--- title: 底層機制遊記 工具篇 description: 現在還太菜，看的資料還不夠多到可以系統化，所以寫遊記，意思就是隨意寫寫的 tags: 底層 lang: zh_tw --- # 底層機制遊記 工具篇 [TOC] ## mipsel-linux-gnu-objdump 在 x86 架構中很熟悉的 objdump 只能 disassemble x86 ELF 而這個工具可以 disassemble MIPS ELF ``` # Install sudo apt-get install binutils-mipsel-linux-gnu # Usage mipsel-linux-gnu-objdump -EL -D $(TARGET) ``` ## Radare2 這個工具就更猛了，很像 gdb，但卻可以分析很多種架構 - [GITHUB](https://github.com/radare/radare2) 用法可以參考我寫的其他篇片段，之後再來好好了解這工具怎用(挖坑) - x86: [Reversing.kr Write-up 1](https://hackmd.io/5vBzFVmaQU64lYk4QQVB_A#%F0%9F%91%80-0x8048451) - ARM: [AIS3 課堂練習題](https://hackmd.io/RS0uX17jRoKXO04hd7MQ9A) ## Qemu 一個虛擬機的概念 ``` sudo apt-get install qemu-system-arm qemu-system-mips qemu-system-x86 qemu-utils ``` 可以參考 [一篇關於 firmadyne 的筆記](https://hackmd.io/CMDTAT_vRqqw0_8XAjhs8A#%E5%AF%A6%E9%9A%9B%E4%BD%BF%E7%94%A8) 從中學習如何給 QEMU 一些參數 例如: ``` qemu-system-mips -s -S -m 256 -M malta -kernel ${KERNEL} \ -drive if=ide,format=raw,file=${IMAGE} -append "root=${QEMU_ROOTFS} console=ttyS0 nandsim.parts=64,64,64,64,64,64,64,64,64,64 rdinit=/firmadyne/preInit.sh rw debug ignore_loglevel print-fatal-signals=1 user_debug=31 firmadyne.syscall=0" \ -nographic \ -net nic,vlan=0 -net socket,vlan=0,listen=:2000 -net nic,vlan=1 -net socket,vlan=1,listen=:2001 -net nic,vlan=2 -net socket,vlan=2,listen=:2002 -net nic,vlan=3 -net socket,vlan=3,listen=:2003 | tee ${WORK_DIR}/qemu.final.serial.log ``` 從中大概知道，給 kernel 給 file system，就能模擬起來 不用給 boot loader ## Bochs 參考這個 repos - [實作 Bootloader](https://github.com/andrewli315/ais3_rev_final_project) 這個更 hardcore 了一點，你就餵一個檔案當作 disk，bochs 模擬把此 disk 當作開機系統碟開始運作 需自行實作 boot loader <style> /* fix mathjax rwd scroll * #Research-direction > simple model */ ul > li > .mathjax { width: 100%; overflow-x: scroll; overflow-wrap: break-word; display: inline-block; } /* Dark mode */ /* <!-- todo: fix highlight.js blocks; some code blocks do not render correctly --> */ body { background-color: #23272a !important; } .ui-view-area { background: #23272a; color: #ddd; } .ui-toc-dropdown { background-color: #23272A; border: 1px solid rgba(255,255,255,.15); box-shadow: 0 6px 12px rgba(255,255,255,.175); } .ui-toc-dropdown .nav > li > a { color: #ccc; } .ui-toc-dropdown .nav > .active:focus > a, .ui-toc-dropdown .nav > .active:hover > a, .ui-toc-dropdown .nav > .active > a { color: #bbb; } .ui-toc .open .ui-toc-label { color: #777; } table * { background-color: #424242; color: #c0c0c0 } button, a { color: #64B5F6; } a:hover, a:focus { color: #2196F3; } a.disable, a.disable:hover { color: #EEEEEE; } /* Dark mode code block */ /* Imported from titangene/hackmd-dark-theme */ .markdown-body pre { background-color: #1e1e1e; border: 1px solid #555 !important; color: #dfdfdf; font-weight: 600; } .token.operator, .token.entity, .token.url, .language-css .token.string, .style .token.string { background: unset; } /* Dark mode alert boxes */ .alert-info { color: #f3fdff; background: #40788A; border-color: #2F7A95; } .alert-warning { color: #fffaf2; background: #936C36; border-color: #AE8443; } .alert-danger { color: #fff4f4; background: #834040; border-color: #8C2F2F } .alert-success { color: #F4FFF2; background-color: #436643; border-color: #358A28; } /* Stylized alert boxes */ .alert-danger>p::before { content: "❌ Dangerous\A"; } .alert-warning>p::before { content: "⚠ Warning\A"; } .alert-info>p::before { content: "ℹ Information\A"; } .alert-warning>p::before, .alert-danger>p::before, .alert-info>p::before { white-space: pre; font-weight: bold; } </style> <style> /* * Visual Studio 2015 dark style * Author: Nicolas LLOBERA <nllobera@gmail.com> */ .hljs { display: block; overflow-x: auto; padding: 0.5em; background: #1E1E1E; color: #DCDCDC; } .hljs-keyword, .hljs-literal, .hljs-symbol, .hljs-name { color: #569CD6; } .hljs-link { color: #569CD6; text-decoration: underline; } .hljs-built_in, .hljs-type { color: #4EC9B0; } .hljs-number, .hljs-class { color: #B8D7A3; } .hljs-string, .hljs-meta-string { color: #D69D85; } .hljs-regexp, .hljs-template-tag { color: #9A5334; } .hljs-subst, .hljs-function, .hljs-title, .hljs-params, .hljs-formula { color: #DCDCDC; } .hljs-comment, .hljs-quote { color: #57A64A; font-style: italic; } .hljs-doctag { color: #608B4E; } .hljs-meta, .hljs-meta-keyword, .hljs-tag { color: #9B9B9B; } .hljs-variable, .hljs-template-variable { color: #BD63C5; } .hljs-attr, .hljs-attribute, .hljs-builtin-name { color: #9CDCFE; } .hljs-section { color: gold; } .hljs-emphasis { font-style: italic; } .hljs-strong { font-weight: bold; } /*.hljs-code { font-family:'Monospace'; }*/ .hljs-bullet, .hljs-selector-tag, .hljs-selector-id, .hljs-selector-class, .hljs-selector-attr, .hljs-selector-pseudo { color: #D7BA7D; } .hljs-addition { background-color: #144212; display: inline-block; width: 100%; } .hljs-deletion { background-color: #600; display: inline-block; width: 100%; } </style>