-1

I need to analyse linux binary executable file using strace for capturing the system calls.

On running the command: /usr/bin/strace ./005f32fffe1da3bc100e7dcd8b2f8f2c

I got this error:

execve("./005f32fffe1da3bc100e7dcd8b2f8f2c", ["./005f32fffe1da3bc100e7dcd8b2f8f"...], 0x7fffd9d0a120 /* 53 vars */) = -1 ENOENT (No such file or directory) fstat(2, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0 write(2, "/usr/bin/strace: exec: No such f"..., 49/usr/bin/strace: exec: No such file or directory ) = 49 getpid() = 3699 exit_group(1) = ? +++ exited with 1 +++

My file type is 32 bit ELF binary.

file 005f32fffe1da3bc100e7dcd8b2f8f2c 005f32fffe1da3bc100e7dcd8b2f8f2c: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-, stripped

My machine is 64 bit running Ubuntu and I have libc6-i386 lib32stdc++6 lib32gcc1 lib32ncurses5 lib32z1 installed.

mmg
  • 59
  • 1
  • 5
  • Asking the same question again, while providing no additional details, is unlikely to yield different result. https://stackoverflow.com/q/61344698. Also, you actually forgot to ask *any* questions here. – Employed Russian Apr 22 '20 at 17:40
  • I have answered your question and nate's question in the comment section saying that I am unable to run this file without strace. Does that mean this file wont run on my platform Since this question was closed and then no body answered after my comments, hence I thought of posting it again. – mmg Apr 23 '20 at 04:46

1 Answers1

3

This binary is strange: it is linked to use /lib/ld- as a dynamic loader.

The 32-bit i386 dynamic loader is usually called /lib/ld-linux.so.2. We can assume that your binary has been corrupted in some way.

In your other comment, you said that the binary will not run without strace (because /lib/ld- does not exist). Running the binary under strace can magically make the binary work.

You should be able to run it under strace by using explicit loader invocation:

strace -ff /lib/ld-linux.so.2 ./005f32fffe1da3bc100e7dcd8b2f8f2c

Update:

I am getting some system calls like this :
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) stat64("/lib/i686/sse2", 0xffe9b300) = -1 ENOENT (No such file or directory) +++ exited with 127 +++
I am not sure what kind of system calls are these ?

This is the dynamic linker attempting to load your program, and using access and stat64 system calls.

how to run the following file with strace? How do know which library to use in strace command with -ff option based on file command output ?
file mosquitto_pub mosquitto_pub: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 2.6.32, BuildID[sha1]=7ced951dc3a859a6829feb46fd5cf757a6073361, not stripped

This is a 64-bit binary with similarly corrupted /lib64/l dynamic loader.

The standard 64-bit loader for GLIBC on x86-64 is /lib64/ld-linux-x86-64.so.2, so the command you want is:

strace -ff /lib64/ld-linux-x86-64.so.2 ./mosquitto_pub
Employed Russian
  • 199,314
  • 34
  • 295
  • 362
  • The output is large, and I am getting some system calls like this : `access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) stat64("/lib/i686/sse2", 0xffe9b300) = -1 ENOENT (No such file or directory) +++ exited with 127 +++` I am not sure what kind of system calls are these ? – mmg Apr 25 '20 at 08:55
  • Can you help me on how to run the following file with strace? How do know which library to use in strace command with -ff option based on file command output ? `file mosquitto_pub` `mosquitto_pub: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 2.6.32, BuildID[sha1]=7ced951dc3a859a6829feb46fd5cf757a6073361, not stripped` – mmg Apr 25 '20 at 13:32
  • @mmg I updated the answer (but please just ask a new question next time). – Employed Russian Apr 25 '20 at 14:17
  • Can I tell strace to always start a binary like this? – SuperSandro2000 Jan 05 '23 at 23:35