Assistance in Reverse engineering in house software installed, on a prior system in a
Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Assistance in Reverse engineering in house software installed, on a prior system in a
Hi I am trying to port in an in house developed application over from RHEL 4 32 bit to RHEL 6 32 bit, the application was in house developed and the developer is no longer with us.
I have migrated all application files and folders, user accounts and groups with correct permissions to the testbox. The application is was created in house and when each user logs in the application is launched by a .bash_profile in there home dir.
Code:
#------------------------------------
# additional procedures for users
#
if [ `id -gn` = "bms" ]
then
umask 0000
cd /applic/bms
case `id -un` in
phil)
return 0
;;
*)
exec menu
;;
esac
fi
If I am decoding this right it 's saying if the id group name = bms (yes the users are part of the bms group already) then it set's the umask of 0000 for the user environment, then the next statement is saying, if the user is (phil old developer) then return exit code 0, so he can ssh in without the program loading.
If anything else it will run the command "exec menu" then escape.
Interesting part is right now I cannot su - username (to one of the migrated accounts at current) because I get the error message:
-bash: exec: menu: not found
Was under the impression "menu" was a binary I realise it's a directory. I cd /applic/bms
file menu
menu: directory
I confirmed this on the old system and ran exec menu, and the program launched.
This program is run's terminal and looks to refer to txt files.
As expected since it's a folder, that somehow executes and launches the terminal application:
Debugging it can be an issue: most debuggers require a binary not a folder.
Code:
ltrace menu
ltrace: Can't open ELF file "menu"
gdb menu
menu: No such file or directory.
strace menu
strace: menu: command not found
ltrace menu
ltrace: Can't open ELF file "menu"
Here is an example of the application working on the exisiting server:
Code:
lsof -u testuser
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 32013 testuser cwd DIR 8,2 4096 2 /
sshd 32013 testuser rtd DIR 8,2 4096 2 /
sshd 32013 testuser txt REG 8,2 308912 670531 /usr/sbin/sshd
sshd 32013 testuser mem REG 8,2 14542 538256 /lib/libutil-2.3.4.so
sshd 32013 testuser mem REG 8,2 63624 706624 /usr/lib/libz.so.1.2.1.2
sshd 32013 testuser mem REG 8,2 415188 705924 /usr/lib/libkrb5.so.3.2
sshd 32013 testuser mem REG 8,2 7004 538164 /lib/libcom_err.so.2.1
sshd 32013 testuser mem REG 8,2 5592 540277 /lib/security/pam_loginuid.so
sshd 32013 testuser mem REG 8,2 2912 540260 /lib/security/pam_deny.so
sshd 32013 testuser mem REG 8,2 49224 540300 /lib/security/pam_unix.so
sshd 32013 testuser mem REG 8,2 3220 540283 /lib/security/pam_permit.so
sshd 32013 testuser mem REG 8,2 18532 540274 /lib/security/pam_limits.so
sshd 32013 testuser mem REG 8,2 945152 540536 /lib/libcrypto.so.0.9.7a
sshd 32013 testuser mem REG 8,2 1454462 540315 /lib/tls/libc-2.3.4.so
sshd 32013 testuser mem REG 8,2 17388 540296 /lib/security/pam_succeed_if.so
sshd 32013 testuser mem REG 8,2 82944 705565 /usr/lib/libgssapi_krb5.so.2.2
sshd 32013 testuser mem REG 8,2 15324 538182 /lib/libdl-2.3.4.so
sshd 32013 testuser mem REG 8,2 95148 538195 /lib/libnsl-2.3.4.so
sshd 32013 testuser mem REG 8,2 51004 538153 /lib/libaudit.so.0.0.0
sshd 32013 testuser mem REG 8,2 12160 540258 /lib/security/pam_cracklib.so
sshd 32013 testuser mem REG 8,2 79488 538240 /lib/libresolv-2.3.4.so
sshd 32013 testuser mem REG 8,2 28504 706554 /usr/lib/libwrap.so.0.7.6
sshd 32013 testuser mem REG 8,2 32024 538230 /lib/libpam.so.0.77
sshd 32013 testuser mem REG 8,2 6696 540281 /lib/security/pam_nologin.so
sshd 32013 testuser mem REG 8,2 10756 540294 /lib/security/pam_stack.so
sshd 32013 testuser mem REG 8,2 10272 540261 /lib/security/pam_env.so
sshd 32013 testuser mem REG 8,2 136016 705684 /usr/lib/libk5crypto.so.3.0
sshd 32013 testuser mem REG 8,2 27191 538165 /lib/libcrypt-2.3.4.so
sshd 32013 testuser mem REG 8,2 21280 538210 /lib/libnss_dns-2.3.4.so
sshd 32013 testuser mem REG 8,2 106397 538134 /lib/ld-2.3.4.so
sshd 32013 testuser mem REG 8,2 45800 538213 /lib/libnss_files-2.3.4.so
sshd 32013 testuser mem REG 8,2 56336 540538 /lib/libselinux.so.1
sshd 32013 testuser mem REG 8,2 28488 705258 /usr/lib/libcrack.so.2.7
sshd 32013 testuser DEL REG 0,6 494195751 /dev/zero
sshd 32013 testuser DEL REG 0,6 494195436 /dev/zero
sshd 32013 testuser 0u CHR 1,3 1734 /dev/null
sshd 32013 testuser 1u CHR 1,3 1734 /dev/null
sshd 32013 testuser 2u CHR 1,3 1734 /dev/null
sshd 32013 testuser 3u IPv6 494195404 TCP testserver.domain.local:ssh->testclient.domain.local:49505 (ESTABLISHED)
sshd 32013 testuser 4u unix 0xe009edc0 494195752 socket
sshd 32013 testuser 5r FIFO 0,7 494195767 pipe
sshd 32013 testuser 6w FIFO 0,7 494195767 pipe
sshd 32013 testuser 7u CHR 5,2 548 /dev/ptmx
sshd 32013 testuser 8u CHR 5,2 548 /dev/ptmx
sshd 32013 testuser 9u CHR 5,2 548 /dev/ptmx
menu 32014 testuser cwd DIR 8,2 16384 1612514 /applic/bms
menu 32014 testuser rtd DIR 8,2 4096 2 /
menu 32014 testuser txt REG 8,2 364444 1613601 /applic/bms/obj/menu
menu 32014 testuser mem REG 8,2 106397 538134 /lib/ld-2.3.4.so
menu 32014 testuser mem REG 8,2 1454462 540315 /lib/tls/libc-2.3.4.so
menu 32014 testuser mem REG 8,2 178019 540317 /lib/tls/libm-2.3.4.so
