"objdump -D" prints nothing. "objdump -b binary -m i386 -D" works. Ran it in QEMU + strace, dumped the Perl script source from a write().
-
-
@solardiz The section headers can even point fake symbol/strings tables separate from those used for dynamic linking, to hide system() etc. -
@RichFelker@solardiz does anyone actually use objdump to analyze malicious binaries? It has never been viewed as safe/robust. -
@thegrugq@RichFelker I ran it in a sandbox. I think "objdump -b binary -m i386 -D" and "strings -a" are fine for such use. -
@solardiz@thegrugq@RichFelker why not just radare2? :D -
@akochkov@thegrugq@RichFelker I should give radare2 a try, but no experience yet and don't have it handy. objdump did the job for me.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.