i want Disassemble an vxworks system,vxworks system have a elf image file,,and i use IDA Pro Disassemble it ,but have a problem.
http://www.routerclub.com/attachments/S ... NROu4B.gif
this system is a bas system, it use network card mac address to register it.
underside is the system file.
ftp://61.161.79.48/router/vxwork.rar
Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
How to Disassemble vxworks System?
-
evilkings
i tried to load the binary into ida and its running for more than 24 hours and i couldnt able to get the section info.
And more than, when i loaded it, few of the variables thats within the text section is not linked.
for ex,
push 0xnnnnnnnn -> Actually this is part of text section
And IDA is not linking it properly. In few of the places all the strings used in the function is included between the function,
any idea howto automate this ? did anyone faced the same kind of problems ?
And more than, when i loaded it, few of the variables thats within the text section is not linked.
for ex,
push 0xnnnnnnnn -> Actually this is part of text section
And IDA is not linking it properly. In few of the places all the strings used in the function is included between the function,
any idea howto automate this ? did anyone faced the same kind of problems ?
-
evilkings
yes.it was an interesting exercise to try !! after playing with the large binary for lonnng time, i could manage to disassemble it correctly . whatever i had was x86 binary and i loaded that in the ida pro as binary file and after doing few more analysis, i could able to create few function and then on...it was a nice experience !!
"hazard" if you could share that script, please send it across . it will be useful in few cases if you are reversing Linux kernel binary also. please share that !!
"hazard" if you could share that script, please send it across . it will be useful in few cases if you are reversing Linux kernel binary also. please share that !!
it's super simple but effective 
Code: Select all
from sys import *
from struct import *
from zlib import *
def main():
print "\nextract and decompress zlib"
if len(argv) is not 3:
print """
Usage:
<argv1> source file
<argv2> dest file
"""
exit()
else:
print """
Using:
Source: %s
Dest: %s
""" % (argv[1],argv[2])
try:
in_fd=open(argv[1],"rb")
except:
print "[-]Could't open file %s" % argv[1]
exit()
try:
out_fd=open(argv[2],"wb")
except:
print "[-]Could't open file %s" % argv[2]
exit()
buff=in_fd.read()
print 'Length', hex(len(buff))
for i in range(len(buff)):
try:
decomS = decompress(buff[i:])
except:
# print '.'
continue
print "Got it :) ", i, hex(i)
out_fd.write(decomS)
print "[+]Done writing to '%s'" % argv[2]
if __name__=="__main__":
main()