Now that we have the MenuetOS 64 disk image file (M6414490.IMG), it is time to analyze! We will analyze the image file both statically and dynamically. Static analysis is reading and analyzing code without running it, whereas dynamic analysis is running the code and watching how it changes registers and memory during execution. Each analysis mode compliments the other; there are some things that can only be discerned through code execution, like register values or stack layout at a specific point in time during execution. Static analysis is useful for “filling in the blanks” when executing code to understand what the code should do next (or just did). Since MenuetOS 64 is written in Intel x64 assembly, our static analysis will consist of memory mapped disassembly in Ghidra. After reading this post, readers should understand how to launch a MenuetOS 64 virtual machine using QEMU as well as how to attach a debugger (gdb) to QEMU in order to debug while code is executing. Also, readers should understand how MenuetOS 64 begins the boot process as control of execution is passed to MenuetOS 64 code from the virtualization firmware.
↫ Nicholas Starke
This is an old post – from late 2022 – but a great read nonetheless, and considering MenuetOS doesn’t change very much from year to year, it’s still mostly relevant.
I regularly visit the MenuetOS website to see how the project is doing… it’s a nice project. Unfortunately it’s not (no longer?) open source.
The license on the website contains this:
> Redistribution, reverse engineering, disassembly or decompilation prohibited without permission from the copyright holders.
So is the work done in this article a breach of the license?
Interesting read nonetheless.
Reverse engineering is not illegal everywhere. I am not 100% sure, but in Germany it is allowed.