Binary Analysis

Misc notes on working with binaries

Unix commands

llvm object file dumper

objdump -d <binary_filename>

Info about file type:

file <filename>

Resources

• x86

  • x86-62 Reference Sheet: https://web.stanford.edu/class/cs107/resources/x86-64-reference.pdf
  • calling conventions:
    • https://www.systutorials.com/x86-64-calling-convention-by-gcc/
    • https://en.wikipedia.org/wiki/X86_calling_conventions#System_V_AMD64_ABI

• OSX / Mach-O

  • OS X ABI Mach-O File Format Reference: https://github.com/aidansteele/osx-abi-macho-file-format-reference
  • Inside a Hello World executable on OSX: https://adrummond.net/posts/macho

• Ghidra

  • https://github.com/HackOvert/GhidraSnippets
  • https://ghidra.re/ghidra_docs/api/overview-tree.html
  • https://www.shogunlab.com/blog/2019/04/12/here-be-dragons-ghidra-0.html

• ELF

  • https://stevens.netmeister.org/631/elf.html
  • https://linuxhint.com/understanding_elf_file_format/
  • https://stackoverflow.com/questions/29935915/finding-strings-in-the-text-section/29938864

• GCC (more from the compiler direction than binary analysis, but capturing notes here...)

  • Dump Gimple
    • gcc -fdump-tree-gimple <some_file>