##Methodology
- Investigate the file
file
strings
-
Test it out - what does the program do?
-
Look at its functions in GDB
info functions
- Look at the assembly of a function
disass main
disass otherfunction
-
Look for the flow of the program. Look for cmp
-
Set up breakpoints with hooks
define hook-stop
info registers ;show the registers
x/24xw $esp ;show the stack
x/2i $eip ;show the new two instructions
end
- Step through the whole program. Or at the breakpoints
si ;steps one forward, but follows functions
ni ;does not follow functions