1

I've got this EFL file which I need to debug/step-through. It's a reverse engineering competition. All I need to do is to find out the value of a register at a particular point in time and in a particular place. I used Hopper Disassembler to find out the address of interest.

Here's the problem. I don't know how to debug an ELF file. It's my first time debugging in a Linux environment. Learning how to execute the ELF file itself took me a while. I execute by using ld-linux.so.2 ./[EFLFILE] [arguments]

Is there a way I can atleast attach a debugger onto the proess? I can't even find it with the ps command. Also, I've heard that it's possible to have remote debugger; to have a debugger running on a windows machine and have the binary to be examined running on a linux.

Could anyone help me achieve just any of this?

hexinx
  • 21
  • 1
  • 1
  • 2

1 Answers1

3

Usually an ELF file can be executed as follows:

$ /path/to/elffile [arguments]

To debug it using GDB you can do:

$ gdb /path/to/elffile

Or passing arguments:

$ gdb --args /path/to/elffile arguments...

In your case:

$ gdb --args ./[EFLFILE] [arguments]

Then type run or simly r and press < Enter >. Type help to get help on the gdb commands.

Note: if your program needs some external libs, before running it, you should define LD_LIBRARY_PATH pointing on the folder containing those libs (export LD_LIBRARY_PATH=/the/path/to/libs)

daouzli
  • 15,288
  • 1
  • 18
  • 17
  • No matter what I do, I can never execute the ELF file by just going '$[filename]' I keep getting the message "no command [filename] found" When I try to use gdb that you suggested (the line at the "in your case"), I get a Permission denied, even after using sudo. I'm using the newest ubuntu. – hexinx Nov 07 '16 at 22:23
  • I think it's because it's a 32 bit ELF on a 64 bit ubuntu installation. I'll a 32 bit system running and will try the same. – hexinx Nov 07 '16 at 22:45
  • @hexinx if you get permission denied make sure your file has execution rights `$ chmod +x elffile`, however gdb won't work if you cannot run in standalone you binary – daouzli Nov 09 '16 at 08:57
  • you can check what kind of binary (32/64bits) is your program by using `$ file elffile` – daouzli Nov 09 '16 at 08:59