Commit b5fabb43 authored by Ines Kramer's avatar Ines Kramer

fixed some typos

parent 3c22122d
# Reverse Engineering
#### Beginners
Get started with [TUT0] (./TUT0/README.md)
and [TUT1] (./TUT0/README.md)
Get started with [TUT1] (./TUT1/README.md)
and [TUT2] (./TUT2/README.md)
#### Advanced
......
......@@ -2,23 +2,23 @@
### Compile:
gcc example1 -o example1
g++ example1plus.cpp -o example1plus
gcc example1 -o example1
g++ example1plus.cpp -o example1plus
### Analyse binary statically:
1. Use and check out options with man <command>:
file
readelf
strings
ldd
ltrace
strace
file
readelf
strings
ldd
ltrace
strace
2. Compile for 32 bit architecture
sudo apt-get install gcc-multilib
sudo apt-get install gcc-multilib
Try compilation with gcc and -m32 parameter activated and 'strip example1' and test again
......@@ -36,41 +36,41 @@ or use gdb
### make your gdb more fancy displaying all registers
cd ~
wget -P ~ git.io/.gdbinit
cd ~
wget -P ~ git.io/.gdbinit
## gdb tutorial - change program flow
1. Start gdb with binary
sudo gdb example1
sudo gdb example1
2. Have a look to the functions
info functions
info functions
3. Disassemble main function
dissamble main
dissamble main
4. Disassemble secret function and extract first address
dissamble secret
dissamble secret
5. Set a breakpoint to main function
break *main
break *main
6. Run program, should stop at break point of main functions
run
run
7. Modify program flow by changing instruction pointer to secret functions
set $rip = <address of secret>
set $rip = <address of secret>
info register
info register
8. Continue program and check result
continue
continue
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment