Snow Leopard impact into reverse engineering world...

Some folks were complaining about problems with otx and Snow Leopard so I decided to boot my Snow Leopard install and give it a try…
Well they were right since Snow Leopard compiles 64 bit binaries by default. otx v0.16b seems to have problems so you will need to download from the SVN and compile yourself the most recent version. If you try to follow the tutorial you will have problems because you will have 64 bit registers (rax instead eax, for example) so you need to adapt the tutorial.

Here is a short list of problems that I was able to quickly identify:

  • otx doesn’t support x86_64 binaries. Download latest version from the SVN.
  • gdbinit doesn’t work with x86_64 binaries. Need to update its code to support 64 bit registers.
  • Onyx the black cat and rootkits don’t work. nsysent location was moved, this article explains how to find it (nice thing, less work for me!).
  • hummm I had something else but I just forgot 😃.

I will try to update the tools and texts to this new “world”. Meanwhile, if you are quicker than me and do it first then feel free to send it to me so I can publish them.

That’s it for now. Have fun!

You can always use the -m32 option to gcc to compile 32 bit binaries.