![]() mmap2, mprotect, and brk are responsible for memory activities such as allocation, permissions, and segment boundary setting.ĭeep inside the code of puts, it eventually executes a write system call. open and read are system calls that are used here to read files. Calling execve runs a program pointed to by the filename in its function argument. execve is the first system call that was logged. Strace logged every system call that happened, starting from when it was being executed by the system. Here's the result of running strace on our hello world program: Strace is another tool we can use, but this logs system calls. The address 0x804840b is also the address of the main function listed in the disassembly results. It also received an exit status of 13 when the program terminated. ltrace logged library functions that the program called and received. The output of ltrace shows a readable code of what the program did. We're introducing ltrace, strace, and gdb for this reversing activity. There are a few tools that are usually pre-installed in Linux that can be used to display more detailed information. Remember that dynamic analysis should be done in a sandbox environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |