OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Tuesday, June 16 2009 08:56.01 CDT

Printer Friendly ...

i started working on Ubuntu

Author: kizi

# Views: 4064

I started working on Ubuntu. and currently i'm not using WIndows.
I use VMWare to run Windows.
of couse, It works very very slowly. it takes about 3minuts to open IDA pro.

and so,
Are there ways that disassembling PE file on Linux?
Does gdb has options to disassemble PE file?
running OllyDbg/ImmuniryDebugger on WINE makes hang-up.

I whish I could disas PE files on Linux naturally.

Blog Comments

dELTA	Posted: Tuesday, June 16 2009 10:03.53 CDT
Well, why not try... IDA Pro? ;-) It has a Linux version you know... http://www.hex-rays.com/idapro/linux/index.htm

Paolo	Posted: Thursday, June 18 2009 01:21.50 CDT
There is plenty of possibilities to disassemble pe files under Linux. As Delta said, you can use IDA Pro in its native Linux form. You can also try the HT editor: http://hte.sourceforge.net/ which is fantastic for examining the PE header fields. Otherwise you can use IDA Pro GUI version under wine... It works like a charm :)

trufae

Posted: Thursday, June 18 2009 02:58.51 CDT

You can also use radare which is a hex editor with assembler/disassembler, debugger with code analysis, code graphing, scripting support and many other goods.

It runs on linux and windows (and many other) and supports ELF as main binary format support, but also handles PE, PE+, CLASS and MACH0 files.

For the debugging support. you can use radare in wine to run the w32 app from linux, or you can just connect to a winedbg, w32gdb, qemu, vmware, bochs or immunity debugger to trace the code, put comments, analyze memory,... from w32 or linux.

It has been recently included in the Debian and Ubuntu testing repositories, this means that you will get automatic updates from your distro.

Feel free to join the mailing list and report problems you get, it is a very active free software project and we are always open to get feedback.

wzzx	Posted: Friday, June 19 2009 05:02.37 CDT
FYI the site is http://radare.org

bitwav3

Posted: Monday, June 22 2009 22:05.37 CDT

welcome to the linux boy!

Debug win32 apps?

"winedbg"

Dump info about PE files?

"winedump"

Remember, all those softwares are open

You want more tools?

search for "biew", "eresi", "edb" etc.

We have so many pro reversers here, i know that they still use windows for their work, the FOSS environment is much better in that aspect, this is something that i never understand.

IDA pro?

If hes really a professional in this area, otherwise try to dig and find a tool.

Newcomers

As you will see some little groups implement their own tools, "radare" and "eresi" are some examples, this can give us one hint, the *nix guys(some gurus) most times make their own tools, some of them have priv8 ones too.

Crackers usually use ollydbg, most times they are just windows users ...

If you want analyse PE files under a *nix box you can try run ollydbg with wine.

kizi	Posted: Thursday, June 25 2009 07:11.58 CDT
thank you! i started with radare and surprised that it works smoothly. it's very useful. and, i'm thinking that should i buy IDA pro. at all, i'm helped a lot! thanks!

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit