OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Store Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Tuesday, June 16 2009 08:56.01 CDT

Printer Friendly ...

i started working on Ubuntu

Author: kizi

# Views: 1838

I started working on Ubuntu. and currently i'm not using WIndows.
I use VMWare to run Windows.
of couse, It works very very slowly. it takes about 3minuts to open IDA pro.

and so,
Are there ways that disassembling PE file on Linux?
Does gdb has options to disassemble PE file?
running OllyDbg/ImmuniryDebugger on WINE makes hang-up.

I whish I could disas PE files on Linux naturally.

Blog Comments

dELTA	Posted: Tuesday, June 16 2009 10:03.53 CDT
Well, why not try... IDA Pro? ;-) It has a Linux version you know... http://www.hex-rays.com/idapro/linux/index.htm

Paolo	Posted: Thursday, June 18 2009 01:21.50 CDT
There is plenty of possibilities to disassemble pe files under Linux. As Delta said, you can use IDA Pro in its native Linux form. You can also try the HT editor: http://hte.sourceforge.net/ which is fantastic for examining the PE header fields. Otherwise you can use IDA Pro GUI version under wine... It works like a charm :)

trufae

Posted: Thursday, June 18 2009 02:58.51 CDT

You can also use radare which is a hex editor with assembler/disassembler, debugger with code analysis, code graphing, scripting support and many other goods.

It runs on linux and windows (and many other) and supports ELF as main binary format support, but also handles PE, PE+, CLASS and MACH0 files.

For the debugging support. you can use radare in wine to run the w32 app from linux, or you can just connect to a winedbg, w32gdb, qemu, vmware, bochs or immunity debugger to trace the code, put comments, analyze memory,... from w32 or linux.

It has been recently included in the Debian and Ubuntu testing repositories, this means that you will get automatic updates from your distro.

Feel free to join the mailing list and report problems you get, it is a very active free software project and we are always open to get feedback.

wzzx	Posted: Friday, June 19 2009 05:02.37 CDT
FYI the site is http://radare.org

bitwav3

Posted: Monday, June 22 2009 22:05.37 CDT

welcome to the linux boy!

Debug win32 apps?

"winedbg"

Dump info about PE files?

"winedump"

Remember, all those softwares are open

You want more tools?

search for "biew", "eresi", "edb" etc.

We have so many pro reversers here, i know that they still use windows for their work, the FOSS environment is much better in that aspect, this is something that i never understand.

IDA pro?

If hes really a professional in this area, otherwise try to dig and find a tool.

Newcomers

As you will see some little groups implement their own tools, "radare" and "eresi" are some examples, this can give us one hint, the *nix guys(some gurus) most times make their own tools, some of them have priv8 ones too.

Crackers usually use ollydbg, most times they are just windows users ...

If you want analyse PE files under a *nix box you can try run ollydbg with wine.

kizi	Posted: Thursday, June 25 2009 07:11.58 CDT
thank you! i started with radare and surprised that it works smoothly. it's very useful. and, i'm thinking that should i buy IDA pro. at all, i'm helped a lot! thanks!

There are 16,600 total registered users.

Recently Created Topics
how to crate a PATC...	Mar/10
wsnpoem audio.dll	Mar/09
suggestions - RE tra...	Mar/09
Requesting Suggestio...	Mar/06
Force enable debug p...	Mar/05
upgrading new image ...	Mar/03
upgrading new image ...	Mar/03
upgrading new image ...	Mar/03
Can some one give me...	Mar/02
Error in generating ...	Feb/28

Recent Forum Posts
wsnpoem audio.dll	zhane
suggestions - RE tra...	Silkut
how to crate a PATC...	Silkut
suggestions - RE tra...	RolfRolles
wsnpoem audio.dll	debbie
Requesting Suggestio...	secursig
Requesting Suggestio...	phn1x
how to get executabl...	RabidCi...
how to get executabl...	RabidCi...
Force enable debug p...	Silkut

Recent Blog Entries
	RolfRolles	Mar/08
Compiler Optimizations for ...
	ReWolf	Mar/04
When memory management goes...
	thesprawler	Feb/20
log1949.txt -- Wondering ho...
	thesprawler	Feb/20
log1949.log -- created on C...
	thesprawler	Feb/17
Trying to reverse the firmw...
More ...

Recent Blog Comments
	Boken on:	Mar/12
Compiler Optimizations for ...
	wildinto on:	Mar/10
Compiler Optimizations for ...
	Orr on:	Mar/10
Compiler Optimizations for ...
	bughoho on:	Mar/09
Compiler Optimizations for ...
	cliffwolf on:	Mar/08
Compiler Optimizations for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit