i started working on Ubuntu
 july keenfield (kizi) <priv kizi gmailcom> |
Tuesday, June 16 2009 08:56.01 CDT |
I started working on Ubuntu. and currently i'm not using WIndows.
I use VMWare to run Windows.
of couse, It works very very slowly. it takes about 3minuts to open IDA pro.
and so,
Are there ways that disassembling PE file on Linux?
Does gdb has options to disassemble PE file?
running OllyDbg/ImmuniryDebugger on WINE makes hang-up.
I whish I could disas PE files on Linux naturally.
Comments
 dELTA |
Posted: Tuesday, June 16 2009 10:03.53 CDT |
|
Well, why not try... IDA Pro? ;-) It has a Linux version you know... http://www.hex-rays.com/idapro/linux/index.htm |
|
 Paolo |
Posted: Thursday, June 18 2009 01:21.50 CDT |
|
There is plenty of possibilities to disassemble pe files under Linux. As Delta said, you can use IDA Pro in its native Linux form. You can also try the HT editor: http://hte.sourceforge.net/ which is fantastic for examining the PE header fields. Otherwise you can use IDA Pro GUI version under wine... It works like a charm :) |
|
| trufae | Posted: Thursday, June 18 2009 02:58.51 CDT |
|
You can also use radare which is a hex editor with assembler/disassembler, debugger with code analysis, code graphing, scripting support and many other goods. It runs on linux and windows (and many other) and supports ELF as main binary format support, but also handles PE, PE+, CLASS and MACH0 files. For the debugging support. you can use radare in wine to run the w32 app from linux, or you can just connect to a winedbg, w32gdb, qemu, vmware, bochs or immunity debugger to trace the code, put comments, analyze memory,... from w32 or linux. It has been recently included in the Debian and Ubuntu testing repositories, this means that you will get automatic updates from your distro. Feel free to join the mailing list and report problems you get, it is a very active free software project and we are always open to get feedback. |
|
 wzzx |
Posted: Friday, June 19 2009 05:02.37 CDT |
| FYI the site is http://radare.org | |
| bitwav3 | Posted: Monday, June 22 2009 22:05.37 CDT |
|
welcome to the linux boy! Debug win32 apps? "winedbg" Dump info about PE files? "winedump" Remember, all those softwares are open You want more tools? search for "biew", "eresi", "edb" etc. We have so many pro reversers here, i know that they still use windows for their work, the FOSS environment is much better in that aspect, this is something that i never understand. IDA pro? If hes really a professional in this area, otherwise try to dig and find a tool. Newcomers As you will see some little groups implement their own tools, "radare" and "eresi" are some examples, this can give us one hint, the *nix guys(some gurus) most times make their own tools, some of them have priv8 ones too. Crackers usually use ollydbg, most times they are just windows users ... If you want analyse PE files under a *nix box you can try run ollydbg with wine. |
|
 kizi |
Posted: Thursday, June 25 2009 07:11.58 CDT |
|
thank you! i started with radare and surprised that it works smoothly. it's very useful. and, i'm thinking that should i buy IDA pro. at all, i'm helped a lot! thanks! |
|