InfoSec‎ > ‎

Reverse Engineering

Tools

GNU file
PE Tools
PEiD
nm (dumpbin for windows): information about symbols embedded into binary files (if not stripped)
ldd ("dumpbin /depedents" for windows): list dynamic dependencies (for dynamically linked binaries)
objdump
c++filt: determines the compiler that generated the mangled name (if function overloading is used) of functions in the binary (if they exists) p.47 of ida
strings: extract strings of >4 ASCII characters
ndisasm, diStorm: stream disassemblers. Useful for working with binaries created by metasploit (msfpayload), or analysis of shellcodes in network packets



Comments