menu 32014 testuser 0u CHR 136,20 22 /dev/pts/20
menu 32014 testuser 1u CHR 136,20 22 /dev/pts/20
menu 32014 testuser 2u CHR 136,20 22 /dev/pts/20
menu 32014 testuser 3u REG 253,0 4096 1933583 /data/bms/sy_cmp.idx
menu 32014 testuser 4u REG 253,0 4008 1933582 /data/bms/sy_cmp.dat
menu 32014 testuser 5u REG 253,0 4096 4030468 /data/bms/sy_usr.idx
menu 32014 testuser 6u REG 253,0 42042 4030467 /data/bms/sy_usr.dat
The application does have specific environment variables to it which are not on the new system, however I cannot locate these environment variables in any .profile/.bash_profile/.bashrc/ or /etc/profile, /etc/bash_rc or /etc/bach_profile files on the current working server, so I am under the impression these are might be launched upon successful application launch.
I am throwing this question about by chance, any suggestions or ideas?
Any idea's about running exec on a directory that launches an application?
From the lsof listing you posted, it looks like the menu might be in /applic/bms/obj/menu. You could probably confirm this on the old machine by su'ing to phil and running "which menu" or "whereis menu". Once you have confirmed the location, I'd recommend that you specify the full path name in the exec command in your .bash_profile, rather than relying on it being in your $PATH.
When I went onto the old machine and did a 'which menu'
Code:
[phil@prodsys1~]# which menu
/applic/bms/obj/menu
On the new machine, I modifies the .bash_profile of one of the users even tried as user phil, same error when i try:
Code:
exec /applic/bms/obj/menu
It attempts to launch the program. except I get this error.
Code:
+--------------< An error has occurred - call system supervisor >--------------+
≠ ≠
≠ ≠
≠ menu : Open error on .//sy_cmp,code 002,z=-001 ≠
≠ ≠
≠ No such file or directory ≠
≠ ≠
+------------------------ Press any key to continue ---------------------------+
I have to ask, if he was your developer, did the source code get left behind as well?
I noticed that the application you are working on is in "/applic/bms/obj/", is there a corresponding "/applic/bms/src/"? Or, in the home directory structure of user 'phil'?
That said, the error looks to be something more like a missing file than a database, possibly something stored in the connecting user's home directory as a hidden file or directory.
That sounds to me like great news. If this folder is copied over to the new system, you might (might) be able to run 'make' and 'make install' and have everything magically work again. I can't stress quite enough to make sure this folder is backed up first.
Even if that doesn't work, having the source code available allows you to find someone who knows that language, even if it is a contractor or freelancer, to get you on your feet again. All you have to do is determine what kind of project it is. Python? C/C++? Perl? Php?
If you post a directory listing I'm sure we could help with that part at least.
Wow. Honestly it looks like the .c files there may have been generated by some other tool. Sadly, I don't recognize the files enough to say what tool. The generated c files may have a tool signature at the top of the file, something like "Generated by X", or you may be able to see in one of the ".note" or ".notes" files.
One last thought: is "menu" (in src) a binary file or an executable text file (script)?
Menu is a text program and inside looks to be C code. here is a small snippet of ajfix
Code:
less ajfix
dump(v=n,e=v)
name ajfix
save obj/ajfix
title =no
title Fix cred
*------------------------------------------------------------------
* files & templates
*------------------------------------------------------------------
file zu fdes/sy_usr
file zc fdes/sy_cmp
file za fdes/cp_cal
file pj fdes/ap_jnl
*------------------------------------------------------------------
* data definitions
*------------------------------------------------------------------
call define
call call/define
I am really not at liberty to expose any code as it' business application, if you can give me an example of what functions or variables or something that can give an example to showing how it's compiled so I can compile it on the new system that would be good.
I am really not at liberty to expose any code as it' business application, if you can give me an example of what functions or variables or something that can give an example to showing how it's compiled so I can compile it on the new system that would be good.
Sure, I thought as much.
The main point I think you need to get to is to figure out whether it is actually a compiled language or possibly something like a Python script, or possibly a scripted wrapper for some other application.
But after re-reading the thread a couple more times, I think that you may need to be a little more circumspect about the PATH. The being explicit on the menu path may not be enough. The error you are getting about the sy_cmp file is a good indicator.
So you might want to add /applic and /data to your path variable and see what happens next.
Overall, is it possible for you to compare the original system runtime path and the new path and make any obvious adjustments.
Hi sorry for the delay, It's been a flat out week.... I have been advised to drop this project for now as there are bigger things on my plate. Thanks for your time in troubleshooting.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
