Simple Tools and Techniques for Reversing a binary - bin 0x06

  Рет қаралды 355,544

LiveOverflow

LiveOverflow

Күн бұрын

Пікірлер: 223
@Bubatu7
@Bubatu7 7 жыл бұрын
Hahaha, "press shift+r and be happy." Great tutorials, you make it look so easy! Thank you!
@0x90meansnop8
@0x90meansnop8 7 жыл бұрын
Dude, I'm really thankfull for your videos! As a selftaught coder it's sometimes hard to move on when there is nobody around you to help you out. But the biggest struggle I faced was not the code by itself. It were mostly the tools i had to use and I had no idea most of them even exist. Thank you very much for this video. This will help me to learn a lot faster than I did before. You're awesome.
@0x3b
@0x3b 16 күн бұрын
for real
@mosesnah2893
@mosesnah2893 8 жыл бұрын
how can these wonderful tutorials only have 4000 views? Cannot believe Thank you so much for these super awesome & helpful videos :)
@LiveOverflow
@LiveOverflow 8 жыл бұрын
thank you! If you think it deserves more views, please share it. I'd appreciate it :)
@AhmedJadelrab
@AhmedJadelrab 7 жыл бұрын
I think because there are a few people who understands what he is talking about.
@twistedsim
@twistedsim 6 жыл бұрын
x10 views in 1 year, not bad
@DigitalMonsters
@DigitalMonsters 6 жыл бұрын
To be fair this stuff is super esoteric. I get that these tutorials are aimed at beginners but it still assumes an absurd level of computer competency from the outset. I'm a recent Software Engineering grad and I feel completely out of my depth. I need to find an even more "for dummies" series than this and maybe then I can come back to this.
@LiveOverflow
@LiveOverflow 6 жыл бұрын
I would like to make videos that help people on your level. I’m wondering how I should approach it. Any ideas or examples? Wanna write me a mail LiveOverflow at gmail?
@muffawuffaman
@muffawuffaman 7 жыл бұрын
" for a full list of commands see 'strings /dev/urandom' " oh boy this is one long help file
@cocbuilds
@cocbuilds 5 жыл бұрын
I haven't read a single help file yet. They're all like 50 pages worth.
@jacobtungate3828
@jacobtungate3828 4 жыл бұрын
@@cocbuilds issa joke because urandom is just random characters
@blueairwolf1
@blueairwolf1 3 жыл бұрын
RTFM -read the fine/f*ck!ng manual :D
@dox432
@dox432 4 жыл бұрын
strings objdump strace, ltrace Hopper Disassembler (other disassemblers include Ghidra, IDA Pro, and Ollydbg) radare2 (cutter)
@Hackers-df5fm
@Hackers-df5fm Жыл бұрын
i've been trying to master radare, its been 2 YEARS!! also, great explanation of disassembling and decompilation of binary!
@TheGimpyGus
@TheGimpyGus 8 жыл бұрын
I was really keen to get into this kind of thing for a long time, your tutorials are amazing, honestly thankyou!
@Ebotchl23
@Ebotchl23 4 жыл бұрын
If you are doing this in 2020 and want to move the nodes around you need to first toggle into graph cursor mode with "c" and then you can move nodes around. Shift + hjkl while not in cursor mode will just allow you to jump around visual mode faster.
@madisonhanberry6019
@madisonhanberry6019 6 жыл бұрын
I've been looking for a reverse-engineering resource like these videos for years! Please make more!!!
@lars-magnusskog3983
@lars-magnusskog3983 4 жыл бұрын
Just a quick note that the r2 commands has changed quite a bit from 2016 to 2020. E.g. the help in visual mode is quite a bit more extensive.
@gtg7529
@gtg7529 5 жыл бұрын
Dear, although i only can understand less than 50% of your video, your are a very amazing guy! Thanks for your videos and i watch your each video more than 3times to try to understand what you say...
@ricardobrito6868
@ricardobrito6868 3 жыл бұрын
WOW! this radare is better than jdb when stepping instructions... You can see it stepping in the graph! Really good!
