Re: RootKits QuestionFrom: James Oden (firstname.lastname@example.org)
- Previous message: David Ramsden: "Re: RootKits Question"
- In reply to: Nick Lange: "RootKits Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: James Oden <email@example.com> Message-Id: <200108011711.NAA16866@eworld.wox.org> Subject: Re: RootKits Question To: firstname.lastname@example.org (Nick Lange) Date: Wed, 1 Aug 2001 13:11:09 -0400 (EDT)
> Does anyone know of any rootkits off the top of their head that leave a
> /sbin/a.out behind?
a.out is the default name of a C program after it has been compiled or
linked. For instance if you had the source code:
to compile and you typed:
It would produce an executable called a.out.
If you want to find out more about this exectable type use the strings
and nm command:
strings a.out > strings.out
nm a.out > nm.out
The first command will list all the strings in the executable, and
the second command will list all the symbols in the executable.
This should give you enough information to at least have a clue about what
this little program was supposed to do.