Summary of the new technology learned in the recent problems

Others 2020-09-24 15:19:45 views: null

tool

First, you need to download PE (exeinfope) and IDA (64-bit and 32-bit) to perform basic analysis and judgment on the binary file. Just came into contact with a new tool: jeb .
The PE : the file can be used to check the housing and determine the file type , such as 64-bit or 32-bit, what shell encrypted with the exe or ELF file and the like.
IDA : a binary file that can be used for simple static analysis, I have not mastered dynamic analysis, such as F5 view the file pseudo-code , the Shift + F12 key to see the string , export data, view compilation framework and so on.
jeb : used to decompile and statically analyze the apk, that is, the Android program

Shell touched

At present, there is only one kind of shell, called upx shell , which can be found by putting the file into PE, then put the file into kali, and use the upx that comes with kali for unpacking, the code is as follows:

upx -d 文件地址

Dynamic analysis with GDB

This needs to be downloaded in the Linux system . The first-line simple usage is introduced below.
First put the file on the desktop, enter the small window on the desktop, enter the following command to give the file execution permission and enter the file :

chmod a+x ./10
gdb ./文件名   #我也不知道为什么绝对路径不管用,但是这样也能打开

Refer to the big guy blog: https://www.cnblogs.com/Mayfly-nymph/p/11403150.html After
entering the file, you can write the code that needs to be debugged, such as:

x command


The nfu after x/(n,f,u) is an optional parameter, where n is the number of lines to display ; u is the display size of its own byte, such as w for 4-byte display and h for 2- byte display; used by
f The parameters are as follows:
x(hex) displays the variable in hexadecimal format.
d(decimal) Display variables in decimal format.
u(unsigned decimal) Displays the unsigned integer in decimal format.
o(octal) Display variables in octal format.
t(binary) Display variables in binary format.
a(address) Display variables in hexadecimal format.
c(char) Display variables in character format.
f(float) Display variables in floating-point number format
s(str) Display in normal string format

b command

b Function name
represents a breakpoint in this function, the program will stop here

r command

r
stands for running program

n command

n
stands for single step running program

Guess you like

Origin blog.csdn.net/weixin_46148324/article/details/107592949
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com