@zeynarz7614
@zeynarz7614 4 жыл бұрын
God Bless you for making this series. Thank you so much.
@b0nes95
@b0nes95 6 жыл бұрын
I don't know how I'd live without my trusty companion, CTRL +R.
@connormcneill9024
@connormcneill9024 6 жыл бұрын
"for a full list of commands see `strings /dev/random`' i c wat u did ther
@elatedmaniac
@elatedmaniac 5 жыл бұрын
Literally learned more in this 12 min video than two months of class.
@Salmiery
@Salmiery 8 жыл бұрын
This was a great overview of these tools and techniques. Keep them coming!
@omri9325
@omri9325 7 жыл бұрын
Can you use Hopper to crack Hopper?
@douwehuysmans5959
@douwehuysmans5959 7 жыл бұрын
Yes
@asjidkalam
@asjidkalam 6 жыл бұрын
Yes indeed.
@4pxris3
@4pxris3 6 жыл бұрын
never thought about that
@lmaoroflcopter
@lmaoroflcopter 6 жыл бұрын
Yes. But it's
@sarahtonin58913
@sarahtonin58913 6 жыл бұрын
_HMMM_
@b00i00d
@b00i00d 4 жыл бұрын
Great vid! Makes you work to get to every last detail and that's the real fun of it!
@darshannn10
@darshannn10 2 жыл бұрын
the way he says "Press Shift +R and be happy" 😂😂
@typedeaf
@typedeaf 5 жыл бұрын
I am really impressed and inspired by the advanced content of the newer videos. The completionist in me has to start with your first videos :D I wonder if you use radare now.
@dastrn
@dastrn 8 жыл бұрын
I'm really enjoying these videos! Thank you for putting them together. Please keep them coming!
@HoldFastFilms
@HoldFastFilms 8 жыл бұрын
Great video. That was very helpful! Keep it up.
@Tzeny15
@Tzeny15 8 жыл бұрын
Keep these kinds of video coming!
@RoughSubset
@RoughSubset 4 жыл бұрын
KZbin removed episode 0x07 in your playlist :/ Any chance of making it available via other platforms?
@TNothingFree
@TNothingFree Жыл бұрын
radar seems like windbg, it is great for developers especially C/C++ devs to learn such reversing tools.
@rastakiwi3899
@rastakiwi3899 6 жыл бұрын
Hello. I understand why there are blue numbers that can't be traduced to ASCII, but do you know why there are untraductable Hex marked by ^ while some are marked by ? Why isn't written for example? It is confusing :0. Thanks!
@fluzzlesnuff
@fluzzlesnuff Жыл бұрын
This probably isn’t useful to you now, but for anyone wondering this in the future: ASCII values 0-31 are ‘control codes’ and can usually be typed with the control key plus a letter or special character. The control key is often represented by a caret (^). So ‘^C’ means control-C, which is ASCII value 3. Vim tries to print unprintable bytes as control codes, so any byte less than 32 will print as a ‘^@‘ or similar. Bytes larger than 127, though, are not in ASCII at all, so they are printed as or whatever hex value. TL;DR: Bytes < 32 are printed as ‘^C’ (control code), bytes > 127 are printed as ‘’ (hex code).
@MrRavenVZ
@MrRavenVZ 8 жыл бұрын
Very good quality content, thank you!
@alojzybabel4153
@alojzybabel4153 4 жыл бұрын
03:15 Is there some way to distinguish user code from those unknown library functions if they were statically linked into the executable and all we know is some random addresses? :q That would save a lot of time when analyzing programs because I would not have to try cracking the code that later tunrs out to be some library code irrelevant to the logic of the program :q
@dewankpant
@dewankpant 6 жыл бұрын
I have a question when I try the same thing with hopper. I am not able to get those neatly formatted strings with characters, rather what i get in the pseudocode is the locations for those strings. is there any such option that you have enabled?
@TempestFrenzy
@TempestFrenzy 5 жыл бұрын
I'm confused as to how you determined 0x4006da contained the key at 4:45 in the video. Can anyone explain this part to me please. Thank you in advance and love your videos so far LiveOverflow :)
@elianagriffith9510
@elianagriffith9510 5 жыл бұрын
Because that memory address was very big. 400 bytes. That's a lot of characters to be simply code.
