x86 Disassembly/Linux

The GNU/Linux operating system is open source, but at the same time there is so much that constitutes "GNU/Linux" that it can be difficult to stay on top of all aspects of the system. Here we will attempt to boil down some of the most important concepts of the GNU/Linux Operating System, especially from a reverser's standpoint

The concept of "GNU/Linux" is mostly a collection of a large number of software components that are based on the GNU tools and the Linux kernel. GNU/Linux is itself broken into a number of variants called "distros" which share some similarities, but may also have distinct peculiarities. In a general sense, all GNU/Linux distros are based on a variant of the Linux kernel. However, since each user may edit and recompile their own kernel at will, and since some distros may make certain edits to their kernels, it is hard to proclaim any one version of any one kernel as "the standard". Linux kernels are generally based on the philosophy that system configuration details should be stored in aptly-named, human-readable (and therefore human-editable) configuration files.

The Linux kernel implements much of the core API, but certainly not all of it. Much API code is stored in external modules (although users have the option of compiling all these modules together into a "Monolithic Kernel").

On top of the kernel generally runs one or more shells. Bash is one of the more popular shells, but many users prefer other shells, especially for different tasks.

Beyond the shell, Linux distros frequently offer a GUI (although many distros do not have a GUI at all, usually for performance reasons).

Since each GUI often supplies its own underlying framework and API, certain graphical applications may run on only one GUI. Some applications may need to be recompiled (and a few completely rewritten) to run on another GUI.

Here are some popular shells:

Bash

An acronym for "Bourne Again SHell."

Bourne

A precursor to Bash.

Csh

C Shell

Ksh

Korn Shell

TCsh

A Terminal oriented Csh.

Zsh

Z Shell

Some of the more popular desktop environments:

GNOME

GNU Network Object Modeling Environment

KDE

K Desktop Environment

gdb

The GNU Debugger. It is available on most Linux distributions, and is primarily used to debug ELF executables. manpage

winedbg

A debugger for Wine, used to debug Windows executables under Linux. manpage

edb

A fully featured plugin-based debugger inspired by the famous OllyDbg. Project page

strings

Finds printable strings in a file. When, for example, a password is stored in the binary itself (defined statically in the source), the string can then be extracted from the binary without ever needing to execute it. manpage

file

Determines a file type, useful for determining whether an executable has been stripped and whether it's been dynamically (or statically) linked. manpage

objdump

Disassembles object files, executables and libraries. Can list internal file structure and disassemble specific sections. Supports both Intel and AT&T syntax

nm

Lists symbols from executable files. Doesn't work on stripped binaries. Used mostly on debugging version of executables.