Date: Mon, 03 Feb 2003 11:22:43 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Fabio Miranda Hamburger <fabmirha@ns.isi.ulatina.ac.cr> Cc: freebsd-chat@freebsd.org Subject: Re: Disassembling question. Message-ID: <3E3EC183.225F874A@mindspring.com> References: <Pine.LNX.4.44.0302022339520.25413-100000@ns.isi.ulatina.ac.cr>
next in thread | previous in thread | raw e-mail | index | archive | help
Fabio Miranda Hamburger wrote: > Hi, I would like to know what tools does freebsd offer me for > disassembling purposes ? objdump, what else? gdb, and there are ports of various debuggers and other tools. > Also, Where can I learn more about disassembling on FreeBSD ? In the books, help files, and manual pages for the tools, above. > I have certain binary in FreeBSD and I would like to know What library > functions does it call? and try to find out what does the binary do when > it's executed. Are you willing to execute it to find out, or is this a forensic discussion (e.g. it's a worm or something, and you'd rather just read it than run it)? If you are willing to execute it, you can use ktrace or truss to get the system calls and parameters. For the library routines, it's harder; you will need to build an instrimented version of the library and force it to use it. IF the program is statically linked, this won't be possible. BTW, if you are concerned it's a trojan or a "root kit", you can always create two jails, run it in one, and then compare the jails afterward, byte-by-byte, to see what, if anything, changed between them. Generally, when I run suspicious Windows code (usually I disassemble it with V Communication's Inc.'s "Sourcer", which is a commenting disassembler for Windows/DOS, if I'm suspicious enough to care), I do it in a VMWare virtual machine running under FreeBSD, which lets me do all sorts of things, like monitor all the network traffic directly, intercept it, change it, and let it keep going, etc.. It'd be a great way to cheat at Netrek, borging a "blessed" client, if you wer the sort to do that kind of thing. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E3EC183.225F874A>