All Questions
33
questions
1
vote
2
answers
592
views
Adding debug symbols with GDB
In CTFs when I'm given some ELF file, it usually wasn't compiled with the -g flag. Is there a way to to somehow edit the file to make it be as if the ELF file was originally compiled with the -g flag?
...
- 141
3
votes
1
answer
395
views
How can I verify section -> segment mapping for ELFs on linux?
I'm looking at at ELF on linux and I have readelf --segments ./myELF which shows:
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR ...
- 1,880
5
votes
0
answers
338
views
What utilities allow you to debug a process without pausing execution?
I was just reading this answer on StackOverflow, "How can you debug a process using gdb without pausing it?"
The Linux kernel provides some support for this via PTRACE_SEIZE, but gdb doesn'...
- 1,789
0
votes
1
answer
680
views
Debugging Windows applications on Linux: Hardware watchpoints and backtracing in IDA not working and winedbg hardware watchpoints borderline unusable?
As in the title. Maybe someone has any experience with this. It's a significant impediment when trying to debug Windows applications on Linux. I find hardware watchpoints, in particular, to be ...
- 115
1
vote
2
answers
1k
views
Run a python in command (kali) with "run" on gdb-peda$
While debugging a program under gdb with gdb-peda installed, I need to pass args to the binary using output from something like python.
Why I am not getting AAAAA?
gdb-peda$ b doSomthing
gdb-peda$ run ...
- 21
1
vote
0
answers
31
views
Using rbreak without import functions
While debugging with GDB I want to break for each function and print the PC register.
rbreak .
define hook-stop
i r $PC
c
end
The problem is that is stop on functions that imported like printf ...
1
vote
1
answer
3k
views
How can I find out the size of heap allocations?
While I debug with GDB I see the address of a buffer that's located on the heap.
How can I know what is the size of this buffer? Or where (in the code) this buffer was originally allocated?
When I ...
2
votes
0
answers
638
views
Passing a String into a Function With GDB
So, I have a function with the prototype according to GDB:
{std::string (std::string)} 0x56027729e545
<function(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator&...
- 21
1
vote
0
answers
84
views
Handle Ioctl call while running with qemu
I am using qemu to emulate a binary like this
qemu -strace XXXXX .
I saw that the first 2 system calls of this process were TCGETS to stdin and stdout. From man pages
Get and set terminal attributes
...
- 21
3
votes
1
answer
2k
views
ELF binary injection
I am currently working on an ELF-injector and my approach is standard: find code cave (long enough sequence of 0's), rewrite it with the instructions I want to execute and then jump back to the start ...
1
vote
1
answer
584
views
Edit IDA signal handler
In Ida Pro while debugging linux process with gdbserver I got window that show than SIGTRAP has been arrived, I choose to pass it to application.
How can I edit that choose now? I want to ignore this ...
- 11
0
votes
1
answer
228
views
Debug process that use /dev/watchdog
I want to debug a process with gdb into Linux system, but the problem is that process pings /dev/watchdog so when I tried to debug it, it stop the process for longer than the watchdog interval so the ...
1
vote
2
answers
313
views
Is address in program can change
I talking about linux arch.
When I open program in Ida (statically ) I can see all instructions address like 0x20da mov r8 r2
When I want use that address to breakpoint (for example with ptrace or ...
1
vote
1
answer
186
views
How can I debug open source C code for Linux?
I want to debug & reverse engineer open source code such as this project. I usually use CLion to write and debug C code on Linux. I've also used GDB. What steps do I need to take to download a ...
- 1,880
2
votes
1
answer
943
views
Reverse getline(cin, text)
I'm trying to solve a crackme that was made in C++, and I was able to
"recreate" a function call, through the library calls the program made. Here's the piece of code that I'm trying to reverse:
...
- 99
1
vote
1
answer
408
views
Find out if address store in heap or stack
While dynamic debugging with ida and gdb-server on binary file running on linux , I saw address that store some value.
How can I know if this address allocated in stack or in heap?
- 523
1
vote
1
answer
2k
views
why saved rip changed by push?
I am doing a reverse homework. see the following pictures:
as can be seen from this picture, before call push touch3, "saved rip" is at 0x5561dca8, which is equal to the current rsp(0x5561dca8).
...
