# (Very) Basic reverse

#### strings

The Linux `strings` builtin and the Windows `sysinternals` `strings` utility can be used to extract the printable characters contained in a file, and notably in non-text files.

By default, only the sequences that are at least 4 characters long are retrieved.

```
strings <BINARY>
```

#### objdump

The GNU `objdump` command line utility can be used to disassemble the assembler contents of the executable sections of a binary:

```
objdump -d <BINARY>
```

#### radare2

The `radare2` suite is an open source reverse engineering framework consisting of multiples tools and features.

The framework supports multiples architectures (i386, x86-64, ARM, etc.), file formats (PE, PE+, ELF, Mach-O, etc.) and operating systems (Windows, GNU/Linux, OS X, etc.).

The `rabin2` utility can be used to retrieve information and protection mechanisms of a binary:

```
rabin2 -I <BINARY>

radar2 <BINARY>
[0xXXX] > iL
```

The strings in the binary can be printed and searched into using `izz`:

```
[0xXXX] > iiz
[0xXXX] > iiz~<SEARCH_KEYWORD>
[0xXXX] > iiz~password
```

The visual mode can entered by using the `v` command and quitted using the `q` command. In visual mode, the `p` command can be used to switch between display mode.

#### GDB

**Binaries without debugging symbols**

Debugging a binary compiled with out the debbugging symbols ("no debugging symbols found") is possible as GDB can directly handle assembly code.

GDB uses By default the AT\&T assembly syntax. The following command can be used to switch to the Intel syntax:

```
set disassembly-flavor intel
```

To setup a breakpoint, the binary entry point can be retrieved using the GDB `info` command:

```
(gdb) info file
Entry point: 0xXXXXXX

b *0xXXXXXX
```

The `nexti` (shortcut `ni`) and the `stepi` (shortcut `si`) commands are the assembly counter part of the soure code `next` and `step` commands.

The `examine` (shortcut `x`) command can be used to display the assembly code after the breakpoint:

```
# N = number of assembly line to print
# $pc = GDB variable for the program counter register

x/<N>i $pc
x/5i $pc
```

#### OllyDbg

`OllyDbg` is a GUI 32-bit assembler level analyzing debugger for Microsoft Windows.

The `Search for -> All referenced strings` functionality allows to retrieve all printable strings contained in the binary and their address location for breakpoint setting.

#### dnSpy

`dnSpy` is a GUI debugger and assembly editor which can be used to debug 32 or 64 bits .NET applications and edit assemblies in C# or Visual Basic.

The GUI interface can be launched using the `dnSpy.exe` or `dnSpy-x86.exe` programs.

***

#### References

<https://reverseengineering.stackexchange.com/questions/1935/how-to-handle-stripped-binaries-with-gdb-no-source-no-symbols-and-gdb-only-sho>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.qazeer.io/binary-exploitation/reverse.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.