Summerschool Aachen 2004/Malware Lab
Contents
Notes about Presentation
ELF Tools and others
- http://soua.net/elf.py
- http://michael.bacarella.com/projects/sograph/sograph-0.95/elf.py
- http://elfsh.devhell.org/
- http://directory.fsf.org/libs/misc/libelf.html (http://developers.sun.com/solaris/articles/elf.html)
- http://sourceforge.net/projects/elfio/
- http://www.kerneled.org/projects/elf/index.html
- http://www.z0mbie.host.sk/infelf.html
- ELF(5)
- readelf(1), from GNU binutils
Notes about Lab Session
more elf tools
- elfsh - elf shell
small quiz
There is a really small quiz consisting of just one question here.
Documenting the Lab Session
The Quiz, Question 1
The perl scripts execute the system call with the number 4, sys_write(), supplying a file descriptor of "1", which denotes stdout, the address of the ELF header of the executed binary (increased by 1 to skip the leading 0x7f) and an output length of "3". The perl script outputs "ELF" on my Linux box.
