[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Tue May 24 12:12:24 2005 -->
- <!--x-from-r13: tert.serrzlre ng tznvy.pbz (Uert Terrzlre) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] C code help -->
- <li><em>date</em>: Tue May 24 12:12:24 2005</li>
- <li><em>from</em>: greg.freemyer at gmail.com (Greg Freemyer)</li>
- <li><em>in-reply-to</em>: <<a href="msg00833.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00796.html">[email protected]</a>> <<a href="msg00800.html">[email protected]</a>> <<a href="msg00833.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] C code help</li>
strace is a very standard linux tool, and is likely part of whatever
distro you use.
Maybe type the below and look at the strace output, then try various
strace options. Try to figure out what is ignorable, and what is
important.
strace wc /etc/fstab 2> /tmp/strace.out
The strace output will be in /tmp/strace.out
When I did this, I got 85 lines of output, but only a few lines
related to /etc/fstab (the file being analysed by wc.)
Once you have a bit of a feel for how strace works, you can try run
your program of interest from a command line: "strace my_program".
> >
> > 2) You said you decompiled 2 files. Decompiled is going to have a
> > specific meaning to a programmer and to the best of my knowledge,
> > there are no tools for decompiling C code. I have to a assume you
> > meant you reverse engineered a couple of config files.
>
> I downloaded a command line utility that ran on OS X called the reverse
> engineering compiler.
> I cd to the directory and took a file called AR.exe that was hex data
> viewed in BBEDIT and converted it into the following (just the first
> bit of the file):
>
>
> /* This file was automatically created by
> * Reverse Engineering Compiler 1.6 (C) Giampiero Caprino (Mar 31 2002)
> * Input file: 'ar.exe'
> */
>
> /* DEST BLOCK NOT FOUND: 00000121 -> 000001ab */
> /* Procedure: 0x00000104 - 0x00000123
> * Argument size: 0
> * Local size: 0
> * Save regs size: 0
> */
>
> L00000104()
> {
>
>
>
> ds = *%cs:0x1ba];
> L00000167();
> (save)cs;
> *L00000928();
> bp = sp;
> ah = 0x4c;
> al = *(bp + 2);
> asm("int 0x21");
> cx = 0xe;
> dx = 0x2f;
> goto L000001ab;
> }
>
> /* Procedure: 0x00000124 - 0x00000166
> * Argument size: 0
> * Local size: 0
> * Save regs size: 4
> */
>
> L00000124()
> {
> /* unknown */ void ds;
>
>
>
> ax = 0x3500;
> asm("int 0x21");
> *L0000005B = bx;
> *L0000005D = es;
> ax = 0x3504;
> asm("int 0x21");
> *L0000005F = bx;
> *L00000061 = es;
> ax = 0x3505;
> asm("int 0x21");
> *L00000063 = bx;
> *L00000065 = es;
> ax = 0x3506;
> asm("int 0x21");
> *L00000067 = bx;
> *L00000069 = es;
> ax = 0x2500;
> ds = cs;
> dx = 0x11a;
> asm("int 0x21");
> }
>
> The truth is I don't know what I have done. Any ideas or comments?
>
I' not sure what the above is myself. Looks like a weird cross
between C code and assembly to me.
Parts of it may be legal C code, but it is definately not something a
beginner would want to wade thru.
I think you will be better off focusing on the strace approach if you
can get it to work.
Greg
--
Greg Freemyer
The Norcross Group
Forensics for the 21st Century
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00796" href="msg00796.html">[ale] C code help</a></strong>
<ul><li><em>From:</em> mpwright at speedfactory.net (Mark Wright)</li></ul></li>
<li><strong><a name="00800" href="msg00800.html">[ale] C code help</a></strong>
<ul><li><em>From:</em> greg.freemyer at gmail.com (Greg Freemyer)</li></ul></li>
<li><strong><a name="00833" href="msg00833.html">[ale] C code help</a></strong>
<ul><li><em>From:</em> mpwright at speedfactory.net (Mark Wright)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00853.html">[ale] tomcat woes</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00855.html">[ale] b'bye</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00833.html">[ale] C code help</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00802.html">[ale] need help to correct duplicate mount entries?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00854"><strong>Date</strong></a></li>
<li><a href="threads.html#00854"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>