Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re:

From: Bret <bret () rehost com>
Date: Thu, 20 May 1999 09:46:13 -0400
---Reply to mail from Gilles about 


Does anyone here can post a simple C decompiler ?
If i need to decompile my /bin/login in Linux Red Hat, is it what i need ?



I dont see how a decompiler relates to firewalls, however ...

It is difficult to decompile programs, though not impossible..  As far as
I know there are no linux decompilers, there are however disassemblers. 
Using gdb (gnu debugger) you should be able to figure out if your login
program is doing anything that you dont want it to do (additionally strace
may also provide some information)..  You can even use ldd to see what
libraries it is using (to see if it uses anything that it shouldnt/doesnt
normally)..  You can also try to check the checksum of the file and see if
it matches, changes typically show up with a different checksum (though a
really clever person can make the checksum the same, typically not without
changing the filesize though)..

With that said, unless you are trying to look at exactly what was done, it
is often easier to replace the program by getting the source from a known
secure location and rebuilding it from that.  If you do not know how to
use any of the tools that I mentioned (or simmilar ones) odds are that you
do not know enough to figure out exactly what is going on, and this forum
isnt the correct place to explain usage of those tools (as they deal more
with development and not with firewalls themselves)..

Hope this helps somewhat


-- 
Bret McDanel                                    http://www.rehost.com
Realistic Technologies, Inc.                             973-514-1144

     These opinions are mine, and may not be the same as my employer
Previous By Date Next
Previous By Thread Next

Current thread: