Hi guys,
I'm trying to follow one of the crackmes solved by tiga, I'm using ida pro for linux for static analysis and trying to debug the thing with gdb while running it under wine.
The problem is that once wine creates a new process gdb seems to freeze, I'm trying with set follow-fork-mode child and set detach-on-fork off, with the default values of those the program finishes without debugging.
I've tried to set a catchpoint in the fork and attach a new instance of gdb to the new proccess but it can't be attached even running as root, any ideas?
Debian lenny, gdb 6.7.1-debian, linux 2.6.21.1
Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
gdb: multi process debugging
Which crackme are you talking about?
Just to be sure, was it a Windows or Linux crackme?
My guess would be a Windows crackme on Linux since you mentioned Wine.
There's a paper on that called "The Alien Autopsy" made in the times of IDA 4.7 or 4.3, before remote debugging.
I have a simpler method if the crackme runs under Wine, simply run the IDA Windows server under Wine (or a Windows VM) and remote debug from the Linux version of IDA.
TiGa
Just to be sure, was it a Windows or Linux crackme?
My guess would be a Windows crackme on Linux since you mentioned Wine.
There's a paper on that called "The Alien Autopsy" made in the times of IDA 4.7 or 4.3, before remote debugging.
I have a simpler method if the crackme runs under Wine, simply run the IDA Windows server under Wine (or a Windows VM) and remote debug from the Linux version of IDA.
TiGa
Programming today is a race between software engineers to build bigger and better idiot-proof programs and the Universe trying to produce bigger and better idiots.
So far, the Universe is winning.
So far, the Universe is winning.
-
avi
It is the one from the video solution for br0ken crackme, it's a windows crackme.
I've read that paper but it relies on a breakpoint at PROCESS_InitWine symbol that doesn't exist anymore (at least I can't find it) and I guess previous wine versions didn't create a new process because the paper don't talk about that.
I would like to solve the multi process debugging problem under gdb, I know ida under wine is a possibility but that would be avoiding the problem I'm willing to solve (with you help I hope)
I've read that paper but it relies on a breakpoint at PROCESS_InitWine symbol that doesn't exist anymore (at least I can't find it) and I guess previous wine versions didn't create a new process because the paper don't talk about that.
I would like to solve the multi process debugging problem under gdb, I know ida under wine is a possibility but that would be avoiding the problem I'm willing to solve (with you help I hope)
Yes, that's the paper that I was talking about.
http://www.secureworks.com/research/articles/alien
The paper is starting to get a little dated as it was made with IDA 4.1 in 2002.
I made an updated version in video using the method that I described previously.
http://rapidshare.com/files/130047662/A ... 8.rar.html
If you set a BP on the EntryPoint in IDA or GDB, you shouldn't get lost in the WINE code.
I should really start my own Video-On-Demand channel.
TiGa
http://www.secureworks.com/research/articles/alien
The paper is starting to get a little dated as it was made with IDA 4.1 in 2002.
I made an updated version in video using the method that I described previously.
http://rapidshare.com/files/130047662/A ... 8.rar.html
If you set a BP on the EntryPoint in IDA or GDB, you shouldn't get lost in the WINE code.
I should really start my own Video-On-Demand channel.
TiGa
Programming today is a race between software engineers to build bigger and better idiot-proof programs and the Universe trying to produce bigger and better idiots.
So far, the Universe is winning.
So far, the Universe is winning.
-
avi
Thanks TiGa for the video, I'll check it out, and if you come out with a ondemand channel let us know. I'll subscribe to it.
By the way, congratulations for becoming a crew member on ARteam. I meant to post something there but I forgot what was my handle or the password I used. I will eventually remember it. Anyway, congratulations.
By the way, congratulations for becoming a crew member on ARteam. I meant to post something there but I forgot what was my handle or the password I used. I will eventually remember it. Anyway, congratulations.
-
avi
are great 
Thank you, I used Instant Demo to make the video but Camtasia Studio gives a more professional result.
ESC to go back?
Can't say much about the mouse problem.
IDA for Linux is kind of evil, yes, that's why I prefer to use remote debugging from Windows instead.
TiGa
ESC to go back?
Can't say much about the mouse problem.
IDA for Linux is kind of evil, yes, that's why I prefer to use remote debugging from Windows instead.
TiGa
Programming today is a race between software engineers to build bigger and better idiot-proof programs and the Universe trying to produce bigger and better idiots.
So far, the Universe is winning.
So far, the Universe is winning.
-
avixz