1

I have an ELF file that has certain strings in it that I would like to modify (they are paths to configuration directories). This answer to this question says something about running gdb --write <path_to_executable> to modify a string in <path_to_executable>, but does not go into further detail. What are the other things that I need to do with that command to accomplish my goal?

Melab
  • 2,594
  • 7
  • 30
  • 51
  • @EmployedRussian Nope. Not a duplicate. I was asking about a specific method that that question's answer does not cover. – Melab Jul 01 '17 at 14:41

1 Answers1

1

(There are some binary editing tools better than gdb, any hex edit program or some reverse engineering tools)

-write option of gdb is documented in the documentation of the gdb: https://sourceware.org/gdb/onlinedocs/gdb/Mode-Options.html#Mode-Options

-write

Open the executable and core files for both reading and writing. This is equivalent to the ‘set write on’ command inside GDB (see Patching).

Patching is link to https://sourceware.org/gdb/onlinedocs/gdb/Patching.html#Patching

17.6 Patching Programs

... If you’d like to be able to patch the binary, you can specify that explicitly with the set write command. For example, you might want to turn on internal debugging flags, or even to make emergency repairs.

set write on set write off If you specify ‘set write on’, GDB opens executable and core files for both reading and writing; if you specify set write off (the default), GDB opens them read-only.

If you have already loaded a file, you must load it again (using the exec-file or core-file command) after changing set write, for your new setting to take effect.

show write Display whether executable files and core files are opened for writing as well as reading.

Still no information about file editing. Just try memory editing command set something=value, where something is the address with correct type, use addresses of your strings (like in https://stackoverflow.com/a/3305200):

https://sourceware.org/gdb/onlinedocs/gdb/Assignment.html#Assignment

To store values into arbitrary places in memory, use the ‘{…}’ construct to generate a value of specified type at a specified address (see Expressions). For example, {int}0x83040 refers to memory location 0x83040 as an integer (which implies a certain size and representation in memory), and

set {int}0x83040 = 4

stores the value 4 into that memory location.

osgx
  • 90,338
  • 53
  • 357
  • 513
  • Just tried: file editing with gdb and `-write` does not work when target binary is running; and when it does not running (and not started), with address from `info file`, it is still unchanged and `gdb` crashed into corefile on `quit`. Feel some concerns about (rebuilding gdb with debugging information in gdb format and) debugging gdb with gdb (or with valgrind: "address 0x28 is not stack'd, malloc'd or (recently) free'd .. of signal 11 (SIGSEGV) .. Access not within mapped region at address 0x28")... Seems that `gdb -write` does not work for years at all, even without editing commands used. – osgx Jun 30 '17 at 01:24
  • The error is from `bfd_close -> _bfd_elf_write_obejct_contents -> _bfd_elf_assign_file_positions_for_non_load -> _bfd_elf_strtab_finalize` (last is in `elf-strtab.c`) probably because _bfd_elf_strtab_finalize was called with NULL `tab`, and bug report is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835439 and https://sourceware.org/bugzilla/show_bug.cgi?id=20948: "jbm 2017-06-01 10:14:34 UTC: This is a null-ptr dereference in bfd/elf-strtab.c:367, resulting from a null-ptr stringtab extracted in bfd/elf.c:6272. `elf_shstrtab(abfd) == abfd->tdata.elf_obj_data->o->strtab_ptr == NULL` – osgx Jun 30 '17 at 02:14