x86 Disassembly/Linux

From Wikibooks, open books for an open world
Jump to: navigation, search

The Linux page of the X86 Disassembly Wikibook is a stub. You can help by expanding this section.

Linux[edit]

The GNU/Linux operating system is open source, but at the same time there is so much that constitutes "GNU/Linux" that it can be difficult to stay on top of all aspects of the system. Here we will attempt to boil down some of the most important concepts of the GNU/Linux Operating System, especially from a reverser's standpoint

System Architecture[edit]

The concept of "GNU/Linux" is mostly a collection of a large number of software components that are based off the GNU tools and the Linux kernel. GNU/Linux is itself broken into a number of variants called "distros" which share some similarities, but may also have distinct peculiarities. In a general sense, all GNU/Linux distros are based on a variant of the Linux kernel. However, since each user may edit and recompile their own kernel at will, and since some distros may make certain edits to their kernels, it is hard to proclaim any one version of any one kernel as "the standard". Linux kernels are generally based off the philosophy that system configuration details should be stored in aptly-named, human-readable (and therefore human-editable) configuration files.

The Linux kernel implements much of the core API, but certainly not all of it. Much API code is stored in external modules (although users have the option of compiling all these modules together into a "Monolithic Kernel").

On top of the kernel generally runs one or more shells. Bash is one of the more popular shells, but many users prefer other shells, especially for different tasks.

Beyond the shell, Linux distros frequently offer a GUI (although many distros do not have a GUI at all, usually for performance reasons).

Since each GUI often supplies its own underlying framework and API, certain graphical applications may run on only one GUI. Some applications may need to be recompiled (and a few completely rewritten) to run on another GUI.

Configuration Files[edit]

Shells[edit]

Here are some popular shells:

Bash 
An acronym for "Bourne Again SHell."
Bourne 
A precursor to Bash.
Csh 
C Shell
Ksh 
Korn Shell
TCsh 
A Terminal oriented Csh.
Zsh 
Z Shell

GUIs[edit]

Some of the more-popular GUIs:

KDE 
K Desktop Environment
GNOME 
GNU Network Object Modeling Environment

Debuggers[edit]

gdb 
The GNU Debugger. It comes pre-installed on most Linux distributions and is primarily used to debug ELF executables. manpage
winedbg 
A debugger for Wine, used to debug Win32 executables under Linux. manpage
edb 
A fully featured plugin-based debugger inspired by the famous OllyDbg. Project page

File Analyzers[edit]

strings 
Finds printable strings in a file. When, for example, a password is stored in the binary itself (defined statically in the source), the string can then be extracted from the binary without ever needing to execute it. manpage
file 
Determines a file type, useful for determining whether an executable has been stripped and whether it's been dynamically (or statically) linked. manpage
objdump 
Disassembles object files, executables and libraries. Can list internal file structure and disassemble specific sections. Supports both Intel and AT&T syntax
nm 
Lists symbols from executable files. Doesn't work on stripped binaries. Used mostly on debugging version of executables.