Security Incidents mailing list archives
Re: Tools to analyze "captured" binaries? -Reply
From: xm () GEEKMAFIA DYNIP COM (Ex Machina)
Date: Sat, 22 Apr 2000 10:58:41 -0400
The "Kickers of ELF" tarball from LinuxAssembly.org has some tools handy for analyzing binaries. [snip, snip] * elfls: a utility that displays an ELF file's program and/or section header tables, which serve as a kind of global roadmap to the file's contents. * elftoc: a program that takes an ELF file and generates C code that defines a structure with the same memory image, using the structures and preprocessor symbols defined in <linux/elf.h>. [snip, snip] Handy, eh? Ex Machina (xm () geekmafia dynip com) http://geekmafia.dynip.com/~xm/ phone: 1-877-LPT-WHIP icq: 3387005 aim: ExMachina GnuPG Keyprint: 0627 C3A8 DE25 F7FB 46BD 4870 2006 CF7F EBDA 949D On Thu, 20 Apr 2000, Network Security wrote:
Date: Thu, 20 Apr 2000 08:02:34 -0600 From: Network Security <NSECURITY () TASC USDA GOV> To: INCIDENTS () SECURITYFOCUS COM Subject: Tools to analyze "captured" binaries? -Reply truss is your friend...there is also a good gnu debugger but the name escapes me currently. -- statikAnton Chuvakin <achuvaki () IC SUNYSB EDU> 04/19/00 02:18pmHi there! I just got a bunch of trojaned binaries (usual rootkit, I guess, fingerd/ftp/login together with a sniffer) from my friend's box (hacked via ADMROCKS, of course). What tools (apart from strings, ldd, file) I can use to analyze those? Thanks,
Current thread:
- Analysis: AboveNet attacks, (continued)
- Analysis: AboveNet attacks Robert Graham (Apr 28)
- Re: I am popular today... Ville (Apr 29)
- Lots netbios scans (udp 137) Russell Fulton (Apr 30)
- High port UDP probe? Damian Gerow (Apr 25)
- Re: High port UDP probe? Mark Rowe (Apr 26)
- Lots of scan on port 9520 Erick Perez (Apr 25)
- possible bind worm? Roelof Temmingh (Apr 25)
- Re: Rooted through in.identd on Red Hat 6.0 Erich Meier (Apr 20)
- Re: Rooted through in.identd on Red Hat 6.0 Brett Glass (Apr 20)
- Tools to analyze "captured" binaries? -Reply Network Security (Apr 20)
- Re: Tools to analyze "captured" binaries? -Reply Ex Machina (Apr 22)
- Port 137 scans on the rise Bryan Andersen (Apr 20)
- Re: Port 137 scans on the rise horio shoichi (Apr 22)