Reverse engineering - Hide code behind GCC constructors
Interesting technique to hide code from IDA Pro before the main function by (ab)using GCC constructors.
More information about how to detect this technique and similar ones here:
The second part of the video is a quick introduction to the GNU Debugger - GDB.
Although there are not that many Linux malware, this technique is definitely something to be aware of.
Tools:
- IDA Pro
- GDB Debugger
- gdbinit
- Vim
References:
gdbinit man page
5 months ago 00:24:08 1
5 months ago 00:00:55 1
5 months ago 00:17:08 1
5 months ago 00:03:24 1
5 months ago 00:00:48 1
5 months ago 00:01:35 1
5 months ago 00:04:36 1
5 months ago 00:26:20 1
5 months ago 00:03:56 1
5 months ago 00:17:35 1
5 months ago 00:14:31 1
5 months ago 00:03:33 1
5 months ago 01:40:29 9
5 months ago 00:15:17 1
5 months ago 00:01:13 1
5 months ago 00:00:32 1
5 months ago 00:01:35 41
5 months ago 00:09:09 1
5 months ago 01:14:43 1
5 months ago 00:10:42 17
5 months ago 00:21:31 1
5 months ago 00:11:05 1
5 months ago 00:13:18 1
5 months ago 00:34:13 1
