax,%rdi
  4005ac:       e8 9f 00 00 00          callq  400650 <smcInit>
  4005b1:       48 8d 45 f2             lea    -0xe(%rbp),%rax
  4005b5:       8b 0c 25 94 07 40 00    mov    0x400794,%ecx
  4005bc:       89 4d f7                mov    %ecx,-0x9(%rbp)
  4005bf:       8a 14 25 98 07 40 00    mov    0x400798,%dl
  4005c6:       88 55 fb                mov    %dl,-0x5(%rbp)
  4005c9:       8b 0c 25 99 07 40 00    mov    0x400799,%ecx
  4005d0:       89 4d f2                mov    %ecx,-0xe(%rbp)
  4005d3:       8a 14 25 9d 07 40 00    mov    0x40079d,%dl
  4005da:       88 55 f6                mov    %dl,-0xa(%rbp)
  4005dd:       8a 50 04                mov    0x4(%rax),%dl
  4005e0:       88 15 0c 00 00 00       mov    %dl,0xc(%rip)        # 4005f2 <_branch+0x4>
  4005e6:       8b 08                   mov    (%rax),%ecx
  4005e8:       89 0d 00 00 00 00       mov    %ecx,0x0(%rip)        # 4005ee <_branch>

00000000004005ee <_branch>:
  4005ee:       e9 43 00 00 00          jmpq   400636 <_end>

00000000004005f3 <_deadblock>:
  4005f3:       90                      nop
  4005f4:       90                      nop
  4005f5:       90                      nop
  4005f6:       90                      nop
  4005f7:       90                      nop
  4005f8:       48 bf 9e 07 40 00 00    movabs $0x40079e,%rdi
  4005ff:       00 00 00 
  400602:       b0 00                   mov    $0x0,%al
  400604:       e8 67 fe ff ff          callq  400470 <printf@plt>
  400609:       48 bf b3 07 40 00 00    movabs $0x4007b3,%rdi
  400610:       00 00 00 
  400613:       89 45 ec                mov    %eax,-0x14(%rbp)
  400616:       b0 00                   mov    $0x0,%al
  400618:       e8 53 fe ff ff          callq  400470 <printf@plt>
  40061d:       48 bf e2 07 40 00 00    movabs $0x4007e2,%rdi
  400624:       00 00 00 
  400627:       89 45 e8                mov    %eax,-0x18(%rbp)
  40062a:       b0 00                   mov    $0x0,%al
  40062c:       e8 3f fe ff ff          callq  400470 <printf@plt>
  400631:       e9 11 00 00 00          jmpq   400647 <_return>

0000000000400636 <_end>:
  400636:       48 bf f4 07 40 00 00    movabs $0x4007f4,%rdi
  40063d:       00 00 00 
  400640:       b0 00                   mov    $0x0,%al
  400642:       e8 29 fe ff ff          callq  400470 <printf@plt>

0000000000400647 <_return>:
  400647:       31 c0                   xor    %eax,%eax
  400649:       48 83 c4 20             add    $0x20,%rsp
  40064d:       5d                      pop    %rbp
  40064e:       c3                      retq   
  40064f:       90                      nop