Difference between revisions of "Summerschool Aachen 2004/Malware Lab"

From C4 Wiki
Jump to: navigation, search
(The Quiz, Question 1)
m (The Quiz, Question 1)
Line 20: Line 20:
 
=== Documenting the Lab Session ===
 
=== Documenting the Lab Session ===
 
==== The Quiz, Question 1 ====
 
==== The Quiz, Question 1 ====
The perl scripts execute the system call with the number 4, sys_write(), supplying a file descriptor of "1", which denotes stdout, the standard address of the ELF header of the executed binary (increased by 1 to skip the leading 0x7f) and an output length of "3".
+
The perl scripts execute the system call with the number 4, sys_write(), supplying a file descriptor of "1", which denotes stdout, the standard address of the ELF header of the binary (probably the perl interpreter) being executed (increased by 1 to skip the leading 0x7f) and an output length of "3".
 
The perl script outputs "ELF" on my Linux box.
 
The perl script outputs "ELF" on my Linux box.
  
 
[[Category:Summerschools]] [[Category:Hacks]]
 
[[Category:Summerschools]] [[Category:Hacks]]

Revision as of 11:28, 6 October 2004

Notes about Presentation

ELF Tools and others

Notes about Lab Session

more elf tools

  • elfsh - elf shell

small quiz

There is a really small quiz consisting of just one question here.

Documenting the Lab Session

The Quiz, Question 1

The perl scripts execute the system call with the number 4, sys_write(), supplying a file descriptor of "1", which denotes stdout, the standard address of the ELF header of the binary (probably the perl interpreter) being executed (increased by 1 to skip the leading 0x7f) and an output length of "3". The perl script outputs "ELF" on my Linux box.