Thread: Watch what you trust.
View Single Post
Old 08-28-07, 01:14 PM   #5
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Watch what you trust.
You can also use gdb to list the functions of the program and then disassemble and inspect certain aspects of that function.

Code:
(gdb) info functions
All defined functions:

Non-debugging symbols:
0x080485d0  _init
0x080485f8  close@plt
0x08048608  select@plt
0x08048618  bcopy@plt
0x08048628  system@plt
0x08048638  puts@plt
0x08048648  getpeername@plt
0x08048658  fgets@plt
0x08048668  strstr@plt
0x08048678  __libc_start_main@plt
0x08048688  printf@plt
0x08048698  getuid@plt
0x080486a8  fcntl@plt
0x080486b8  fclose@plt
0x080486c8  snprintf@plt
0x080486d8  gethostbyname@plt
0x080486e8  exit@plt
0x080486f8  send@plt
0x08048708  htons@plt
0x08048718  memset@plt
---Type <return> to continue, or q <return> to quit---
0x08048728  connect@plt
0x08048738  fopen@plt
0x08048748  recv@plt
0x08048758  socket@plt
0x08048768  __gmon_start__@plt
0x08048780  _start
0x080487a4  call_gmon_start
0x080487d0  __do_global_dtors_aux
0x08048800  frame_dummy
0x08048824  promosi
0x08048850  imapattack
0x080488a7  apacheattack
0x08048ac8  ctimeout
0x08048ca0  bannertest
0x08048ee5  main
0x08049104  __libc_csu_fini
0x0804910c  __libc_csu_init
0x08049160  __do_global_ctors_aux
0x0804918c  _fini
(gdb) disass fopen
No symbol table is loaded.  Use the "file" command.
(gdb) disass fopen\@plt
No symbol table is loaded.  Use the "file" command.
(gdb) disass promosi
Dump of assembler code for function promosi:
0x08048824 <promosi+0>: push   %ebp
0x08048825 <promosi+1>: mov    %esp,%ebp
0x08048827 <promosi+3>: sub    $0x8,%esp
0x0804882a <promosi+6>: movl   $0x80491b4,(%esp)
0x08048831 <promosi+13>:        call   0x8048638 <puts@plt>
0x08048836 <promosi+18>:        movl   $0x80491d8,(%esp)
0x0804883d <promosi+25>:        call   0x8048638 <puts@plt>
0x08048842 <promosi+30>:        movl   $0x8049218,(%esp)
0x08048849 <promosi+37>:        call   0x8048638 <puts@plt>
0x0804884e <promosi+42>:        leave
0x0804884f <promosi+43>:        ret
End of assembler dump.
(gdb) x/s 0x80491d8
0x80491d8 <__dso_handle+40>:     "Apache mod_j/k Fedora Core 6/5 - Debian 3.1 - FreeBSD 5.4REL"
(gdb) x/s 0x8049218
0x8049218 <__dso_handle+104>:    "Gnu mailutils imap4d Fedora Core 6 - Fedora Core 3\n\n"
(gdb)
evilghost is offline   Reply With Quote