1

I have binary executable file compiled from C-source and I know that it uses some of UNIX system environment variables. Unfortunately I have no documentation and decompiling/reverse-engineering is very difficult.

Is there a way to find which env variables the app tries to read in runtime?

I mean, if C's getenv reads some file to get variable values or does a system call, it is possible. So, can I do it?

Aleksei Petrenko
  • 6,698
  • 10
  • 53
  • 87
  • 1
    I'm not an expert on the environment variables, but I think you can trace system calls with `ptrace`. – bzeaman Dec 09 '14 at 12:13
  • 2
    `strings(1)` might help you to identify the names of the envrionment variables. – Blagovest Buyukliev Dec 09 '14 at 12:20
  • 3
    @Benno Zeeman: `strace` (this is what you meant probably, `ptrace()` is the system call `strace` utilizes) won't help much here. `getenv()` is not a system call, it's a C library function that basically just dereferences the third parameter of the `main()` function (available as `__environ` pointer to every C program) which points to the process memory area where environment variables are stored. – mfro Dec 09 '14 at 12:58
  • mfro, thank you for this info. I checked getenv implementation and indeed it does not do anything except reading `__environ`. – Aleksei Petrenko Dec 09 '14 at 13:55
  • 1
    As a supporting answer to @BennoZeeman's answer . You can also use the `ltrace` tool to check the calls for `getenv`. – deimus Dec 09 '14 at 16:04

2 Answers2

1

strings(1) might help you to identify the names of the envrionment variables. – Blagovest Buyukliev

Armali
  • 18,255
  • 14
  • 57
  • 171
1

One can use a debugger, set a breakpoint on getenv, and inspect the function argument. This is possible even without debug information (albeit more difficult, since it requires knowledge of the calling convention).

Armali
  • 18,255
  • 14
  • 57
  • 171