Skip to content

Latest commit

 

History

History
284 lines (249 loc) · 5.2 KB

security.md

File metadata and controls

284 lines (249 loc) · 5.2 KB
Raw

Software Security

Resources

Binary Analysis

What are the main phases of compiling a C code?
  1. Preprocessing
  2. Compilation
  3. Assembly
  4. Linking

Resources

  • Practical Binary Analysis - Chapter 1

References

Stop compiler processing source after preprocessing phase?

Description

#include <stdio.h>

int main()
{
    fprintf(stdout, "Preprocessing\n");
}

For gcc, this can be done sing the following command:

gcc -E -P -o main.cc main.c

Where -E tells gcc to stop after preprocessing and -P causes the compiler to omit debugging information so that the output is a bit cleaner.

Resources

  • Practical Binary Analysis - Chapter 1

References

Specify the assembly flavor for gcc? 
gcc -masm intel
gcc -masm att

Resources

  • Practical Binary Analysis - Chapter 1

References

Stop compiler processing source after compilation phase? 
gcc -g -O0 -S -masm=intel -o main.s main.c

Resources

  • Practical Binary Analysis - Chapter 1

References

Stop compiler processing source after assembly phase? 
gcc -g -O0 -c -o main.o main.c
file main.o

Resources

  • Practical Binary Analysis - Chapter 1

References

How many relocatable files exist?

Description

There are position-independent (relocatable) object files which can be combined to form a complete binary executable. On the other hand there are position-independent (relocatable) executables, which you can call them apart from ordinary shared libraries because they have an entry point address.

Resources

  • Practical Binary Analysis - Chapter 1

References

View the symbolic information of an executable?

Description

readelf --syms a.out

Resources

  • Practical Binary Analysis - Chapter 1

References

What formats are used to represent debugging symbols for executables?

Description

For ELF binaries, debugging symbols are typically generated in the DWARF format, while PE binaries usually use the proprietary PDB format. DWARF information is usually embedded within the binary, while PDB comes in the form of a separate symbol file.

Resources

  • Practical Binary Analysis - Chapter 1

References

What library can be used to programmatically parse debugging symbols?

libbfd & libdwarf.

Resources

  • Practical Binary Analysis - Chapter 1

References

Strip all the debugging symbols of an executable? 
strip --strip-all a.out
readelf --syms a.out

Resources

  • Practical Binary Analysis - Chapter 1

References

Specify the assembly flavor for objdump utility?

Description

objdump -M intel
objdump -M att

Resources

  • Practical Binary Analysis - Chapter 1

References

Inspect the rodata section of an object file?

The .rodata section contains all constants.

objdump -sj .rodata example.o

Resources

  • Practical Binary Analysis - Chapter 1

References

Disassembly an object file? 
objdump -M intel -d example.o

Resources

  • Practical Binary Analysis - Chapter 1

References

List all the relocation symbols present in an object file? 
readelf --relocs example.o

Resources

  • Practical Binary Analysis - Chapter 1

References

What address do relocation offsets are pointing to in relocation table of an object file?

The leftmost column of each line in the readelf --relocs output is the offset in the object file where the resolved reference must be filled in. The offset equals to the offset of the instruction that needs to be fixed, plus

  1. This is because you only want to overwrite the operand of the instruction, not the opcode of the instruction which happens to be only 1 byte. So to point to the instruction's operand, the relocation symbol needs to skip past the opcode byte.
readelf --relocs example.o

Resources

  • Practical Binary Analysis - Chapter 1

References

List all the available sections in an object file? 
readelf --sections example.o

Resources

  • Practical Binary Analysis - Chapter 1

References