调试 ELF 文件

Question

I've got this EFL file which I need to debug/step-through. It's a reverse engineering competition. All I need to do is to find out the value of a register at a particular point in time and in a particular place. I used Hopper Disassembler to find out the address of interest.

Here's the problem. I don't know how to debug an ELF file. It's my first time debugging in a Linux environment. Learning how to execute the ELF file itself took me a while. I execute by using ld-linux.so.2 ./[EFLFILE] [arguments]

Is there a way I can atleast attach a debugger onto the proess? I can't even find it with the ps command. Also, I've heard that it's possible to have remote debugger; to have a debugger running on a windows machine and have the binary to be examined running on a linux.

Could anyone help me achieve just any of this?

Answer 1

Usually an ELF file can be executed as follows:

$ /path/to/elffile [arguments]

To debug it using GDB you can do:

$ gdb /path/to/elffile

Or passing arguments:

$ gdb --args /path/to/elffile arguments...

In your case:

$ gdb --args ./[EFLFILE] [arguments]

Then type run or simly r and press < Enter >. Type help to get help on the gdb commands.

Note: if your program needs some external libs, before running it, you should define LD_LIBRARY_PATH pointing on the folder containing those libs ( export LD_LIBRARY_PATH=/the/path/to/libs )