@compilationsmania451
@compilationsmania451 4 жыл бұрын
Look at 4:27. The rodata section starts from 4006c0 and it's size is 4e, so it's range is from 4006c0 to 4006c0+4e. When we run till the string comparison and print addresses in the registers, 4006da is the only address which belongs in that range. So, we deduce that it must be the address of the string because we know the string is in rodata section.
@kvsec1337
@kvsec1337 2 жыл бұрын
This is superb😁❤️ thank you very much uncle !
@nukexplosion6679
@nukexplosion6679 4 жыл бұрын
Awesome stuff! Thank you for making these tutorials for us
@olfmombach260
@olfmombach260 6 жыл бұрын
I just can't get the string from the address like you did at 4:35. When I stop at the breakpoint and look at the registers, they all point at a completely different location (except eip of course) and also don't hold strings. I'm on x86 btw.
@abhishekpandey71
@abhishekpandey71 2 жыл бұрын
watching this in 2022, awesome... thanks man.
@bartlx
@bartlx 2 жыл бұрын
Thanks for making this great tool referencing video
@anteconfig5391
@anteconfig5391 5 жыл бұрын
how well does objdump show the assembly for the given hexcode. Also does objdump reliably output the proper assembly instructions for non-ELF file formats?
@awesomedee5421
@awesomedee5421 2 жыл бұрын
Thank you. I am one of those people who thinks Mac sux, so I subscribed because you showed linux.
@day1player
@day1player 7 жыл бұрын
This video is utterly hilarious. Thank you very much!
@lovelygirish2242
@lovelygirish2242 Жыл бұрын
Beautiful stuff
@dodochi79
@dodochi79 3 жыл бұрын
Very impressed!
@saeedradmehr1976
@saeedradmehr1976 6 жыл бұрын
I found this one specifically helpful, Thank you!
@linuxguy1199
@linuxguy1199 6 жыл бұрын
BTW there is cutter for radare which is a free graphical frontend for it
@drwblkfact7286
@drwblkfact7286 3 жыл бұрын
Can someone explain why register rsi is important and why it had the string AAAA-Z10N-42-OK in it? Is it common for the rsi register to hold the the comparing string when the function strcmp is called ?
@kosmasraptis8374
@kosmasraptis8374 2 жыл бұрын
Usually this happens for no specific reason. The rsi register just seems to be available at that moment so the compiler puts the line there.
@first-thoughtgiver-of-will2456
@first-thoughtgiver-of-will2456 3 жыл бұрын
Thank you this is very helpful for my research.
@caydauden
@caydauden 3 жыл бұрын
Question at 4:19, you mentioned main should start at 0x4004d0 and we should be able to find this in the screenshot on the right, but in screenshot on the right, main starts at 0x4005bd? Also, .rodata starts at address 0x4006c0, so we would expect the license string to be at that address, but at 4:45, looks like license string is located at address 0x4006da instead?
@caydauden
@caydauden 3 жыл бұрын
I see, the binary code starts at 0x4004d0, which starts with other functions before "main": _start, deregister_tm_clones, register_tm_clones, __do_global_dtors_aux, frame_dummy, and finally "main" starts at 0x4005bd which is within the range (0x4004d0, 0x4004d0 + 0x1e2)
@caydauden
@caydauden 3 жыл бұрын
Also see that .rodata has this data, which also includes the license key at address 0x4006da: (gdb) x/10sb 0x4006c0 0x4006c0 : "\001" 0x4006c2 : "\002" 0x4006c4: "Checking License: %s " 0x4006da: "AAAA-Z10N-42-OK" 0x4006ea: "Access Granted!" 0x4006fa: "WRONG!" 0x400701: "Usage: " 0x40070e: "" 0x40070f: ""
@Siik94Skillz
@Siik94Skillz 4 жыл бұрын
at 1:47, how do you tell gdb to output exactly that with a variable @ rbp-0x28??? been looking for it everywhere and cant find it...
