Using Strace to Trace Linux Syscalls

Поделиться
HTML-код
  • Опубликовано: 24 дек 2024

Комментарии • 48

  • @exalted1ne
    @exalted1ne Год назад +23

    When I was younger, I had an interest in reversing and stumbled across Lena's Reversing tutorials... I couldn't quite grasp it back then but I now have a renewed interest. The amount of effort and clarity you put in these videos is amazing. Thank you.

  • @liamwhalen
    @liamwhalen 11 месяцев назад +1

    I really like the presentation in these tutorials. It's like you are communicating to us from your secret bunker base--letting the people know how to use the systems that were built for them. I've used strace a bit, and your explanation will make my future use of it even better.

  • @NTxC
    @NTxC Год назад +25

    I'm a RE and malware analysis junkie. About 10 years ago I set up a virtual machine with Windows XP on it, downloaded dozens of gigabytes of malware, set up file + registry + network monitors and just randomly executed malware in the VM. It was a lot of fun. One of the malware samples was a keylogger which stored my keystrokes, and sent it over plain FTP to a server in Nigeria. Through Fiddler I discovered that the username and password for that FTP server was in plain text, so I tried logging in to that server and it worked. Before my eyes, on the FTP server, there were hundreds of folders, each filled with data harvested from victims of the malware. The data included also tons of banking and credit card information. I was able to discover the identity of the man running the Nigerian server and managed to find him on social media. Pretty crazy. Another malware sample I tested launched a little chat window in the middle of the screen and the chatbox literally had the title "You're Now Speaking With Mr. Hacker!"... and the person running the malware backend was typing to me, boasting about how I got haxx0red. I played along and begged him not to do any harm to my computer and he was just laughing in my face. Then I told him it's a virtual machine... and reverted to a clean snapshot. When it comes to reverse engineering, I use IDA Pro and Ghidra to discover how exactly some of my favorite older games work under the hood. Mostly Sega Genesis/Atari ST (Motorola 68000) but also x86. In one case I got in the mood to remake an 1988 game I was reversing, in C/C++, to achieve its compatibility with modern systems and fix some of the gameplay bugs. You can see some of the results of that on my channel :)

  • @labeqfci9556
    @labeqfci9556 Год назад +6

    The fact that you don't edit out the "errors" you make on the console while recording makes the video flows perfectly because it feels more real and like a dynamic study session instead of a pre-recorded unreal stuff. Thanks for talking about such very specific subjects.

  • @joojay328
    @joojay328 9 месяцев назад

    I LOVE this tutorial and presentation. very adhd friendly and adorable. Thank you for taking the time on this video. There are people that appreciate the work you've done. :)

  • @goat5480
    @goat5480 Год назад +5

    First time i see your channel, love the style and lain inspiration, you got yourself a new subscriber here 💪

  • @dream0283
    @dream0283 Год назад

    I just started learning about it yesterday and surprisingly, you released this video today. 😂

  • @NTxC
    @NTxC Год назад

    Forgot to mention your videos are a great introduction to mobile malware analysis for someone like me, coming from workstation malware analysis, so thank you for them. That damn Fishy tune though lol, I can't get rid of it from my head

  • @johnpapa8554
    @johnpapa8554 9 месяцев назад +1

    Beautiful and smart.. love your videos.

  • @CDizzzle4Rizzle
    @CDizzzle4Rizzle Год назад

    Thx for the great videos! Running strace on nmap to see how things are working under the hood. Maybe ill get to reversing some malware sometime.

  • @ankitchauhan-rv1cr
    @ankitchauhan-rv1cr 3 месяца назад

    Good one Laurie.

  • @AliceyBob
    @AliceyBob Год назад

    Amazing video. Very very usefull !!!

  • @aakarshanraj1176
    @aakarshanraj1176 4 месяца назад +3

    great video, but there are some mistakes, there is pread64 in command at 10:21 so the command didn't worked as intended.

    • @lis6502
      @lis6502 2 месяца назад

      i don't think that this was intended but if you were able to spot it then you already know were to find correct syntax ;p

  • @mateuspaimdebarros6959
    @mateuspaimdebarros6959 9 месяцев назад

    Você é a programadora mais linda que eu já vi

    • @0xReip
      @0xReip 9 месяцев назад

      Verdade

  • @miss_tech
    @miss_tech Год назад +1

    I love your conentent 🎉

  • @andyhusheng
    @andyhusheng 5 месяцев назад

    It's a nice voice. I like it😀

  • @Pixalynx
    @Pixalynx Год назад +2

    could you make a video on how you make your videos, I want to know how you make the overlays for copland OS etc

  • @illegalsmirf
    @illegalsmirf 10 месяцев назад +1

    she's such adorbs 🥹

  • @gert9537
    @gert9537 Год назад +3

    Could you make a video on ltrace :)

  • @jagagemo8141
    @jagagemo8141 13 дней назад

    Nice

  • @roccoranallo4027
    @roccoranallo4027 Год назад +2

    Great video Laurie, can you do one on GDB?

    • @lauriewired
      @lauriewired  Год назад +1

      Great suggestion! It's on my list of one to do soon

  • @PlatzHalter-j3i
    @PlatzHalter-j3i 4 месяца назад

    what linux distribution you use ?

  • @microscorpi0n
    @microscorpi0n Год назад

    Why do you suppose the order of parent/child output is different after executing fork_example with the -f flag versus without?
    Is the timing of parent/child process execution indeterminate?

    • @lauriewired
      @lauriewired  Год назад +1

      It's actually just happenstance what gets printed first since calling fork creates a new process that executes at the same time. You could even get these printed in a different order each time you run

  • @OPlutarch
    @OPlutarch Год назад

    Love it, thank you very much! Can you make the future videos with more zoom on the terminal? Please :)

    • @lauriewired
      @lauriewired  Год назад +2

      Sure thing, future videos are now using a larger font :)

  • @H0LAI
    @H0LAI Год назад

    I find the system call code extremely interesting from a signal path perspective. I got recommended sysinternals by GPT4 for psexec to get a peek inside the kernel. I'm curious if anything in sysinternals or syscalls can do this signal path analysis for AI behaviour, just as deep.
    Thanks for the video Laurie.

  • @AliceyBob
    @AliceyBob Год назад

    The desktop image with TUX. Please, share it !!

  • @StupidusMaximusTheFirst
    @StupidusMaximusTheFirst Год назад

    I need to run an strace to detect the last time I needed to run strace. I wish you well, and I hope you never stop, but just remember that there might be a day when it's gonna be the last time you will ever run strace. You won't realize it, but you will never use strace ever again after that day. Sad...

  • @levonschaftin3676
    @levonschaftin3676 Год назад +7

    i love you

  • @HassanalBolkiahSoyjak
    @HassanalBolkiahSoyjak Год назад +2

    What do you think of /g/ and Sneed?

    • @me_12-vw1vi
      @me_12-vw1vi Год назад +1

      my wife Laurie thinks fondly of /g/ - gentlemen and Sneed is an important historical figure

  • @ssuuy
    @ssuuy Год назад +2

    yeah but there is still pread64

  • @Omar-sr1ln
    @Omar-sr1ln 11 месяцев назад +1

    wanna be tracer ? 🎵🎵

  • @DominikZalewski85
    @DominikZalewski85 Год назад +1

    Nicely explained and I like the style :) Sub from me

  • @theshadypersonify
    @theshadypersonify 7 месяцев назад +1

    I clicked for the Thumbnail and I was mislead. >:(

  • @InfernoPetrivich-mk5ft
    @InfernoPetrivich-mk5ft Год назад

    @LaurieWired , are u maried?) You sooo cute