Timeline for Understanding what a Linux binary is doing
Current License: CC BY-SA 4.0
72 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 3, 2019 at 9:54 | comment | added | Rui F Ribeiro | @JeffSchaller Thanks, it seems the question was deleted. | |
| Nov 2, 2019 at 17:52 | comment | added | Jeff Schaller♦ | @Rui, it came to my attention that the link to the SO was broken; I commented it out, as I couldn't find any suitable replacement | |
| Nov 2, 2019 at 17:51 | history | edited | Jeff Schaller♦ | CC BY-SA 4.0 |
removed broken SO link
|
| Aug 16, 2018 at 6:13 | comment | added | Choxx | @RuiFRibeiroThat's really cool. However, I didn't get much from your answer might be cos of the deep technical details shared in it but I find the ebook really interesting. Thanks | |
| Aug 15, 2018 at 20:03 | comment | added | Rui F Ribeiro | @Choxx See also this answer of mine unix.stackexchange.com/questions/413697/… | |
| Aug 15, 2018 at 19:57 | comment | added | Rui F Ribeiro | @Choxx Sure, free book, the author is giving it for free. A bit outdated, but superb. leanpub.com/anti-reverse-engineering-linux | |
| Aug 15, 2018 at 19:52 | comment | added | Choxx | @RuiFRibeiro I got a lot of details from your answer to gather a lot of information for reverse engineering(typically) of a binary. But can you share any link where I can find the best ways to protect Linux binary for anti-reverse engineering? | |
| S Aug 15, 2018 at 19:43 | history | suggested | Choxx | CC BY-SA 4.0 |
renamed file name in command "objdump -T"
|
| Aug 15, 2018 at 19:41 | review | Suggested edits | |||
| S Aug 15, 2018 at 19:43 | |||||
| Feb 3, 2018 at 14:22 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 21 characters in body
|
| Feb 2, 2018 at 23:45 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
deleted 56 characters in body
|
| Jan 29, 2018 at 2:34 | comment | added | Pryftan | @RuiFRibeiro Thank you, that means a great deal to me. I have fond memories playing with the PC speaker in assembly; that and graphics. Good fun that I would probably do if i had an old box lying around. Anyway thanks for the sympathy and glad I could contribute to your answer some! | |
| Jan 28, 2018 at 18:13 | comment | added | Rui F Ribeiro | @Pryftan Thanks for the comments and my feelings for your dog. I have done many truly marvellous things with Intel assembly back in the DOS days. | |
| Jan 28, 2018 at 1:59 | comment | added | Pryftan | @RuiFRibeiro Oh and +1 for a detailed analysis (I also bookmarked it to look at more later) that is your answer. It didn't even occur to me that I hadn't or that I should - I had to put one of my beloved dogs down some hours ago and I've been unable to do much of anything since then. But your answer deserves to be rated well so there you have it. I should also point out that the thing I cited for ldd is from the manpage rather than something I wrote directly (I knew about it since I've done quite a lot with shared libraries but figured it best to have the direct statements in the comments). | |
| Jan 28, 2018 at 0:20 | comment | added | Pryftan | @RuiFRibeiro Very nice. I have fond memories of 16-bit assembly and certainly I've done some things (as your example is certainly!) that might be called 'impressive' (I'm in the credits for linux_logo, for example) but for me it's just a joy, a passion. Glad you liked my thought on learning about ourselves. And it's true and a very valuable thing to experience! | |
| Jan 27, 2018 at 9:10 | comment | added | Rui F Ribeiro | @Pryftan In the distant past I programmed a lot in assembly, debugged also a lot, and hacked a lot Z80 and x86. Nowadays I do it more rarely, and by intuition. I also wrote the first open source emulator in Windows for an 8-bit machine back in the day. Thanks for all the comments, I like particularly the one about learning about ourselves. | |
| Jan 27, 2018 at 1:59 | comment | added | Pryftan | @RuiFRibeiro Welcome. I felt the first part obligatory though. As for GDB it is extremely powerful but debugging is an art more than a science. And it is rewarding to get good at it. Some programmers say you shouldn't need a debugger but that's naïve and also ignores the fact it can do so many more things than just help you fix bugs. Looking at an executable can be really fascinating and stepping through the execution (and/or setting watchpoints and breakpoints) can be empowering and can also teach you a lot too even things about your own code (which also means about yourself, incidentally). | |
| Jan 27, 2018 at 1:32 | comment | added | Rui F Ribeiro | @Pryftan Indeed, not impossible, harder. Thanks for the tips. | |
| Jan 27, 2018 at 1:29 | comment | added | Pryftan | Just as an advisory... Also keep in mind that if the binary is stripped (of debugging symbols at least) it's harder to trace the execution of the instructions in a debugger. | |
| Jan 27, 2018 at 1:28 | comment | added | Pryftan | $ objdump -p /path/to/program | grep NEEDED | |
| Jan 27, 2018 at 1:27 | comment | added | Pryftan | wrt ldd: Be aware that in some circumstances (e.g., where the program specifies an ELF interpreter other than ld-linux.so), some versions of ldd may attempt to obtain the dependency information by attempting to directly execute the program (which may lead to the execution of whatever code is defined in the program's ELF interpreter, and perhaps to execution of the program itself). Thus, you should never employ ldd on an untrusted executable, since this may result in the execution of arbitrary code. A safer alternative when dealing with untrusted executables is: | |
| Jan 26, 2018 at 22:03 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 4650 characters in body
|
| Jan 26, 2018 at 20:03 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 99 characters in body
|
| Jan 24, 2018 at 22:36 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
deleted 5 characters in body
|
| Jan 24, 2018 at 2:51 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 82 characters in body
|
| Jan 23, 2018 at 22:47 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 26 characters in body
|
| Jan 22, 2018 at 23:40 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
edited body
|
| Jan 22, 2018 at 16:15 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 293 characters in body
|
| Jan 22, 2018 at 15:58 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 77 characters in body
|
| Jan 22, 2018 at 15:48 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 360 characters in body
|
| Jan 22, 2018 at 14:49 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 124 characters in body
|
| Jan 22, 2018 at 14:05 | comment | added | Rui F Ribeiro |
@ILMostro_7 Never heard of ERESI; how do you rate it? What can you do with an executable binary and objcopy?
