binary-re-dynamic-analysislisted

Use when you need to run a binary, trace execution, or observe runtime behavior. Runtime analysis via QEMU emulation, GDB debugging, and Frida hooking - syscall tracing (strace), breakpoints, memory inspection, function interception. Keywords - "run binary", "execute", "debug", "trace syscalls", "set breakpoint", "qemu", "gdb", "frida", "strace", "watch memory"
aiskillstore/marketplace · ★ 329 · Data & Documents · score 79

Install: claude install-skill aiskillstore/marketplace

# Dynamic Analysis (Phase 4) ## Purpose Observe actual runtime behavior. Verify hypotheses from static analysis. Capture data that's only visible during execution. ## Human-in-the-Loop Requirement **CRITICAL: All execution requires human approval.** Before running ANY binary: 1. Confirm sandbox configuration is acceptable 2. Verify network isolation if required 3. Document what execution will attempt 4. Get explicit approval ## Platform Support Matrix | Host Platform | Target Arch | Method | Complexity | |---------------|-------------|--------|------------| | Linux x86_64 | ARM32/64, MIPS | Native `qemu-user` | Low | | Linux x86_64 | x86-32 | Native or `linux32` | Low | | macOS (any) | ARM32/64 | Docker + binfmt | Medium | | macOS (any) | x86-32 | Docker `--platform linux/i386` | Medium | | Windows | Any | WSL2 → Linux method | Medium | ### macOS Docker Setup (One-Time) ```bash # Start Docker runtime (Colima, Docker Desktop, etc.) colima start # Register ARM emulation handlers (requires privileged mode) docker run --rm --privileged --platform linux/arm64 \ tonistiigi/binfmt --install arm ``` ### Docker Mount Best Practices **CRITICAL:** On Colima, `/tmp` mounts often fail silently. Always use home directory paths: ```bash # ✅ GOOD - use home directory docker run -v ~/code/samples:/work:ro ... # ❌ BAD - /tmp mounts can fail on Colima docker run -v /tmp/samples:/work:ro ... ``` --- ## Analysis Options | Method | Isolation | Granularity | Best For | |--------|