Difference between revisions of "Summerschool Aachen 2004/Malware Lab"
Mario Manno (talk | contribs) m (→more elf tools) |
(→Notes about Lab Session) |
||
| Line 18: | Line 18: | ||
There is a really small quiz consisting of just one question [http://www.informatik.hu-berlin.de/~thalheim/aachen2004/lab0610/ here]. | There is a really small quiz consisting of just one question [http://www.informatik.hu-berlin.de/~thalheim/aachen2004/lab0610/ here]. | ||
| + | === Documenting the Lab Session === | ||
| + | ==== The Quiz, Question 1 ==== | ||
| + | The perl scripts execute the system call with the number 4, sys_write(), supplying a file descriptor of "1", which denotes stdout, the address of the ELF header of the executed binary and an output length of "3". | ||
| + | The perl script outputs "ELF" on my Linux box. | ||
[[Category:Summerschools]] [[Category:Hacks]] | [[Category:Summerschools]] [[Category:Hacks]] | ||
Revision as of 11:22, 6 October 2004
Contents
Notes about Presentation
ELF Tools and others
- http://soua.net/elf.py
- http://michael.bacarella.com/projects/sograph/sograph-0.95/elf.py
- http://elfsh.devhell.org/
- http://directory.fsf.org/libs/misc/libelf.html (http://developers.sun.com/solaris/articles/elf.html)
- http://sourceforge.net/projects/elfio/
- http://www.kerneled.org/projects/elf/index.html
- http://www.z0mbie.host.sk/infelf.html
- ELF(5)
- readelf(1), from GNU binutils
Notes about Lab Session
more elf tools
- elfsh - elf shell
small quiz
There is a really small quiz consisting of just one question here.
Documenting the Lab Session
The Quiz, Question 1
The perl scripts execute the system call with the number 4, sys_write(), supplying a file descriptor of "1", which denotes stdout, the address of the ELF header of the executed binary and an output length of "3". The perl script outputs "ELF" on my Linux box.