@sabyabhoi8841
@sabyabhoi8841 5 жыл бұрын
hey bro, like you changed the disassembly flavor in gdb using "set disassembly-flavor intel", can we do something similar in radare2 as well? As I firmly believe that the disassembly shown in gdb is much more easier to understand than the one in radare2
@paired7815
@paired7815 5 жыл бұрын
Hi ...thanks a lot ...very interesting videos ...i am new to this ...do you recommend ghidra instead of learning radare ?
@BraveSirSausage
@BraveSirSausage 8 жыл бұрын
using Kali which has Radare2 pre-installed, when i run 'VV' it launches a web server and I get a GUI :( Not as cool as the terminal graph, how do i get rid of it !
@LiveOverflow
@LiveOverflow 8 жыл бұрын
set the environment variable for the web graph to false. I think that helps. [0x100001174]> e graph.web=false
@BraveSirSausage
@BraveSirSausage 8 жыл бұрын
cool thanks ! for anyone else 'e' lists all environment variables.
@ahmedsoliman8007
@ahmedsoliman8007 8 жыл бұрын
please kali is shipped with really old old version of radare2 " always use radare2 from git
@scottbehrens1660
@scottbehrens1660 7 жыл бұрын
Awesome tutorials, I have a question. When I look at the pseudo-code, it's doesn't include the nicely formatted strings like your video shows: nt main(int arg0, int arg1) { var_10 = arg1; if (arg0 == 0x2) { printf(0x4006c4); if (strcmp(*(var_10 + 0x8), 0x4006da) == 0x0) { puts(0x4006ea); } else { puts(0x4006fa); } } else { puts(0x400701); } return 0x0; } Any ideas?
@kushansingh6244
@kushansingh6244 4 жыл бұрын
Nowadays, in my opinion, best tool out there is Ghidra for Disassembly and Decompilation and its free. What do you think LiveOverflow ?
@janardhannarayana
@janardhannarayana 7 жыл бұрын
amazing tutorial
@balb98
@balb98 4 жыл бұрын
Sorry, i don't understand why you use `r TEST-KEY` when breaking the strcmp. Can someone explain me that?
@damiancampbell1743
@damiancampbell1743 3 жыл бұрын
The 'r' in 'r TEST-KEY' is just a shorten version of 'run TEST-KEY'. It does the same thing.
@williamsquires3070
@williamsquires3070 4 жыл бұрын
You can also use Ghidra (free) from ghidra-sre.org; You’ll need Java 11 SDK. Ghidra is a disassembler that works on MacOS X and Windows, and should work on any platform that has Java 11 SDK/runtime, though you may have to figure out how to make (or modify) a launcher script for a Linux distro. It can use many of the IDA-Pro scripts from what I’ve been told, though I don’t have IDA-Pro, so I can’t really say (because it’s too expensive.)
@AntonioSouza
@AntonioSouza 7 жыл бұрын
Very, Very 0x1337 times Very cool. Thank's you. You é very good. Sorry my english, I'm brazilian.
6 жыл бұрын
At 9:09 I can't use 'aaa' anymore, so what alternative command should I use? Thank you
@chuchuthegameryt1171
@chuchuthegameryt1171 6 жыл бұрын
Thanks man. Really useful. Debugging got easier for me. Can you please make a video on CHAINED ret2libc attack. I am actually stuck. There are two methods in it : ESP Lifting and FRAME FAKING and I am not able to make either one of them work.
@kishoresuri007
@kishoresuri007 7 жыл бұрын
Hey.. I have an issue with radare2 while trying to rerun the program using ood. tried to edit the ptrace scope but with no use. When i use ood, it reopens the file in read-write mode and tries to attach . "ptrace attach : operation not permitted" this is the error. do u have any idea about this
@douwehuysmans5959
@douwehuysmans5959 7 жыл бұрын
You need root privileges to attach to a running process. Try sudo
@trebelojaques458
@trebelojaques458 4 жыл бұрын
"and it makes sense to master them all, *Except Radare, nobody every really masters radare* " lmaoo
@dkdk-pd1vn
@dkdk-pd1vn 7 жыл бұрын
Great stuff but please slow down!
