Tag: disassembling

Radare2, Reversing

Install latest radare2 on Kali

Uninstall installed radare2(if any) apt-get purge radare2apt-get purge radare2 Install prerequisites apt-get install valac libvala-0.xx-dev swigapt-get install valac libvala-0.xx-dev swig pip install r2pipepip install r2pipe pip install –upgrade xdotpip install –upgrade xdot Download https://github.com/radare/radare2 git clone https://github.com/radare/radare2git clone https://github.com/radare/radare2 radare2 Installation cd radare2cd radare2 sys/install.shsys/install.sh valabind Installation Remove the installed version first apt-get purge valabindapt-get …

Disassembling, Radare2, Reversing

Disassembling functions with Radare2

Analyze binary file and its symbols Method 1 radare2 -A c:\Windows\SysWOW64\ntdll.dllradare2 -A c:\Windows\SysWOW64\ntdll.dll Method 2 radare2 c:\Windows\SysWOW64\ntdll.dllradare2 c:\Windows\SysWOW64\ntdll.dll Inside radare2 terminal, type: aaaaaa and hit enter. Disassembling a function Inside radare2 terminal, type: pdf @ sym.ntdll.dll_RtlCreateRegistryKeypdf @ sym.ntdll.dll_RtlCreateRegistryKey You can use tab completion here. Try this instead: pdf @ sym.ntdll.dll_RtlCreateRpdf @ sym.ntdll.dll_RtlCreateR and hit Tab.

Debugging, Disassembler, Disassembling, Reverse Engineering

Radare – a portable reversing framework

Radare is a portable reversing framework that can… Disassemble (and assemble for) many different architectures Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg) Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku Perform forensics on filesystems and data carving Be scripted in Python, Javascript, Go and more Support …

Debugging, Disassembling, Reverse Engineering

Reversing with DumpBin

The Microsoft COFF Binary File Dumper (DUMPBIN) displays information about Common Object File Format (COFF) binary files. You can use DUMPBIN to examine COFF object files, standard libraries of COFF objects, executable files, and dynamic-link libraries (DLLs). For more… DumpBin syntax DUMPBIN [options] files…DUMPBIN [options] files… Display Section Headers dumpbin.exe /HEADERS x:\path\to\object\filedumpbin.exe /HEADERS x:\path\to\object\file Disassembling …

Debugging, Disassembling, Reverse Engineering

Reversing with OBJDUMP

objdump – display plenty of information from object files. It is available in most Linux and Unix systems. It is also available in Windows through cygwin. Display Section Headers: objdump -h /path/to/my/object/fileobjdump -h /path/to/my/object/file Disassembling Executable Sections: objdump -dl /path/to/my/object/fileobjdump -dl /path/to/my/object/file Full Disassembling: objdump -Dslx /path/to/my/object/fileobjdump -Dslx /path/to/my/object/file Display Debugging Info: objdump -g /path/to/my/object/fileobjdump …