Difference between revisions of "CSC231 HexDump Exercise"

From dftwiki3
Jump to: navigation, search
(Created page with "--~~~~ ---- =Exercise: Reverse Engineering: from hexdump to asm= * Recreate the original program whose hexdump output is shown below: <code><pre> [231a@beowulf ~/handout]$ hex...")
 
 
Line 79: Line 79:
 
</pre></code>
 
</pre></code>
  
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
+
<br /><br /><br />
 +
::click [[CSC231 HexDump Exercise Solution|here]] for solution.
 +
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
 +
 
 
[[Category:CSC231]][[Category:Exercises]]
 
[[Category:CSC231]][[Category:Exercises]]

Latest revision as of 11:44, 14 September 2012

--D. Thiebaut 08:47, 14 September 2012 (EDT)


Exercise: Reverse Engineering: from hexdump to asm

  • Recreate the original program whose hexdump output is shown below:
[231a@beowulf ~/handout]$ hexdump -C mickey
00000000  7f 45 4c 46 01 01 01 00  00 00 00 00 00 00 00 00  |.ELF............|
00000010  02 00 03 00 01 00 00 00  80 80 04 08 34 00 00 00  |............4...|
00000020  d8 01 00 00 00 00 00 00  34 00 20 00 02 00 28 00  |........4. ...(.|
00000030  08 00 05 00 01 00 00 00  00 00 00 00 00 80 04 08  |................|
00000040  00 80 04 08 b8 00 00 00  b8 00 00 00 05 00 00 00  |................|
00000050  00 10 00 00 01 00 00 00  b8 00 00 00 b8 90 04 08  |................|
00000060  b8 90 04 08 16 00 00 00  16 00 00 00 06 00 00 00  |................|
00000070  00 10 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000080  b8 04 00 00 00 bb 01 00  00 00 b9 b8 90 04 08 ba  |................|
00000090  0c 00 00 00 cd 80 b8 04  00 00 00 bb 01 00 00 00  |................|
000000a0  b9 cb 90 04 08 ba 03 00  00 00 cd 80 bb 00 00 00  |................|
000000b0  00 b8 01 00 00 00 cd 80  48 65 6c 6c 6f 20 4d 69  |........Hello Mi|
000000c0  63 6b 65 79 20 4d 6f 75  73 65 21 0a 0a 0a 00 00  |ckey Mouse!.....|
000000d0  01 00 00 00 00 00 0f 00  11 00 00 00 01 00 00 00  |................|
000000e0  64 00 00 00 80 80 04 08  00 00 00 00 44 00 17 00  |d...........D...|
000000f0  80 80 04 08 00 00 00 00  44 00 18 00 85 80 04 08  |........D.......|
00000100  00 00 00 00 44 00 19 00  8a 80 04 08 00 00 00 00  |....D...........|
00000110  44 00 1a 00 8f 80 04 08  00 00 00 00 44 00 1b 00  |D...........D...|
00000120  94 80 04 08 00 00 00 00  44 00 1f 00 96 80 04 08  |........D.......|
00000130  00 00 00 00 44 00 20 00  9b 80 04 08 00 00 00 00  |....D. .........|
00000140  44 00 21 00 a0 80 04 08  00 00 00 00 44 00 22 00  |D.!.........D.".|
00000150  a5 80 04 08 00 00 00 00  44 00 23 00 aa 80 04 08  |........D.#.....|
00000160  00 00 00 00 44 00 25 00  ac 80 04 08 00 00 00 00  |....D.%.........|
00000170  44 00 26 00 b1 80 04 08  00 00 00 00 44 00 27 00  |D.&.........D.'.|
00000180  b6 80 04 08 00 00 00 00  64 00 00 00 00 00 00 00  |........d.......|
00000190  00 6d 69 63 6b 65 79 4d  6f 75 73 65 2e 61 73 6d  |.mickeyMouse.asm|
000001a0  00 00 2e 73 79 6d 74 61  62 00 2e 73 74 72 74 61  |...symtab..strta|
