Master the fundamental concepts of reverse engineering through this focused micro-challenge.
Observing what a binary does at runtime is often faster than reading thousands of lines of disassembly. Linux provides three tools for this: strace, ltrace, and perf.
strace records system calls (kernel interface):
cLoading…
Key observations: open reveals file paths, connect reveals network activity, execve reveals subprocess creation.
ltrace records library calls (above syscalls):
cLoading…
perf uses hardware counters to find hot paths and encryption routines by CPU time.
You will document how strace, ltrace, and perf reveal program behavior at runtime. For example, strace output showing open("/etc/passwd", O_RDONLY) immediately tells you the binary reads the password file without reading a single instruction.
Run strace -f to follow child processes created by fork or execve. Filter noisy syscalls with strace -e trace=file to focus on file access. Pair strace with ltrace -S to see both library and system calls in one trace. For performance-heavy analysis, perf record followed by perf report shows which functions consumed the most CPU time during encryption or compression routines. Malware analysts routinely combine all three tools when triaging unknown samples in sandboxed environments.
Write a C program that opens files and allocates memory, then documents what strace, ltrace, and perf would reveal.
Requirements:
Success Criteria:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github