@angeloalonzo5500
@angeloalonzo5500 4 жыл бұрын
lol I thought this will be simple
@ryanmccauley211
@ryanmccauley211 4 жыл бұрын
Anybody having an issue like me where the .rodata address doesn't match the registers when running, try compiling with -no-pie flag so the address doesn't get randomized
@tanmaybora359
@tanmaybora359 3 жыл бұрын
@Ryan Mccauley Thank You So Much!
@DebilNo4Mk1
@DebilNo4Mk1 5 жыл бұрын
6:34 "Affordable" *AFFORDABLE*
@wielkizderzaczhadronowkucy293
@wielkizderzaczhadronowkucy293 5 жыл бұрын
some of those tools cost thousands of dollars (and radare is still better than them)
@arifbasri4950
@arifbasri4950 4 жыл бұрын
Thank you Sir, really helpful
@RDesHu-hd2ln
@RDesHu-hd2ln 5 жыл бұрын
Great Video !
@jonbikaku6133
@jonbikaku6133 6 жыл бұрын
Been following this channel and have to say, you got some really dope content! One question regarding redare2 while installing on Ubuntu, after doing the setup and running r2, i get an error saying ` r2: error while loading shared libraries: libr_core.so: cannot open shared object file: No such file or directory `. Any idea how to solve ? I looked online and it seems like its not able to get the shared path of the library.
@franciscobahamondes5878
@franciscobahamondes5878 5 жыл бұрын
github.com/radare/radare2/issues/11897
@الْمَذْهَبُالْحَنْبَلِيُّ-ت9ذ
@الْمَذْهَبُالْحَنْبَلِيُّ-ت9ذ 5 жыл бұрын
Which song/music are you using in your intro and ending ?
@ПетяТабуреткин-в7т
@ПетяТабуреткин-в7т 6 жыл бұрын
10:04 N I C E A R R O W S
@sarafdimi2072
@sarafdimi2072 4 жыл бұрын
I have a question: We saw with ltrace what the arguments of strcmp were. If we want to make our program more secure, what would we do? Attach some crypto to it ?
@nukexplosion6679
@nukexplosion6679 4 жыл бұрын
Make an algorithm for key validation, which he talks about in the next video.
@وزيرالفقراء
@وزيرالفقراء 2 жыл бұрын
hello bro , tell me please how i can clear memory and register for do fast action and speed cpu for instruction with assembly code ? thank you very much
@nikhilt3755
@nikhilt3755 5 жыл бұрын
what if i strip the symbols and then run strace and ltrace will i get function calls?
@Matt-ir1ky
@Matt-ir1ky 8 жыл бұрын
Hey. Thank you very much for your tutorials. I have a small issue with R2... I ran through this tutorial a couple nights ago and I was able to recreate everything you did but tonight when I try in R2 to press VV to display the graph, it opens in its webUI and I can't seem to figure out how to change it back. So I hit VV after seeking to the main func but it opens up my chrome explorer and shows me a graph in there instead. I mean its probably a sophisticated feature but I don't want it at this point... Thanks again!
@Matt-ir1ky
@Matt-ir1ky 8 жыл бұрын
Not sure what the deal was. My r2 was acting weird. It wasn't giving me the silly message when you open it and different ouputs for this or that. I deleted my apt version and installed from git and now its working again. Thanks!
@shubhamjagtap1919
@shubhamjagtap1919 2 жыл бұрын
thanks buddy
@cipher3966
@cipher3966 2 жыл бұрын
Most viewed points are where you wrote the commands quickly and in tiny font at the bottom of the screen. Kind of frustrating, often seeing what was typed is impossible
@osmelfernandezbelen2836
@osmelfernandezbelen2836 3 жыл бұрын
Hello friend, good video, I would like to know if you have any program with the one of the vidoe but that works for windows. I am interested in unzipping a firmware made for the msd7816 chip of the mstar company.
@damiancampbell1743
@damiancampbell1743 3 жыл бұрын
I personally don't know of any programs like this that work for Windows, but honestly, I think you'd be better off looking into WSL (Windows Subsystem for Linux) or using a VM (Virtual Machine) like Virtual Box or VMware Workstation with Linux VM on it.
