TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:12706] VENIX
On Fri, 21 Jan 2000, Christopher Palmer wrote:
> On Fri, 21 Jan 2000, Dan Debertin wrote:
>
> > You're debugging a binary? Pray that this VENIX has truss/strace, and
> > bring source code for a good hex editor while you're at it....these tools
> > are the binary hacker's swiss army knife.
>
> You speak as if from experience...? I might have to be real impressed, and
> then come over and bug you for fun stories. :)
Yup. Every time tripwire reports that something weird like 'du' or 'ls'
has changed on a system, I pull out truss, strings and hexedit and have at
it. Sometimes it turns out to be benign .... other times it's something
like 'ooh look, what might open("/etc/shadow", O_RDONLY) be doing in the
'ls' program??'
but seriously folks, if I could actually _program_ in a hex editor, I'd be
making a lot more than I am now.....
0x0A731D8F is the address of a pointer to my lack of machine-coding skills
.... ;)
~Dan D.
____________________________________________________________________ -- I
know you think you thought you knew what you thought I said, -- but I'm
not sure you understood what you thought I meant.
++ Dan Debertin
++ Systems Administrator
++ Bitstream Underground, Inc.
++ danield@bitstream.net
++ (612)321-9290