"objdump -D" prints nothing. "objdump -b binary -m i386 -D" works. Ran it in QEMU + strace, dumped the Perl script source from a write().
-
-
Replying to @RichFelker
@solardiz This naturally leads to a powerful way to hide malicious code from objdump, e.g. making a rootkit disassemble as "hello world".1 reply 8 retweets 12 likes -
Replying to @RichFelker
@solardiz The section headers can even point fake symbol/strings tables separate from those used for dynamic linking, to hide system() etc.1 reply 3 retweets 3 likes -
Replying to @RichFelker
@RichFelker@solardiz does anyone actually use objdump to analyze malicious binaries? It has never been viewed as safe/robust.3 replies 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.