seras
12-21-2008, 08:16 AM
Has anybody done some research or looked at reversing/understanding Perl bytecode?
I currently have a software package (Linux/*BSD based) that is built using perlcc however I've done a fair amount of googling around and reading on Perl Internals and getting stuck in trying to reverse it.
I'm less interested in patching the software and more interesting in trying to understand the internals (both so I can generate a serial, get constant patches, so I can keep on testing the bastard.., and so I can pull perl apart).
Target is Perl 5.x, binaries are stripped
Current idea on approaching this:
* Perl internals is based on stack-engine design, load program and break on perl_init_aaaa(), then try searching for magic or structures (op-list, sv-list, etc.) and record memory offset
* Let perl_init_aaaa() complete, stop before perl_parse() and then we should have all the strings loaded into xv* (perhaps snag this with libdasm? Never used it before, but seems appropriate)
* Dump bytecode to disk and try to fill in some of the blanks
I currently have a software package (Linux/*BSD based) that is built using perlcc however I've done a fair amount of googling around and reading on Perl Internals and getting stuck in trying to reverse it.
I'm less interested in patching the software and more interesting in trying to understand the internals (both so I can generate a serial, get constant patches, so I can keep on testing the bastard.., and so I can pull perl apart).
Target is Perl 5.x, binaries are stripped
Current idea on approaching this:
* Perl internals is based on stack-engine design, load program and break on perl_init_aaaa(), then try searching for magic or structures (op-list, sv-list, etc.) and record memory offset
* Let perl_init_aaaa() complete, stop before perl_parse() and then we should have all the strings loaded into xv* (perhaps snag this with libdasm? Never used it before, but seems appropriate)
* Dump bytecode to disk and try to fill in some of the blanks