@meksaldi
@meksaldi 7 жыл бұрын
Awesome content!
@nazibabrar1824
@nazibabrar1824 2 жыл бұрын
Can anyone help me with an issue I am having with ltrace :) ? The thing is, when I am trying to execute the binary from the github repo of the description with "ltrace ./license_1 KEY", It's working fine and showing all the function calls fine. But when I am compiling the source code with "gcc license_1.c -o license_1 -Wall", The ltrace command doesn't work anymore. It's just showing the standard output, no function calls. I think this is an issue with the gcc compiler. How do I compile the source code to be able to read the function calls with ltrace?
@kevinjohansson3923
@kevinjohansson3923 7 жыл бұрын
Man, why have I just found out about this channel now?
@nickst2797
@nickst2797 6 жыл бұрын
Man, why have I just found out about this channel now?
@ahora1026
@ahora1026 6 жыл бұрын
And one year later, why did I ........
@jamespeterson7979
@jamespeterson7979 4 жыл бұрын
I tried the: ltrace ./license TEST It does not give me the strcmp command line. But with "objdump -d" i can find the strcmp.plt as i saw in your video, 3:18 objdump also tells me that it must be somehow related to glibc: # 3fd0 Still ltrace doesn't print the strcmp line. Does it have to do with the compiler version? [gcc version 9.3.0 (Ubuntu 9.3.0-10ubuntu2)]
@jamespeterson7979
@jamespeterson7979 4 жыл бұрын
With the file command i found that your ELF is a 'executable' with 'dynamic linked' libraries my ELF was a 'shared object' with 'dynamic linked libraries' i tried compiling it with '-static ' parameter so i got a 'executable' but it was 'statically linked' and got a increased filesize. I don't know how you compiled it, maybe there are special parameter you used? Your's is also half the size on mine. (16kb vs 8kb), i thought maybe it could have something to do with 32 and 64 bit, but your file stated that it is a "ELF 64-bit LSB".
@diaahanna8882
@diaahanna8882 5 жыл бұрын
is it possible to find bugs in a compiler genrated code ??
@MrJaylassiter
@MrJaylassiter 5 жыл бұрын
I learned so much 😎
@gustavogonzalez8644
@gustavogonzalez8644 4 жыл бұрын
Can RetDec Radare2 decompile a .bin file?
@victorreaver1984
@victorreaver1984 6 жыл бұрын
When I type ./license_1 AAAA-Z1ON-42-OK, it says "Wrong!". Any idea why?
@Saimon404
@Saimon404 2 жыл бұрын
Sir have anyway to cython to python file??? I mean decompile cython compiled and get result python file purely...any method or paid method..kindly repaly pls.
@bmac3933
@bmac3933 4 жыл бұрын
Great video :)
@ExtinityOfficial
@ExtinityOfficial 6 жыл бұрын
Well, time to master Radare then.
@johannbauer2863
@johannbauer2863 5 жыл бұрын
ExtinityOfficial you can also use cutter, which is a gui for radare
@doron2402
@doron2402 7 жыл бұрын
What's your opinion about dtrace?
@pauribelles7920
@pauribelles7920 6 жыл бұрын
Why did he choose to look up specifically for the rsi register to find out the string? How can you found out that? (4:45)
@stathisstathopoulos9007
@stathisstathopoulos9007 6 жыл бұрын
I was wondering too, couldn't find any similarities
@pod9594
@pod9594 5 жыл бұрын
.rodata section had 0x4e long contens from 0x4006c0 (4:26). Only rsi register was in that range : 0x4006da (4:45).
@webpunisher2954
@webpunisher2954 5 жыл бұрын
I do not understand if the file is a binary where 0 and 1 are??
@YURIA9802
@YURIA9802 4 ай бұрын
GIANT CHARACTERS
@drwblkfact7286
@drwblkfact7286 3 жыл бұрын
Thank u !!!
