Reverse Engineering Programs Running on Wine

Email
Comment *
File	Select/drop/paste files here
Password	(Randomized for file and post deletion; you may also set your own.)
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Flag
Oekaki	Show oekaki applet (replaces files and can be used instead)
Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf Max filesize is 16 MB. Max image dimensions are 15000 x 15000. You may upload 3 per post.

File (hide): 0e5f7b1c98b33d8⋯.jpg (3.28 MB, 3073x3073, 1:1, Red_and_white_wine_12-2015.jpg) (h) (u)

▶Reverse Engineering Programs Running on Wine Anonymous 08/09/18 (Thu) 00:46:55 No.953252>>953300 [Watch Thread][Show All Posts]

I ran Windows 7 since it had the reverse engineering tools and the programs to reverse engineer. I don't want to constantly reboot between operating systems, and I found one of the games I reverse as a hobby ran just ok on Wine.

Has anyone any commentary on reverse engineering Windows programs running on Wine with available Linux tools? I'm not familiar with the latter etiher, so recommendations help.

▶Anonymous 08/09/18 (Thu) 01:08:53 No.953263>>953266 >>953300 >>954426

i've had decent luck running cheat engine in wine against windows emulators (don't ask). i can't say the same for olly, :''(.

as far as i can tell, all my hand written asm works in wine, too. so i think most trainers are safe.

▶Anonymous 08/09/18 (Thu) 01:17:04 No.953266>>953273

>>953263

Any specific version or tweaks you had to do? I assumed tools running through wine wouldn't be a good idea.

▶Anonymous 08/09/18 (Thu) 01:26:10 No.953267

When I was using mingw and wine to write windows programs without windows, it didn't work well. I don't know how many versions of wine that was ago. I am not sure which call I was having problems with, but if I remember correctly, it was a native api call for a WinSock connection.

▶Anonymous 08/09/18 (Thu) 01:42:22 No.953272>>953290 >>953300

IDA Pro doesn't run on Linux?

There's Radare2.

▶Anonymous 08/09/18 (Thu) 01:42:53 No.953273

>>953266

i just installed the apps normally, then for winecfg i enable the hw acceleration stuff in staging, except the deprecated one.

yeah, that's what i would think, as well. haha, weird thing is the emulator runs faster in wine. could just be my imagination, though. i think software complexity and its relationship to api and shit is the main thing that determines compatibility. ymmv :)))

▶Anonymous 08/09/18 (Thu) 02:28:52 No.953290>>953609 >>954237

>>953272

radare2 is an autistic and shitty version of IDA Pro.

I do reverse engineering via kvm+qemu. WINE would just be suffering.

▶Anonymous 08/09/18 (Thu) 03:17:25 No.953300>>954271

>>953252 (OP)

If you are just doing static analysis, you don't even need wine.

>>953263

<cheat engine

I've used scanmem for a similar usecase to develop my own "cheats."

>>953272

>IDA Pro doesn't run on Linux?

Wrong. It runs natively. You can even get a freeware copy that is limited to x86_64 (aka 64 bit) binaries. It also runs perfectly in wine.

▶Anonymous 08/09/18 (Thu) 20:47:36 No.953609

>>953290

That's actually my plan in the future, would such a setup play well with pci passthrough? I'm not too interested in what the gpu is doing from a reversing perspective, but you never know.

▶Anonymous 08/09/18 (Thu) 21:13:02 No.953622

Snowman decompiler worked in WINE, even on ELFs

▶Anonymous 08/10/18 (Fri) 23:14:01 No.954237>>954296

>>953290

>radare2 is an autistic and shitty version of IDA Pro.

In what particular way?

I haven't tried it so I guess I'll give it a go.

▶Anonymous 08/11/18 (Sat) 01:21:46 No.954271>>954309

>>953300

>You can even get a freeware copy that is limited to x86_64 (aka 64 bit) binaries.

I'm pretty the freeware version is for 32bits only.

▶Anonymous 08/11/18 (Sat) 03:19:59 No.954296>>954416

>>954237

It's bloated with esoteric and partially implemented commands that were probably only useful to one guy one time, it's unstable and prone to lose everything you've been doing due to a typo, automatic analysis is very poor compared to IDA (which is what I'd mainly want to use it for), and doing things that should be simple and automatic are almost intentionally fussy. When you look at the feature set you might wonder "so why is anyone still using IDA and x64dbg?" and then you try using it and learn why.

The advantages are that it has a much wider scope, is portable, and you've got the source.

▶Anonymous 08/11/18 (Sat) 03:58:35 No.954309

>>954271

Nope, they updated it a few months ago. I'm not sure if you can still do 32bit binaries now or if it's only 64bit.

▶Anonymous 08/11/18 (Sat) 12:32:39 No.954416

>>954296

damn shame, the feature set looks nice and i was hoping for a good free reversing tool

▶Anonymous 08/11/18 (Sat) 13:15:00 No.954426>>954427

>>953263

>Cheat Engine

Does L. Spiro's Memory Hacking Software work well in WINE? I prefer it over CE. This thing: http://www.memoryhacking.com/

▶Anonymous 08/11/18 (Sat) 13:16:37 No.954427>>955589

>>954426

why use this over CE which still receives updates?

▶Anonymous 08/14/18 (Tue) 16:48:16 No.955589

>>954427

Because it does a good job.

/tech/ - Technology★

General

WebM

Theme

User JS

Do not paste code here unless you absolutely trust the source or have read it yourself!

Favorites

Customize Formatting

Filters