Cover Image

Reverse engineering

 April 11, 2021    Hacking

Table of contents:


Linux utilities
  • ltrace ./<programm> runs the specified command until it exits, intercepts and records the dynamic library calls which are called by the executed process and the signals which are received by that process
  • faketime '2008-12-24 08:15:42' if you need to invoke your program with a set time
  • dismangle Function c++filt for C++ functions starting with _Z


Tools
  • DnSpy Debugging Windows .NET exe files
  • ILSpy Decompiling .NET files
  • jd-gui Decompiling java code
GDB
  • If your terminal bugs use CTRL + L to reprint
  • Start with Text User Interface gdb -q -tui <program>
  • Set the Layout to ASM layout asm and set disassembly-flavor intel
  • Disassemble function with disassemble <main>
  • Set a breakpoint b <function name>, b <line>, to remove breakpoint disable <breakpoint number>, tb is a temporary breakpoint only works one time
  • Run the program run
  • Starts the program and stops at main start
  • c or continue resumes execution until the next breakpoint is reached.
  • Next only goes to the next line n also known as "step over"
  • Step to the next instruction s also known as "step into"
  • Similarly ni and si for next instruction and step instruction for single ASM instruction stepping
  • Backtrace back
  • Go to frame X: f X, e.g. f 1 goes to frame 1 (i.e. to the caller of the current function)
  • show all registers info register or i r
  • show a specific register using i r rax
  • evaluate a C expression using p <expression>, e.g. p (char *)0xffff7d08 or p someVariable[13] or p (char *)$rax
  • 'gdb -p ' to look at programs with a while loop (find pid with 'ps ax')