Link to this headingFile

Link to this headingCheck for security features

CheckSec:

>>> ../../checksec.sh --dir=. RELRO ,STACK CANARY ,NX ,PIE ,RPATH,RUNPATH ,Symbols,FORTIFY,Fortified,Fortifiable,Filename No RELRO,No Canary found,NX enabled,No PIE,RPATH,No RUNPATH,Symbols,No ,0 ,3 ,./lwiod

Checksec, but for Windows
Windows:

> .\Release\winchecksec.exe C:\Windows\notepad.exe Dynamic Base : true ASLR : true High Entropy VA : true Force Integrity : false Isolation : true NX : true SEH : true CFG : true RFG : false SafeSEH : false GS : true Authenticode : false

Link to this headingCheck for debug Symbols

Linux:

objdump --syms file.bin

OSX:

otool -Iv

Windows:

Link to this headingGet All Functions from a Executable

GDB

gdb libGameLogic.so gef➤ info functions Player:: File Include/Player.h: 96: void IPlayer::AddRef(); 148: void IPlayer::HideCountdown(); 92: void IPlayer::IPlayer(); 97: void IPlayer::Release(); 386: bool Player::AddItem(IItem*, unsigned int, bool); 391: bool Player::AddLoadedAmmo(IItem*, IItem*, unsigned int); 425: void Player::AdvanceQuestToState(IQuest*, IQuestState*); 463: void Player::BuyItem(IActor*, IItem*, unsigned int); 339: bool Player::CanBeDamaged(IActor*); 354: bool Player::CanJump(); 444: bool Player::CanReload(); 485: void Player::Chat(char const*); 426: void Player::CompleteQuest(IQuest*); 345: void Player::Damage(IActor*, IItem*, int, DamageType); 457: void Player::EndNPCConversation(); 436: void Player::EnterAIZone(char const*); 458: void Player::EnterNPCShop(NPC*); 468: void Player::EnterRegion(char const*); 396: void Player::EquipItem(unsigned long, IItem*); 437: void Player::ExitAIZone(char const*); 490: void Player::FastTravel(char const*, char const*); 417: void Player::FreeQuestList(IQuest**); 338: IActor *Player::GetActorInterface(); 377: uint8_t Player::GetAvatarIndex(); 470: const std::string &Player::GetChangeRegionDestination() const; 379: uint32_t Player::GetCharacterId() const; [...]
objdump -d libGameLogic.so [...] 000000000010cce0 <_ZN12ActorFactoryI4BearEC1Ev@plt>: 10cce0: ff 25 4a 24 3b 00 jmpq *0x3b244a(%rip) # 4bf130 <_ZN12ActorFactoryI4BearEC1Ev@@Base+0x31f830> 10cce6: 68 22 00 00 00 pushq $0x22 10cceb: e9 c0 fd ff ff jmpq 10cab0 <.plt> [...]

Link to this headingC++ Demangling

Using CXXfilt to get human readable information:

>>> llvm-cxxfilt _ZThn168_N6Player8TeleportEPKc non-virtual thunk to Player::Teleport(char const*) >>> llvm-cxxfilt _ZN12ActorFactoryI4BearEC1Ev ActorFactory<Bear>::ActorFactory()

Link to this headingGet Type Information from Binary

Get classes from Demangling:

gef➤ ptype Player type = class Player : public Actor, public IPlayer { private: uint32_t m_characterId; std::string m_playerName; std::string m_teamName; uint8_t m_avatarIndex; uint32_t m_colors[4]; class std::map<IItem*, ItemAndCount, std::less<IItem*>, std::allocator<std::pair<IItem* const, ItemAndCount> > > m_inventory; class std::set<std::basic_string<char>, std::less<std::basic_string<char> >, std::allocator<std::basic_string<char> > > m_pickups; class std::map<IItem*, float, std::less<IItem*>, std::allocator<std::pair<IItem* const, float> > > m_cooldowns; class std::map<std::basic_string<char>, unsigned int, std::less<std::basic_string<char> >, std::allocator<std::pair<std::basic_string<char> const, unsigned int> > > m_circuitInputs;

Getting the Offset for a Element in a class:

gdb -p $(pidof PwnAdventure3-Linux-Shipping) --batch \ -ex "b _ZN6Player15GetWalkingSpeedEv" --ex "c" --ex "print &this->m_walkingSpeed" \ -ex "print this" -ex "print (int)\$1-(int)\$2" -ex "quit" 2>/dev/null | awk '/\$3/ {print $3 }' 736

Link to this headingDebug Trace

ptrace(PTRACE_TRACEME)

Link to this headingLinux

Crash and dump core file of a process in Linux

Link to this headingELF

https://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/

Link to this headingWindows

Analyze Windows executables safely without running them Detect malware, suspicious indicators, and PE file structures instantly.