Summerschool Aachen 2004/Malware Lab

From C4 Wiki
< Summerschool Aachen 2004
Revision as of 11:28, 6 October 2004 by Lboehne (talk | contribs) (The Quiz, Question 1)
Jump to: navigation, search

Notes about Presentation

ELF Tools and others

Notes about Lab Session

more elf tools

  • elfsh - elf shell

small quiz

There is a really small quiz consisting of just one question here.

Documenting the Lab Session

The Quiz, Question 1

The perl scripts execute the system call with the number 4, sys_write(), supplying a file descriptor of "1", which denotes stdout, the standard address of the ELF header of the executed binary (increased by 1 to skip the leading 0x7f) and an output length of "3". The perl script outputs "ELF" on my Linux box.