@9thCrusade
@9thCrusade 5 жыл бұрын
when i typed in aaa in radare it showed me some shortcuts and aaa wasnt one of them. what to do? :/
@cyberguide_in
@cyberguide_in 5 жыл бұрын
At 8:44, when I did ./sys/install.sh, it says "You need GNU Make to build me". Can you please help me?
@babaroro5942
@babaroro5942 5 жыл бұрын
Hey ! found the solution, you have to install GNU make with "apt-get install build-essential", it worked for me. Good luck ! :)
@NphiniT
@NphiniT 4 жыл бұрын
Do all of these tools come with ubuntu by default?
@damiancampbell1743
@damiancampbell1743 3 жыл бұрын
Quite a few of these wont, if you're using a security oriented distro like Kali or Parrot, a fair amount of them probably will. As you can see though, it's not terribly hard to acquire them. A simple "sudo apt-get " will do the trick. if you do "sudo apt-get ..." will allow you to install multiple programs simultaneously.
@user-kp5kg5dl8h
@user-kp5kg5dl8h 5 жыл бұрын
Anyone else have issues opening certain manual pages? Digging around Google, I've seen others with this issue, but so far none of the solutions have worked. I've read in one place that it could be a bug?
@damiancampbell1743
@damiancampbell1743 3 жыл бұрын
Not sure which programs you're referring to in particular, but I'm willing to bet it's the one's related to C functions, like "man strcmp" and etc. You can install these with "sudo apt-get install manpages-dev" and "sudo apt-get install manpages-posix-dev". They should work now.
@deamer44
@deamer44 6 жыл бұрын
Can anyone explain to me how he got to the conclusion that jne 0x4000623 goes to location 4005ea for a call??
@b00i00d
@b00i00d 4 жыл бұрын
I think if you watched his previous video it would be clearer. Basically the jne jumps to its address if not equal to 2. If it _is_ equal then the code will continue sequentially from that point (i.e. no jump) and 4005ea is the next major instruction (if you skip all the movs and adds)
@manishasinha6694
@manishasinha6694 4 жыл бұрын
Great tutorials !
@noahosterholz9385
@noahosterholz9385 4 жыл бұрын
Hey can someone pls help me? I cant set adress specific breakpoints in gdb (break *main works) because the adresses seem to change when i run the program and are not the same as displayed in "disassemble main" (there are a bunch of 5s in the adress when i run it where before were 0s) Sry for bad english im german
@noahosterholz9385
@noahosterholz9385 4 жыл бұрын
@@thevulnx ah okay thanks that sounds logic.
@jorgevarela1725
@jorgevarela1725 4 жыл бұрын
Press SHIFT+R and be happy
@khennacheaymene1638
@khennacheaymene1638 4 жыл бұрын
Zion, 42, rabbit running.... Now u see your self
Patching Binaries (with vim, Binary Ninja, Ghidra and radare2)
21:00
Random Emoji Beatbox Challenge #beatbox #tiktok
00:47
BeatboxJCOP
Рет қаралды 20 МЛН
Wait for it 😂
00:19
ILYA BORZOV
Рет қаралды 9 МЛН
Я сделала самое маленькое в мире мороженое!
00:43
In-depth: ELF - The Extensible & Linkable Format
19:02
stacksmashing
Рет қаралды 196 М.
Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)
24:11
LiveOverflow
Рет қаралды 62 М.
When you Accidentally Compromise every CPU on Earth
15:59
Daniel Boctor
Рет қаралды 869 М.
My thoughts on framework after daily driving it for 2 years
16:34
Louis Rossmann
Рет қаралды 717 М.
How To Protect Your Linux Server From Hackers!
20:38
LiveOverflow
Рет қаралды 303 М.
My theory on how the webp 0day was discovered (BLASTPASS)
15:03
LiveOverflow
Рет қаралды 56 М.
The Circle of Unfixable Security Issues
22:13
LiveOverflow
Рет қаралды 115 М.
Just enough assembly to blow your mind
29:31
Kay Lack
Рет қаралды 116 М.
I Reverse Engineered this Program Automatically.
16:53
Low Level
Рет қаралды 75 М.
Random Emoji Beatbox Challenge #beatbox #tiktok
00:47
BeatboxJCOP
Рет қаралды 20 МЛН