- 19
2
votes
2
answers
2k
views
Step Over not working in GDB
In the function below, let's say EIP is 0x400688. Now, I want to step over the call instead of stepping inside the subroutine.
0x40067a <main+4> sub $0x20,%rsp ...
- 765
1
vote
0
answers
3k
views
Reverse Engineering Linux Core Dump
I have a Linux Core Dump file for a binary (which apparently crashed during execution)
file command on the core dump:
core.123: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/...
- 765
1
vote
0
answers
2k
views
My core dump's backtrace stops to a signal handler, what can I do?
I obtained an ELF core dump that was provoked by fuzzing a proprietary server. As I do not have access anymore to the machine that hosted this server, and the server is part of a tightly coupled set ...
2
votes
2
answers
5k
views
Changing Entrypoint in ELF executable
I wrote some code that does the following:
Searches for and finds an offset in a binary file to add code (looks for a sequence of 00s I can overwrite).
Then, I change the entrypoint of the ELF to ...
- 29
3
votes
1
answer
1k
views
using GDB and dealing with breakpoint detection
I am trying to solve a reverse engineering challenge using using gdb. I can run the program inside it but when I set a breakpoint at main then I get
Program received signal SIGSEGV, Segmentation ...
- 115
4
votes
2
answers
4k
views
How to stop debugger right after the execution?
I'm using /bin/true as my sample binary (without available main method):
$ lldb /bin/true
(lldb) target create "/bin/true"
Current executable set to '/bin/true' (x86_64).
(lldb) break main
invalid ...
- 505
2
votes
0
answers
2k
views
How to set-up GDB debugging in IDA Pro on Linux via Wine?
I tried running on linux via root terminal:
gdbserver --multi localhost:23947
And then at IDA Pro at Wine I use Remote GDB debugger with my local ip and port:
However when I start debugging I think ...
- 421
2
votes
1
answer
753
views
Custom gdb output
Yesterday i noticed a nice output from dbg while going through a write up on the internet. As am new to dbg i googled a lot as i wanted to make dbg work similar for me. As seen below this ...
- 23
3
votes
2
answers
10k
views
How can I change the value of a variable while debugging?
I know that I can output the value of a variable using
(gdb) p var_name
$1 = "varvalue"
Is there a way to set the value of a variable while debugging with gdb? The document that I'm using doesn't ...
- 453
4
votes
1
answer
4k
views
How to rebase IDA to match GDB
I would like to debug my elf file on linux using GDB and follow the disassembly in IDA, is this possible? And if it is how would I rebase IDA to match with GDB?
Thanks!
- 187
1
vote
1
answer
1k
views
How to debug a binary with the relative path in argv[0]?
I have a binary test that I want to debug with gdb. As you can see pwd is /tmp:
$ gdb
(gdb) file test
Reading symbols from /tmp/test...(no debugging symbols found)...done.
(gdb) pwd
Working directory ...
- 3,079
9
votes
2
answers
16k
views
Why does `ldd` and `(gdb) info sharedlibrary` show a different library base address?
I see three different outputs for where libc should be loaded.
ldd shows the loading address of libc at 0xf7e9e000
$ ldd ~/my_tool
linux-gate.so.1 => (0xf7ffe000)
libc.so.6 => /lib/...
- 3,079
9
votes
1
answer
948
views
Understanding segment prefixes in assembly for Linux
In looking at some assembly, I have come across a few instructions using segment prefixes. For example
<address>: .... mov eax,DWORD PTR gs:0x20
I understand the basics of memory segments, ...
- 91
3
votes
1
answer
3k
views
gdb setting fs register on Linux
I'm debugging an ELF 64-bit binary using gdb and I notice that the %fs register is set to 0x63. For some testing that I'd like to perform I'd like to set the %fs register to 0x00.
I tried doing a set ...
user1743
10
votes
2
answers
3k
views
Attaching GDB to a specific fork
I am trying to reverse engineer a Linux binary that makes several fork() calls. I am using GDB 7.5 on Ubuntu. What I am trying to do with GDB is attach to a certain fork() (say the second call). Is ...
- 369
123
votes
2
answers
100k
views
How to handle stripped binaries with GDB? No source, no symbols and GDB only shows addresses?
I have GDB but the binary I want to reverse engineer dynamically has no symbols. That is, when I run the file utility it shows me stripped:
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), ...
- 10.9k