Reverse engineering

 April 11, 2021    Hacking

Table of contents:

• Linux utilities
• Tools
  • GDB

Linux utilities

• ltrace ./<programm> runs the specified command until it exits, intercepts and records the dynamic library calls which are called by the executed process and the signals which are received by that process
• faketime '2008-12-24 08:15:42' if you need to invoke your program with a set time
• dismangle Function c++filt for C++ functions starting with _Z

Tools

• DnSpy Debugging Windows .NET exe files
• ILSpy Decompiling .NET files
• jd-gui Decompiling java code

GDB

• If your terminal bugs use CTRL + L to reprint
• Start with Text User Interface gdb -q -tui <program>
• Set the Layout to ASM layout asm and set disassembly-flavor intel
• Disassemble function with disassemble <main>
• Set a breakpoint b <function name>, b <line>, to remove breakpoint disable <breakpoint number>, tb is a temporary breakpoint only works one time
• Run the program run
• Starts the program and stops at main start
• c or continue resumes execution until the next breakpoint is reached.
• Next only goes to the next line n also known as "step over"
• Step to the next instruction s also known as "step into"
• Similarly ni and si for next instruction and step instruction for single ASM instruction stepping
• Backtrace back
• Go to frame X: f X, e.g. f 1 goes to frame 1 (i.e. to the caller of the current function)
• show all registers info register or i r
• show a specific register using i r rax
• evaluate a C expression using p <expression>, e.g. p (char *)0xffff7d08 or p someVariable[13] or p (char *)$rax
• 'gdb -p ' to look at programs with a while loop (find pid with 'ps ax')