Jump to content

x86 Disassembly/Linux

From Wikibooks, open books for an open world

The Linux page of the X86 Disassembly Wikibook is a stub. You can help by expanding this section.

GNU/Linux

[edit | edit source]

The GNU/Linux operating system is open source, but at the same time there is so much that constitutes "GNU/Linux" that it can be difficult to stay on top of all aspects of the system. Here we will attempt to boil down some of the most important concepts of the GNU/Linux Operating System, especially from a reverser's standpoint

System Architecture

[edit | edit source]

The concept of "GNU/Linux" is mostly a collection of a large number of software components that are based on the GNU tools and the Linux kernel. GNU/Linux is itself broken into a number of variants called "distros" which share some similarities, but may also have distinct peculiarities. In a general sense, all GNU/Linux distros are based on a variant of the Linux kernel. However, since each user may edit and recompile their own kernel at will, and since some distros may make certain edits to their kernels, it is hard to proclaim any one version of any one kernel as "the standard". Linux kernels are generally based on the philosophy that system configuration details should be stored in aptly-named, human-readable (and therefore human-editable) configuration files.

The Linux kernel implements much of the core API, but certainly not all of it. Much API code is stored in external modules (although users have the option of compiling all these modules together into a "Monolithic Kernel").

On top of the kernel generally runs one or more shells. Bash is one of the more popular shells, but many users prefer other shells, especially for different tasks.

Beyond the shell, Linux distros frequently offer a GUI (although many distros do not have a GUI at all, usually for performance reasons).

Since each GUI often supplies its own underlying framework and API, certain graphical applications may run on only one GUI. Some applications may need to be recompiled (and a few completely rewritten) to run on another GUI.

Configuration Files

[edit | edit source]

Shells

[edit | edit source]

Here are some popular shells:

Bash
An acronym for "Bourne Again SHell."
Bourne
A precursor to Bash.
Csh
C Shell
Ksh
Korn Shell
TCsh
A Terminal oriented Csh.
Zsh
Z Shell

Desktop Environments

[edit | edit source]

Some of the more popular desktop environments:

GNOME
GNU Network Object Modeling Environment
KDE
K Desktop Environment

Debuggers

[edit | edit source]
gdb
The GNU Debugger. It is available on most Linux distributions, and is primarily used to debug ELF executables. manpage
winedbg
A debugger for Wine, used to debug Windows executables under Linux. manpage
edb
A fully featured plugin-based debugger inspired by the famous OllyDbg. Project page

File Analyzers

[edit | edit source]
strings
Finds printable strings in a file. When, for example, a password is stored in the binary itself (defined statically in the source), the string can then be extracted from the binary without ever needing to execute it. manpage
file
Determines a file type, useful for determining whether an executable has been stripped and whether it's been dynamically (or statically) linked. manpage
objdump
Disassembles object files, executables and libraries. Can list internal file structure and disassemble specific sections. Supports both Intel and AT&T syntax
nm
Lists symbols from executable files. Doesn't work on stripped binaries. Used mostly on debugging version of executables.