Let’s download the attached files and be sure to make the script executable.
Now let’s take a look at this script to see how it works.
This script is written in bash which is the language of the Linux terminal. So we’ll see a lot of linux commands we recognize. Let’ break it down to understand how it works. The first few lines are pretty self explanatory so I’ll skip ahead a bit
objdump -Dj .text $1 > $1.ltdis.x86_64.txt
objdump is command line tool used to analyze binaries and object files. Object files contain the object code which is a binary representation of the instructions that the computer’s cpu can execute directly. This command allows us to view the machine level instructions in a human readable format. The “-D” flag specifies that you want to disassemble all and the “j” flag specifies the name. So this line of code states that we wish to disassemble all of the .text section of this binary presented as an argument and write it to a file of the same name with .ltdis.x86_64.txt appended to the end.
if [ -s “$1.ltdis.x86_64.txt” ]
This line of code will check to validate that the folder we just created is not empty. If it is then an error message will be printed if not then the rest of the code will execute. By placing it in brackets we state that we want to test it and the -s states the condition we want to test. That the file exists and has a non-zero size value.
strings -a -t x $1 > $1.ltdis.strings.txt
Then once the condition is met our script performs the strings command on the file that was presented as an argument and writes the output to the same file that was created from objdump . The flag “-a” means that we want to perform this action on the whole and “-t x” means that we want the offsets returned in hexadecimal notation. It’s important to note that we are not returning the value of the strings in hexadecimal but rather their location within the file. One thing I noticed is that the strings command writes to the file using a single “>” which will overwrite anything already written by objdump. So this task could be solved using just the strings command on it’s own.
