Some time ago I wrote ZwoELF, an ELF parsing and manipulation library for Python, to learn about the ELF format. I used it for the hack.lu 2013 CTF challenge ELF to manipulate the binary file after it was compiled and linked. While writing ZwoELF I soon realized that almost every analysis tool rely on the sections of the ELF binary (like IDA, readelf and even strings). The problem with this is, the sections are optional and are not needed to execute the binary file. This means the sections can be missing or even be totally misleading. So I wrote ZwoELF with the intention to ignore the sections of an ELF binary and still try to get the same results (the example script "readElf.py" gets the same information that "readelf" of the "elfutils" packet gets but without using the sections).
read more.......http://h4des.org/blog/index.php?/archives/343-Restoring-external-symbol-calls-in-IDA-when-ELF-sections-are-deleted.html
read more.......http://h4des.org/blog/index.php?/archives/343-Restoring-external-symbol-calls-in-IDA-when-ELF-sections-are-deleted.html