Re: Tools to analyze "captured" binaries? -Reply

[xm () GEEKMAFIA DYNIP COM (Ex Machina)]

The "Kickers of ELF" tarball from LinuxAssembly.org has some tools handy
for analyzing binaries.

[snip, snip]

     * elfls: a utility that displays an ELF file's program and/or
       section header tables, which serve as a kind of global roadmap to
       the file's contents.

     * elftoc: a program that takes an ELF file and generates C code that
       defines a structure with the same memory image, using the
       structures and preprocessor symbols defined in <linux/elf.h>.

[snip, snip]

Handy, eh?

Ex Machina (xm () geekmafia dynip com)    http://geekmafia.dynip.com/~xm/
phone:  1-877-LPT-WHIP         icq:  3387005           aim:  ExMachina
GnuPG Keyprint:     0627 C3A8 DE25 F7FB 46BD  4870 2006 CF7F EBDA 949D

On Thu, 20 Apr 2000, Network Security wrote:

> Date: Thu, 20 Apr 2000 08:02:34 -0600
> From: Network Security <NSECURITY () TASC USDA GOV>
> To: INCIDENTS () SECURITYFOCUS COM
> Subject: Tools to analyze "captured" binaries? -Reply
>
> truss is your friend...there is also a good gnu debugger but the name
> escapes me currently.
> -- statik
>
> > > > Anton Chuvakin <achuvaki () IC SUNYSB EDU> 04/19/00 02:18pm
> Hi there!
>
> I just got a bunch of trojaned binaries (usual rootkit, I guess,
> fingerd/ftp/login together with a sniffer) from my friend's box (hacked
> via ADMROCKS, of course). What tools (apart from strings, ldd, file) I can
> use to analyze those?
>
> Thanks,