Page 1 of 3 123 LastLast
Results 1 to 15 of 37

Thread: Linux debugger

  1. #1

    Linux debugger

    Hi,
    I am very newbie when it comes to linux RCE.I need to debug linux binaries.I need your help to get it started.First of all what linux distro is debugger friendly.I think to install ubuntu.I have tried to download knoppix|Re but couldn't found the download link at http://woodmann.com/knoppix-re/index.php?Download Second what debugger is more userfriendly(ollydbg style gui etc) and easy to install.I never used IDA in linux envrionment but I guess it has linux debugger too.I have read 0xf001's page and there are several debuggers so if you can help I will appreciate.Thanks.
    "There is only one road to human greatness: through the school of hard knocks." Albert Einstein

  2. #2
    hi,

    you have given the answer to yourself a bit. the quick answer would be
    to use linice, it is a softice clone. so i guess you want to get some personal opinions

    distro: any. they are "all the same" and not , tools run everywhere i mean. the command to get them varies (apt-get / rpm / urpmi ....).
    oh when you use linice, make sure your X-server is xf86, it doesn't work with x.org

    I would encourage you to play around with linux, read the "linux on the half elf" and some introductional work which i listed on the homepage.

    my personal "favorite" is gdb though, as its everywhere. kernel debugging is less often required from a "cracking" point of view. and if it is .....

    what i want to tell you is to not directly compare gnu/linux with windows, or to expect too similar tools. this is probably the most difficult part. and very hard to describe for me.

    the whole approach under linux is somehow all a bit different. the whole situation is different. a lot of things you "need" in win, you "don't need it"
    in linux, as you have a broader range of generic tools available.
    explore the proc filesystem for example.
    ls /proc/processnumber/
    should give you a lot of info like the memory ranges it uses etc

    all i have cr*cked so far (for linux/UN*X) - and that were also really _not_ trivial stuff, i did
    with gdb, IDA (freeware, disassembler), and self written stuff.
    in linux you will see, and hopefully soon be able to utilize its developer
    friendlyness. i hope. that makes many tools obsolete.
    most basic tasks you can do w/o any tool and code some lines of C or perl
    or ... yes C and perl are available on win, too - but still it takes far less
    time to quickly test a little prog/script on linux, as it is all abt development
    there. windows not per default, and .... well .... its a different world.

    i see i can not express myself as i want to make my points clear and understandable - so i post a follow up l8er when i have more time

    regards, 0xf001

  3. #3
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,503
    Blog Entries
    15
    linux debuggers ;-}

    well at the moment there is no debugger that would fit in ollydbgs class

    top of the class but pain in the ass debugger (if you want to use it for reverse engineering ie debugging source less binaries) is GDB the great
    it really rocks for source level debugging but would ultimately kill you
    if you want to do x/x *(long *)$esp+0x28

    i am not counting those innumerable half baked front end gui implementations
    for gdb (insight and thier gang ) i keep a pretty long distance from them

    you can check out ald (assembly level debugger neat slim but misses lot of nifty features)

    teddybear (slang based tui again incomplete and possibly discontinued)

    cgdb by bobby brasko again source level but seems it is being developed
    there is a latest realese dated this month

    e2dbg (from elfsh package) non ptrace implementation but its beta

  4. #4
    PizzaPan
    Guest
    i started with debugging on linux a few days ago also after reading the information in this section it was pretty easy to get started.

    I choose to use gdb with the ddd GUI, i am getting quite used to it the main problem with transition is getting used to all the commands especially when you are addicted to ollydbg, which i am.

    Thanks for the work here 0xf001 and the rest of the people that helped
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    heya,

    I agree with all of you

    I also hate the gui frontends for gdb, i did not find 1 yet to which i like to stick to. ddd is "ok" i agree. a bit i disagree with you blabberer, but also agree at the same time - see:

    its true that gdb on the commandline for sourceless binaries looks scary and also is scary. on the other side - when using mammon_'s gdbinit script that makes it a hell lot easier! *recommend*

    PizzaPan - for your feedback I am ultimately happy when my "efforts" actually help some people!

    i can't really say 100% its a pitty there is no ollydbg for linux, but I also would probably be the 1st user of it
    I mean it makes you more familar with the OS and low level concepts, and makes you creative if you have to use ie gdb. ok this might not be seen as an advantage haha

    i am glad linice was started. i am honest and tell either it works or you have
    troubles getting it running.

    i am thinking of writing a gui usermode debugger in the future, but i think i won't have the time for it ;( (or somebody puts money on my account for it haha). maybe we organize a small team for it .... i think it would be worth it somehow.

    back to the topic - suse is doing sthg on that subject i read some time ago.
    http://forge.novell.com/modules/xfmod/project/?nlkd, but i dont know why
    they call the debugger via

    left shift + right shift + left alt + esc ????

    regards, 0xf001

  6. #6
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    1. what are the major hurdles to make/port an ollydbg clone into Linux? (appart from lack of motivation).
    What would it take to do it?

