debugging stripped binary by using disasamble the assmbly code
no symbols binary debig
Write below code into test.c
//----------------------------------
#include<stdio.h>
void fun(int x)
{
int a = 10;
printf("%d\n", a+x);
}
int main()
{
int x = 5;
fun(5);
return 0;
}
//-----------------------------
-> compile with
#gcc -O3 test.c -o test
-> Look for a symbols using nm command
# nm test
0000000000201010 B __bss_start
0000000000201010 b completed.7698
w __cxa_finalize@@GLIBC_2.2.5
0000000000201000 D __data_start
0000000000201000 W data_start
00000000000005c0 t deregister_tm_clones
0000000000000650 t __do_global_dtors_aux
0000000000200dc0 t __do_global_dtors_aux_fini_array_entry
0000000000201008 D __dso_handle
0000000000200dc8 d _DYNAMIC
0000000000201010 D _edata
0000000000201018 B _end
0000000000000734 T _fini
0000000000000690 t frame_dummy
0000000000200db8 t __frame_dummy_init_array_entry
00000000000008a4 r __FRAME_END__
00000000000006a0 T fun
0000000000200fb8 d _GLOBAL_OFFSET_TABLE_
w __gmon_start__
0000000000000748 r __GNU_EH_FRAME_HDR
0000000000000510 T _init
0000000000200dc0 t __init_array_end
0000000000200db8 t __init_array_start
0000000000000740 R _IO_stdin_used
w _ITM_deregisterTMCloneTable
w _ITM_registerTMCloneTable
0000000000000730 T __libc_csu_fini
00000000000006c0 T __libc_csu_init
U __libc_start_main@@GLIBC_2.2.5
0000000000000560 T main
U __printf_chk@@GLIBC_2.3.4
0000000000000600 t register_tm_clones
0000000000000590 T _start
0000000000201010 D __TMC_END__
-> Remove symbols using strip -s
# strip -s test
-> Check for symbols
#nm test
nm: test: no symbols
-> run gdb for test
#gdb test
GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from test...(no debugging symbols found)...done.
(gdb) b main
Function "main" not defined.
Lets start how to debug
-> Locate entry point with 'nfo file'
(gdb) info file
Symbols from "/home/bkotha/tt/test".
Local exec file:
`/home/bkotha/tt/test', file type elf64-x86-64.
Entry point: 0x590
----
(gdb)
-> now set the break point at Entry point address
(gdb) b 0x590
Breakpoint 1 (0x590)
-> then do the disasamble code
(gdb)disas
no symbols binary debig
Write below code into test.c
//----------------------------------
#include<stdio.h>
void fun(int x)
{
int a = 10;
printf("%d\n", a+x);
}
int main()
{
int x = 5;
fun(5);
return 0;
}
//-----------------------------
-> compile with
#gcc -O3 test.c -o test
-> Look for a symbols using nm command
# nm test
0000000000201010 B __bss_start
0000000000201010 b completed.7698
w __cxa_finalize@@GLIBC_2.2.5
0000000000201000 D __data_start
0000000000201000 W data_start
00000000000005c0 t deregister_tm_clones
0000000000000650 t __do_global_dtors_aux
0000000000200dc0 t __do_global_dtors_aux_fini_array_entry
0000000000201008 D __dso_handle
0000000000200dc8 d _DYNAMIC
0000000000201010 D _edata
0000000000201018 B _end
0000000000000734 T _fini
0000000000000690 t frame_dummy
0000000000200db8 t __frame_dummy_init_array_entry
00000000000008a4 r __FRAME_END__
00000000000006a0 T fun
0000000000200fb8 d _GLOBAL_OFFSET_TABLE_
w __gmon_start__
0000000000000748 r __GNU_EH_FRAME_HDR
0000000000000510 T _init
0000000000200dc0 t __init_array_end
0000000000200db8 t __init_array_start
0000000000000740 R _IO_stdin_used
w _ITM_deregisterTMCloneTable
w _ITM_registerTMCloneTable
0000000000000730 T __libc_csu_fini
00000000000006c0 T __libc_csu_init
U __libc_start_main@@GLIBC_2.2.5
0000000000000560 T main
U __printf_chk@@GLIBC_2.3.4
0000000000000600 t register_tm_clones
0000000000000590 T _start
0000000000201010 D __TMC_END__
-> Remove symbols using strip -s
# strip -s test
-> Check for symbols
#nm test
nm: test: no symbols
-> run gdb for test
#gdb test
GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from test...(no debugging symbols found)...done.
(gdb) b main
Function "main" not defined.
Lets start how to debug
-> Locate entry point with 'nfo file'
(gdb) info file
Symbols from "/home/bkotha/tt/test".
Local exec file:
`/home/bkotha/tt/test', file type elf64-x86-64.
Entry point: 0x590
----
(gdb)
-> now set the break point at Entry point address
(gdb) b 0x590
Breakpoint 1 (0x590)
-> then do the disasamble code
(gdb)disas
No comments:
Post a Comment