Reverse¶

File Format¶

objdump

Usage	Description
`$ objdump -x <binary>`	Display the contents of all headers.
`$ objdump -R <binary>`	Display the dynamic relocation entries in the file.
`$ objdump -M intel -S <binary>`	Intermix source code with disassembly.

PE-bear
PEview
PE Detective (ExplorerSuite)
reshacker
- Add, modify or replace resources.
- Support strings, images, dialogs, menus, VersionInfo and Manifest resources.
CFF Explorer (ExplorerSuite)
Signature Explorer (ExplorerSuite)
010 editor

Decompiler Explorer Online
Compiler Explorer Online
jad
uncompyle6
dnSpy (.Net Framwork)
Telerik/JustAssembly
IDA pro | Usage | Description | |:-----------------------------------------------------|:-----------------------| | <S-F1> | set variable structure | | <S-F12> | string list | | r / h | encode | | x | xrefs | | y | type declaration | | <C-f> | search | | <R> > reset pointer type > create new struct type | |
- IDA Skins
Ghidra

x86 binary on x64 OS
- $ sudo apt install mingw-w64
  - /usr/x86_64-w64-mingw32/include
  - /usr/i686-w64-mingw32/include

Program Instrumentation
- $ patchelf --set-interpreter ./libc/ld-linux.so.2 --set-rpath ./libc/ <bin>
- $ env LD_PRELOAD=<lib> <bin>
- pintool
System Instrumentation
- sandboxie
- regsnap
- regshot
- Microsoft Research Detours Package
- Process Monitor (SysinternalsSuite)
- strace / ltrace

Windbg preview
x64dbg | Usage | Description | |:------------|:-------------| | <Space> | modify code | | <C-p> | patch binary | | <R> > s | search |
gdb | Usage | Description | |:-------|:------------| | watch | | | rwatch | | | awatch | | | x/[N][g,w,h,b]x | |
- plugins
  - peda
  - gef
  - pwndbg
  - pwngdb
CheatEngine72

Usage	Description
`$ readelf -S <binary>`	Display the sections' header.
`$ readelf -s <binary>`	Display the symbol table.