    Olly sources are available, and the inner working of Linux is not kept secret.

    My question is out of sheer ignorance, and wishful thinking,
    that should be understood. . .


    2. What motivated Oleg to make Olly???

  7. #7
    naides,

    good point!

    ad 1.) personally I would not like to try to port a debugger. If then I personally would write it specifically for gnu+linux. the major hurdle probably is time - or money as you want to see it imho.

    "Olly sources are available, and the inner working of Linux is not kept secret."

    true. i think olly sources won't give too much reusable code, but of course its good to have them available.


    ad 2) i think a similar situation as we face here :]

    let's see how much time will be "free", i have allready too much to do with review (no, its not too much, its too little free time). i am also thinking of putting a debugger engine into it. however i think dedicated debugger project would be better.

    i also ask "stupid" - would there be sbdy who likes to work on it? i think a group of max 1-5 poeple would be good. i don't want to raise hopes now, too - but what do you say?

    regards, 0xf001

  8. #8
    I appreciate all the answers.I will debug binaries without source code.It doesn't have any gui code in it, just console binary.I will run the binary via debugger bpx on some code and trace it to understand what it is doing.I hope gdb and ddd GUI works for me.I will try it.Thanks again.
    "There is only one road to human greatness: through the school of hard knocks." Albert Einstein

  9. #9
    LaptoniC,

    yeah go ahead that should work. you can also try mammon_s gdbinit script (just put in your homedir as .gdbinit) to have a kind of softice looknfeel. at least this is how i do the most
    debugging.

    if in doubt ... just ask!

    regards, 0xf001

  10. #10
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,503
    Blog Entries
    15
    oleh was probably motivated by TD the borland turbodebugger
    ollydbg interface wise is almost identical to TD including all those nifty right click context menus

    as to port to linux

    assuming we want to port it to console mode all those text user intefaces ncurses,slang,newt are well ill equipped to handle
    try programming with ncurses some simple say a messagebox
    you will see how much time and effort it takes
    you will have to assemble code to make a button
    you will have to assemble code to make text
    you will have to assemble code for the infinite loop
    you will have to assemble code for the window behind it
    you will have to assemble code to every bullcrap that it takes
    no simple api MessageBox(whatever);

    and apart from this you can be sure as hell that the terminfo tty whtatever
    on different distros,packages,versions,vendors, clans, gangs, brigades,
    will be absolutely different and you can be sure that some thing that works on your comp wont be working on other comps its a circus out there

    and the real x guis like gtk ,qt, wxwidgets,gimp etc arent normally
    available every where

    apart from that the basic apis (lets say the equivalent of debugging apis)
    ptrace too is apparently a pain to work with

    and you can be sure that if you have some trouble you would get the stock answer saying hey its free source implement the functionality
    or post a bug in some bugtraq that no one would care about
    or worse still some guy would start another halfbaked project
    implement only this functionality
    with his source full of comments like
    /* oh this is easy to implement just have to use blah.c from foo pakage */
    and open a source forge project with some queer screen shots
    no documentation and unreadable source
    and thats the end of it

    its free source you take it and implement .
    why are you bugging me with bug reports

  11. #11
    hi blabberer,

    i see some aspects a bit different, overall in your message i read frustration a bit, or?
    in general i agree a lot with your post. though some statements, when bringing back
    to the topic as i see it, i'd answer this:

    a bit unimportant but when you say it like this then oleh was probably inspired by TD, not motivated by it, or? simple word picking, i know i'd assume he was motivated by the
    lack of a good usermode debugger? well.... does it matter at all what he thought?

    console mode - well .... ollydgb is not console mode - and a gui has its advantages.
    now i must disclaim that i say this as a gnu+linux guy and mean it. back to context,
    my imagination of an ollydbg clone would not be in text mode.
    i don't know what you want to say with your list about how much code is to assemble? coding a textmode gui is fairly easy.
    even if you need assembly - what i doubt, whats the issue with it?
    please don't forget we talk abt a user mode debugger here, so we avoid a lot of problems.
    also ie with dialog you make a messagebox by calling 1 function.

    regarding the terminfo - i agree there are differences, but again - i ignore this, since at least
    I am talking about a gui debugger - ie with qt or gtk (no, i know i wouldn't go with gtk for technical reasons). else it would be a poor clone, as not everywhere you'd find textmodes with a reasonable text resolution - though 1024x768 is assumed by me as a standard. ok 800x600 probably, too - but when doing a project right now, i would like to orientate on the future, not the stone age (text mode) hehe
    ok the whole point again i don't talk abt text mode.

    now you might want to say: but i have a server and it has no x gui and ......
    2 opinions to that: still i dont care abt it, since the xlibs are installed in a second, no you dont even need a gfx card to have a gfx session over the network and ... blah
    it might not be an option for servers to install there xlibs. still i don't care, the factor gui to me personally
    brings too many advantages. in a next step or in parallel sbdy can code a text gui, no big deal.

