Security Incidents mailing list archives
Re: Tools to analyze "captured" binaries?
From: grugq () MAILCITY COM (Living Prophet of the GREAT GRUG)
Date: Thu, 20 Apr 2000 09:38:12 -0700
Hello, Assuming that it was an x86 Linux box that was hacked, the binaries should be simple ELF IA32 obj files. That means that you can use objdump to get an asm listing and much more. Unfortunately the objdump tools doesn't do JMP and CALL cross refrencing, nor does it insert strings or even handle 1's complement numbers , all of which means that you will probably need dasm or reap to get the appropriate asm dump. These tools can be gotten from http://packetstorm.securify.com/linux/reverse-engineering/ Also, you might want to check out reqt, which will call all the utilities availble over a binary and organise the output. If you would like, you can also send a copy of the files to myself, or the list and I would be happy to have a look at them. peace, grugq. --- GIGANTOR is fighting RIGHT against WRONG G I G A N T O R G - I - G - A - N - T - O - R Send FREE April Fool's Greetings to your friends! http://www.whowhere.lycos.com/redirects/American_Greetings.rdct
Current thread:
- Tools to analyze "captured" binaries? Anton Chuvakin (Apr 19)
- (no subject) Peter Eriksson (Apr 20)
- (no subject) Del (Apr 20)
- Re: Tools to analyze "captured" binaries? Pavel Kankovsky (Apr 20)
- Re: Tools to analyze "captured" binaries? Rob Lee (Apr 20)
- <Possible follow-ups>
- Re: Tools to analyze "captured" binaries? Living Prophet of the GREAT GRUG (Apr 20)
- Re: Tools to analyze "captured" binaries? karthik krishnamurthy (Apr 20)
- Re: Tools to analyze "captured" binaries? Pavel Kankovsky (Apr 22)
- (no subject) Peter Eriksson (Apr 20)