How it works...

In step 1, we run our signature detection Python script against the encoded binary. The output indicates that no signatures were detected. Your output should resemble the following screenshot:

Then, in step 2, we run objdump against the binary. When we examine the main function, there's really nothing out of the ordinary that we can gather from the output. Your output should look similar to the following screenshot. We can see the stack initialization in the first few instructions with an address that's copied onto the stack and then copied into rdx. A null byte is copied into eax and then the address in rdx is called. From ...

Get Binary Analysis Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.