OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Store Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Tuesday, June 16 2009 08:56.01 CDT

Printer Friendly ...

i started working on Ubuntu

Author: kizi

# Views: 2070

I started working on Ubuntu. and currently i'm not using WIndows.
I use VMWare to run Windows.
of couse, It works very very slowly. it takes about 3minuts to open IDA pro.

and so,
Are there ways that disassembling PE file on Linux?
Does gdb has options to disassemble PE file?
running OllyDbg/ImmuniryDebugger on WINE makes hang-up.

I whish I could disas PE files on Linux naturally.

Blog Comments

dELTA	Posted: Tuesday, June 16 2009 10:03.53 CDT
Well, why not try... IDA Pro? ;-) It has a Linux version you know... http://www.hex-rays.com/idapro/linux/index.htm

Paolo	Posted: Thursday, June 18 2009 01:21.50 CDT
There is plenty of possibilities to disassemble pe files under Linux. As Delta said, you can use IDA Pro in its native Linux form. You can also try the HT editor: http://hte.sourceforge.net/ which is fantastic for examining the PE header fields. Otherwise you can use IDA Pro GUI version under wine... It works like a charm :)

trufae

Posted: Thursday, June 18 2009 02:58.51 CDT

You can also use radare which is a hex editor with assembler/disassembler, debugger with code analysis, code graphing, scripting support and many other goods.

It runs on linux and windows (and many other) and supports ELF as main binary format support, but also handles PE, PE+, CLASS and MACH0 files.

For the debugging support. you can use radare in wine to run the w32 app from linux, or you can just connect to a winedbg, w32gdb, qemu, vmware, bochs or immunity debugger to trace the code, put comments, analyze memory,... from w32 or linux.

It has been recently included in the Debian and Ubuntu testing repositories, this means that you will get automatic updates from your distro.

Feel free to join the mailing list and report problems you get, it is a very active free software project and we are always open to get feedback.

wzzx	Posted: Friday, June 19 2009 05:02.37 CDT
FYI the site is http://radare.org

bitwav3

Posted: Monday, June 22 2009 22:05.37 CDT

welcome to the linux boy!

Debug win32 apps?

"winedbg"

Dump info about PE files?

"winedump"

Remember, all those softwares are open

You want more tools?

search for "biew", "eresi", "edb" etc.

We have so many pro reversers here, i know that they still use windows for their work, the FOSS environment is much better in that aspect, this is something that i never understand.

IDA pro?

If hes really a professional in this area, otherwise try to dig and find a tool.

Newcomers

As you will see some little groups implement their own tools, "radare" and "eresi" are some examples, this can give us one hint, the *nix guys(some gurus) most times make their own tools, some of them have priv8 ones too.

Crackers usually use ollydbg, most times they are just windows users ...

If you want analyse PE files under a *nix box you can try run ollydbg with wine.

kizi	Posted: Thursday, June 25 2009 07:11.58 CDT
thank you! i started with radare and surprised that it works smoothly. it's very useful. and, i'm thinking that should i buy IDA pro. at all, i'm helped a lot! thanks!

Active in Last 5 Minutes
	timtoady

There are 21,677 total registered users.

Recently Created Topics
PyEmu error when cal...	Sep/02
Restore Themida/Winl...	Sep/02
Anti-olly technique	Aug/30
RAR Password	Aug/29
Heap protection on W...	Aug/23
Why Inline asm in C+...	Aug/20
Bypassing OllyAdvance	Aug/17
Error in logic for g...	Aug/17
Has anyone seen this...	Aug/17
ARM Executable - Pat...	Aug/16

Recent Forum Posts
reverse engineering ...	raiden56
pydbg, memory breakp...	Researc...
RAR Password	Ineedhelp
RAR Password	cod
Heap protection on W...	voila
Heap protection on W...	j00ru
Heap protection on W...	voila
Heap protection on W...	j00ru
Heap protection on W...	psylocn
Why Inline asm in C+...	ronnie2...

Recent Blog Entries
	meshmesh	Sep/01
Is it legal??
	waleedassar	Aug/30
Anti-olly technique
	QvasiModo	Aug/24
WinAppDbg 1.4 is out!
	artemblagodarenko	Aug/18
Dataflow-0.2.0 released. Ne...
	grzonu	Aug/17
Bypassing OllyAdvanced
More ...

Recent Blog Comments
	tosanjay on:	Sep/02
PyEmu 0.0.2
	GynvaelColdwind on:	Sep/01
Is it legal??
	PeterFerrie on:	Aug/31
Anti-olly technique
	dennis on:	Aug/26
Dr. Gadget IDAPython plugin
	halsten on:	Aug/19
Dataflow-0.2.0 released. Ne...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit