All Questions
33
questions
123
votes
2
answers
100k
views
How to handle stripped binaries with GDB? No source, no symbols and GDB only shows addresses?
I have GDB but the binary I want to reverse engineer dynamically has no symbols. That is, when I run the file utility it shows me stripped:
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), ...
- 10.9k
10
votes
2
answers
3k
views
Attaching GDB to a specific fork
I am trying to reverse engineer a Linux binary that makes several fork() calls. I am using GDB 7.5 on Ubuntu. What I am trying to do with GDB is attach to a certain fork() (say the second call). Is ...
- 369
9
votes
2
answers
16k
views
Why does `ldd` and `(gdb) info sharedlibrary` show a different library base address?
I see three different outputs for where libc should be loaded.
ldd shows the loading address of libc at 0xf7e9e000
$ ldd ~/my_tool
linux-gate.so.1 => (0xf7ffe000)
libc.so.6 => /lib/...
- 3,079
9
votes
1
answer
948
views
Understanding segment prefixes in assembly for Linux
In looking at some assembly, I have come across a few instructions using segment prefixes. For example
<address>: .... mov eax,DWORD PTR gs:0x20
I understand the basics of memory segments, ...
- 91
5
votes
0
answers
338
views
What utilities allow you to debug a process without pausing execution?
I was just reading this answer on StackOverflow, "How can you debug a process using gdb without pausing it?"
The Linux kernel provides some support for this via PTRACE_SEIZE, but gdb doesn'...
- 1,789
4
votes
2
answers
4k
views
How to stop debugger right after the execution?
I'm using /bin/true as my sample binary (without available main method):
$ lldb /bin/true
(lldb) target create "/bin/true"
Current executable set to '/bin/true' (x86_64).
(lldb) break main
invalid ...
- 505
4
votes
1
answer
4k
views
How to rebase IDA to match GDB
I would like to debug my elf file on linux using GDB and follow the disassembly in IDA, is this possible? And if it is how would I rebase IDA to match with GDB?
Thanks!
- 187
3
votes
2
answers
10k
views
How can I change the value of a variable while debugging?
I know that I can output the value of a variable using
(gdb) p var_name
$1 = "varvalue"
Is there a way to set the value of a variable while debugging with gdb? The document that I'm using doesn't ...
- 453
3
votes
1
answer
2k
views
ELF binary injection
I am currently working on an ELF-injector and my approach is standard: find code cave (long enough sequence of 0's), rewrite it with the instructions I want to execute and then jump back to the start ...
3
votes
1
answer
395
views
How can I verify section -> segment mapping for ELFs on linux?
I'm looking at at ELF on linux and I have readelf --segments ./myELF which shows:
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR ...
- 1,880
3
votes
1
answer
3k
views
gdb setting fs register on Linux
I'm debugging an ELF 64-bit binary using gdb and I notice that the %fs register is set to 0x63. For some testing that I'd like to perform I'd like to set the %fs register to 0x00.
I tried doing a set ...
user1743
3
votes
1
answer
1k
views
using GDB and dealing with breakpoint detection
I am trying to solve a reverse engineering challenge using using gdb. I can run the program inside it but when I set a breakpoint at main then I get
Program received signal SIGSEGV, Segmentation ...
- 115
2
votes
1
answer
943
views
Reverse getline(cin, text)
I'm trying to solve a crackme that was made in C++, and I was able to
"recreate" a function call, through the library calls the program made. Here's the piece of code that I'm trying to reverse:
...
- 99
2
votes
1
answer
753
views
Custom gdb output
Yesterday i noticed a nice output from dbg while going through a write up on the internet. As am new to dbg i googled a lot as i wanted to make dbg work similar for me. As seen below this ...
- 23
2
votes
2
answers
2k
views
Step Over not working in GDB
In the function below, let's say EIP is 0x400688. Now, I want to step over the call instead of stepping inside the subroutine.
0x40067a <main+4> sub $0x20,%rsp ...
- 765