Skip navigation.
Home

Wine

|

Hi guys,

I've been reversing some crackmes and I'm quite comfortable with my actual tools, I only have linux installed on my computer so I use wine and ida server to reverse windows binaries, I've tried to use gdb but it freezes when wine creates a new process to execute the crackme, anyway the question is...

I would like to start reversing malware, how adequate is my actual configuration, do you think it's safe enough to use wine or do I have to use one of those fancy hypervisors? as I said I would like to preserve the way I'm reversing now

--
Avi

Virtual Machines

When I first started in this field, I did exactly what you were doing. Unfortunately the tools are written for windows and you really are at a disadvantage if you don't use them. You can still use Linux, but you'll want to look into some sort of VM.

Thanks dannyquist, I really

Thanks dannyquist,

I really liked your post at the getting started section, I'm now quite accustomed to the linux command line and even to use the linux version of ida it's a pain for me.

Do you keep using ndisasm? I like to see the output of objdump and take a look to the symbol table with nm, but I know thats not enough, the lida (linux interactive disassembler) page has a great explanation of why objdump falls short for the task, so for now ida is a must but I don't see why the wine api can't be as effective as a virtual machine.

wine pitfalls

Running malware on linux via the wine api is interesting though not without pitfalls. Here's a blog post of how the host linux system can become infected partially/fully if you're taking the next step and actually running the malware using wine:
http://www.trustedsource.org/blog/186/Running-Windows-Malware-in-Linux

If you *really* want to use linux for RE, you could set up a linux VM running on your linux system though in any case, I would strongly recommend using a VM to protect your system.

I too have sacked my windows system in favor of a native linux setup, though I use a WinXP VM for my malware dissecting fun... I've found Virtual Box to be the best so far in Ubuntu and Mac if you're into that.

-Mac