0

I'm doing an exploit type challenge. The challenge's binary to exploit uses a modified version of libc.so.

So before running linux server or radare2 / ida, the export environment variable LD_PRELOAD=/path2/libc_modified.so and then I put a breakpoint at the first assembly statement of the main. With ida I cannot launch binary however I can attach to process, but the breakpoints inserted after a read are bypassed so ida cannot stop and I can't debug binary.

With radare2 I can launch binary but breakpoint inserted at first instruction of main are bypassed.

I can debug executables that doesn't use libraries to be loaded with the LD_PRELOAD and my breakpoints are catched.

Does anyone know the cause of this behavior?

osgx
  • 90,338
  • 53
  • 357
  • 513
s1ckb0y
  • 47
  • 4
  • Don't add `LD_PRELOAD` to the start command of your IDA/r2, as your modified libc can be overmodified and will break IDA/r2. Try to change environment variables from IDA or r2 to change them only for target application. Also check for static constructors (init sections) which runs before `main()`, and the output of `ltrace -S ./target_app` can be useful too. – osgx Feb 19 '17 at 05:09
  • I suggest you ask on the StackExchange [reverse engineering site](http://reverseengineering.stackexchange.com/) – julian Mar 15 '17 at 22:25

0 Answers0