000001b0  62 00 2e 73 68 73 74 72  74 61 62 00 2e 74 65 78  |b..shstrtab..tex|
000001c0  74 00 2e 64 61 74 61 00  2e 73 74 61 62 00 2e 73  |t..data..stab..s|
000001d0  74 61 62 73 74 72 00 00  00 00 00 00 00 00 00 00  |tabstr..........|
000001e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000200  1b 00 00 00 01 00 00 00  06 00 00 00 80 80 04 08  |................|
00000210  80 00 00 00 38 00 00 00  00 00 00 00 00 00 00 00  |....8...........|
00000220  10 00 00 00 00 00 00 00  21 00 00 00 01 00 00 00  |........!.......|
00000230  03 00 00 00 b8 90 04 08  b8 00 00 00 16 00 00 00  |................|
00000240  00 00 00 00 00 00 00 00  04 00 00 00 00 00 00 00  |................|
00000250  27 00 00 00 01 00 00 00  00 00 00 00 00 00 00 00  |'...............|
00000260  d0 00 00 00 c0 00 00 00  04 00 00 00 00 00 00 00  |................|
00000270  04 00 00 00 0c 00 00 00  2d 00 00 00 03 00 00 00  |........-.......|
00000280  00 00 00 00 00 00 00 00  90 01 00 00 11 00 00 00  |................|
00000290  00 00 00 00 00 00 00 00  01 00 00 00 00 00 00 00  |................|
000002a0  11 00 00 00 03 00 00 00  00 00 00 00 00 00 00 00  |................|
000002b0  a1 01 00 00 36 00 00 00  00 00 00 00 00 00 00 00  |....6...........|
000002c0  01 00 00 00 00 00 00 00  01 00 00 00 02 00 00 00  |................|
000002d0  00 00 00 00 00 00 00 00  18 03 00 00 d0 00 00 00  |................|
000002e0  07 00 00 00 09 00 00 00  04 00 00 00 10 00 00 00  |................|
000002f0  09 00 00 00 03 00 00 00  00 00 00 00 00 00 00 00  |................|
00000300  e8 03 00 00 43 00 00 00  00 00 00 00 00 00 00 00  |....C...........|
00000310  01 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000320  00 00 00 00 00 00 00 00  00 00 00 00 80 80 04 08  |................|
00000330  00 00 00 00 03 00 01 00  00 00 00 00 b8 90 04 08  |................|
00000340  00 00 00 00 03 00 02 00  00 00 00 00 00 00 00 00  |................|
00000350  00 00 00 00 03 00 03 00  00 00 00 00 00 00 00 00  |................|
00000360  00 00 00 00 03 00 04 00  01 00 00 00 00 00 00 00  |................|
00000370  00 00 00 00 04 00 f1 ff  11 00 00 00 b8 90 04 08  |................|
00000380  01 00 00 00 01 00 02 00  17 00 00 00 c4 90 04 08  |................|
00000390  01 00 00 00 01 00 02 00  1d 00 00 00 cb 90 04 08  |................|
000003a0  01 00 00 00 01 00 02 00  24 00 00 00 80 80 04 08  |........$.......|
000003b0  00 00 00 00 10 00 01 00  2b 00 00 00 ce 90 04 08  |........+.......|
000003c0  00 00 00 00 10 00 f1 ff  37 00 00 00 ce 90 04 08  |........7.......|
000003d0  00 00 00 00 10 00 f1 ff  3e 00 00 00 d0 90 04 08  |........>.......|
000003e0  00 00 00 00 10 00 f1 ff  00 6d 69 63 6b 65 79 4d  |.........mickeyM|
000003f0  6f 75 73 65 2e 61 73 6d  00 48 65 6c 6c 6f 00 4d  |ouse.asm.Hello.M|
00000400  6f 75 73 65 00 6c 66 6c  66 6c 66 00 5f 73 74 61  |ouse.lflflf._sta|
00000410  72 74 00 5f 5f 62 73 73  5f 73 74 61 72 74 00 5f  |rt.__bss_start._|
00000420  65 64 61 74 61 00 5f 65  6e 64 00                 |edata._end.|
0000042b




click here for solution.