|
|
| Jan 22, 2018 at 13:54 | comment | added | ILMostro_7 |
Great answer, indeed. It may be worth adding ERESI, ftrace, and GNU objcopy to the list.
|
|
| Jan 22, 2018 at 13:06 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
deleted 1 character in body
|
| Jan 22, 2018 at 13:00 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 31 characters in body
|
| Jan 22, 2018 at 9:02 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 200 characters in body
|
| Jan 22, 2018 at 3:46 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 58 characters in body; deleted 6 characters in body
|
| Jan 22, 2018 at 3:00 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
edited body
|
| Jan 22, 2018 at 2:51 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 8 characters in body
|
| Jan 21, 2018 at 14:42 | comment | added | Rui F Ribeiro | Btw, while I can put radare2 easily working in MacOS, Cutter is not the same story. | |
| Jan 21, 2018 at 14:34 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 1 character in body
|
| Jan 21, 2018 at 13:14 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 10 characters in body
|
| Jan 21, 2018 at 13:08 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 716 characters in body
|
| Jan 21, 2018 at 11:47 | history | edited | Jeff Schaller♦ | CC BY-SA 3.0 |
minor grammatical tweaks
|
| Jan 21, 2018 at 8:29 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
deleted 1 character in body
|
| Jan 21, 2018 at 1:59 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
deleted 6 characters in body
|
| Jan 21, 2018 at 0:53 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 167 characters in body
|
| Jan 21, 2018 at 0:48 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 167 characters in body
|
| Jan 21, 2018 at 0:37 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
deleted 7 characters in body
|
| Jan 21, 2018 at 0:21 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 7745 characters in body
|
| Jan 21, 2018 at 0:10 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 168 characters in body
|
| Jan 20, 2018 at 23:51 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 168 characters in body
|
| Jan 20, 2018 at 23:46 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 168 characters in body
|
| Jan 20, 2018 at 22:03 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 11 characters in body
|
| Jan 20, 2018 at 18:59 | comment | added | ash | Cutter is a GUI wrapper around radare2, it looks like it may be similar to Hopper (but free). | |
| Jan 20, 2018 at 18:09 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
deleted 14 characters in body; deleted 3 characters in body
|
| Jan 20, 2018 at 17:56 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 1 character in body
|
| Jan 20, 2018 at 13:51 | comment | added | Rui F Ribeiro |
@PeterCordes Thanks for the -f tip, will have a look at it.
|
|
| Jan 20, 2018 at 13:50 | comment | added | Rui F Ribeiro |
@d33tah I tried radare in the past, was not that impressed, will have a look to radare2, thanks for pointing it out.
|
|
| Jan 20, 2018 at 11:12 | comment | added | d33tah |
Great answer! I would just add radare2 to the list.
|
|
| Jan 20, 2018 at 9:33 | comment | added | Peter Cordes |
Don't forget strace -f to trace child threads / processes. There are options to split the output into separate files for each PID, or you can just /12345 in less to search for and highlight lines that start with the PID you're interested in. If things aren't too jumbled together (e.g. shell script starting other processes, not concurrent threads), this can be usable. But yeah, it's extremely helpful just to see what config / other files some confusing piece of software is trying to read, when trying to figure out why it's not happy with the way you installed it.
|
|
| Jan 20, 2018 at 7:34 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 60 characters in body
|
| Jan 20, 2018 at 7:24 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 7 characters in body
|
| Jan 20, 2018 at 7:15 | vote | accept | CommunityBot | ||
| Jun 18, 2019 at 21:25 | |||||
| Jan 20, 2018 at 0:37 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 8 characters in body
|
| Jan 20, 2018 at 0:31 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 7 characters in body
|
| Jan 20, 2018 at 0:25 | history | edited | user147505 | CC BY-SA 3.0 |
added 18 characters in body
|
| Jan 20, 2018 at 0:17 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 33 characters in body
|
| Jan 20, 2018 at 0:14 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 33 characters in body
|
| Jan 20, 2018 at 0:04 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 37 characters in body
|
| Jan 19, 2018 at 23:59 | history | edited | Rui F Ribeiro | CC BY-SA 3.0 |
added 37 characters in body
|
| Jan 19, 2018 at 23:54 | history | answered | Rui F Ribeiro | CC BY-SA 3.0 |