-1

It is about reverse engineering in linux: if I have a .c file and I compile it with gdb all it's fine. But how can I obtain the same result starting from an executable file? I tried objdump -M intel -D file to disassemble but then I would like to assemble it again in order to open it with gdb (instead if I directly open the executable with gdb I can't do things like putting breakpoints and viewing registers); I tried with nasm and gcc but they found errors in the syntax.

StackUser
  • 1,530
  • 3
  • 13
  • 17
  • Just a note: NASM uses a variant of the Intel syntax. The GNU assembler prefers AT&T syntax. And I think, you mean: compile a .c file with gcc, and assemble a file with gas (or as for short). – Martin Zabel Feb 21 '16 at 12:11
  • Within GDB you can set breakpoints with `break` and view registers with [`info registers`](http://stackoverflow.com/questions/5429137/how-to-print-register-values-in-gdb). So could you please clarify your question. – Martin Zabel Feb 21 '16 at 12:20
  • But if I use gdb with the executable (a downloaded crackme, not compiled and linked by myself) I can't set breakpoints and (that's the main point) I can't view the assembly code (it says "No symbol table is loaded"). – StackUser Feb 21 '16 at 13:06

1 Answers1

0

If the symbol table has been stripped off, you cannot get it back. Anyway, you can set breakpoints in GDB on a specific code address with:

break *address

If you have a hex address, you must precede it with 0x e.g.:

break *0x400506

And to print the current register values, you can use info registers as also answered in How to print register values in gdb?

info registers

NASM and the GNU assembler use different syntax, that why you cannot easily dissamble with the first and assemble with the latter. NASM uses a variant of the Intel syntax. The GNU assembler prefers AT&T syntax.

Community
  • 1
  • 1
Martin Zabel
  • 3,589
  • 3
  • 19
  • 34