    the ptrace() intertface imho is not difficult. more the opposite, its fairly easy to use. what
    i don't like abt it, is - to quote mammon_:
    The ptrace(1) interface is unreliable, easy to fool and insecure to boot. Friends don't let friends use ptrace(1).
    so i would code an own solution. and again - no i am not afraid to code anything, and am not shy abt efforts. and i don't see it as disadvantage to have to code new code.
    as you say below with reusing code there sometimes are more problems than writing it yourself. its my general approach.

    you say "and the real x guis like gtk ,qt, wxwidgets,gimp etc arent normally available every where "
    well ... imho they are available everywhere. available. installed probably not
    btw gtk is the one used by gimp and gnome, qt by kde ...
    wxwidgets - please all opinions are my personal: just sucks
    the only state of the art gui toolkit is qt. i'd go for it. personally.

    and you can be sure that if you have some trouble you would get the stock answer saying hey its free source implement the functionality
    or post a bug in some bugtraq that no one would care about
    or worse still some guy would start another halfbaked project
    implement only this functionality
    with his source full of comments like
    /* oh this is easy to implement just have to use blah.c from foo pakage */
    and open a source forge project with some queer screen shots
    no documentation and unreadable source
    and thats the end of it
    i think i know what you want to say. and i read your frustration i agree a lot there are some aspects in the community (_the community_ ? i think there is more than 1), that
    lead to shit.
    i've done it myself, half baked, not completed project, no documentation, simply let it die.
    it happened i think to a lot of ppl. even mammon's dude for example. almost libdisasm, too not to speak from the bastard. now think why?

    not because we are morons. think that it takes quite some time to do a project like this. even if you have free time, there always happen things in real life and time gets short.
    you are under permanent time pressure, ppl want to see sthg, want to have updates and blah.
    so the standard situation is: 1 coder, 1000000 people requesting. also nobody joins a project, almost nobody gives reasonable feedback, its more frustrating from the coder side - believe me.
    all ppl are the greatest coders and blaaah, but when it comes to free software projects (yes, not opensource haha) then they can only point their fingers and say:

    look this is undocumented, look at this, this i could code far better .... you get it.
    they forget abt the circumstances. in my job i code robust with all kinds of standards, which
    i set to myself. free software - well ... i want to get sthg _done_, and i know nobody will
    code a single line in my project - so i skip documentation. sbdy who could contribute
    understands my code i am sure. period. when its all working as i want i lean back and
    start proper commenting and documenting. if i want. yes thats my right, and i do as much
    of it as much time i have.

    that as an insight from the coders perspective. so in general i would complain that people have the mentality of wanting all, but giving nothing. and this is i think the problem.
    or you say - its time. or money. as you like. if sbdy would pay me i'd code 24h a day on
    opensource projects with a different code quality. i'd love that even haha.
    now i have maybe 1-2 hours a day, if at all.

    regards, 0xf001

  12. #12
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,503
    Blog Entries
    15
    aha its not frusturation its the fact
    well i wont like to have a console mode user interface too

    assemble means as in assembling putting it all together that has nothing to do with using x86 assembly

    so i would code an own solution. and again - no i am not afraid to code anything, and am not shy abt efforts. and i don't see it as disadvantage to have to code new code.
    yeah me too i am also not afraid to code my own solution

    but understand your solution is unique to you and my solution is unique to me but they are never going to usable unique to linux unix as a whole

    an IsDebuggerPresent api cant and wouldnt be able to replace

    twenty thousand varieties of antidebugging tricks spawned by
    some of the cleverest sharpest brains
    Last edited by blabberer; May 6th, 2006 at 11:39. Reason: some glaring typos

  13. #13
    oook, I understand

    I still pray for an ollydbg for linux
    and i like anti debugging!

    cheers, 0xf001

  14. #14
    Quote Originally Posted by naides
    1. what are the major hurdles to make/port an ollydbg clone into Linux? (appart from lack of motivation).
    What would it take to do it?

    Olly sources are available, and the inner working of Linux is not kept secret.

    My question is out of sheer ignorance, and wishful thinking,
    that should be understood. . .


    2. What motivated Oleg to make Olly???
    Hmm..where is olly source? I can't find it or it's privately release?

    On Linux, use totalview, this is a very cool debugger but it's very expensive (we all know what that means, don't we?). I once submitted an article to code breakers about using totalview to debug compilers and got rejected. It's not a widely known tool, but it's a really good one. It works on almost all kinds of platforms.

  15. #15
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    At http://www.ollydbg.de/ click the link Sources

Similar Threads

  1. Replies: 3
    Last Post: August 12th, 2008, 14:59
  2. bidirectional Linux debugger
    By gabri3l in forum Linux RCE
    Replies: 1
    Last Post: September 5th, 2006, 23:38
  3. Linux Flexlm SDK Kit
    By roZes in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: May 22nd, 2001, 01:57
  4. Linux
    By Sorvat in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: April 30th, 2001, 21:07

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •