Topic created on: January 25, 2009 16:08 CST by
Varied 
.
Dear friends! What can you tell me about debuggers in Linux: what do you use, what lacks are in them, and what you would you like to change essentially in them? As for me, for example, I usually use linice, pice, GDB, ALD or dude. In my opinion they are not ideal. And what you think in this about it?
> GDB does not allow you to set breakpoints in shared memory and modify it.
Thats not true.
(gdb) x/x 0x8048000
0x8048000: 0x464c457f
(gdb) set *(int)0x8048000=0x12345678
(gdb) x/x 0x8048000
0x8048000: 0x12345678
(gdb)
You can also setup hardware breakpoints with 'hbreak', so I dont see any limitation for setting breakpoints on shared memory or shared libraries here.
What do you mean by search for missing memory? It is pretty simple to write a gdb script to perform search for patterns or code in memory.
Yep, the problem of not loading bad formed binaries is not of gdb. The problem root is in binutils base code. GNU tools (objdump, nm, readelf, gdb, ...) can't load ELFs with broken section or program headers offsets. To bypass this use radare that ignores these structures if they are not found or just reconstruct them with radare which is a pretty simple task if you only want to add a dummy correct header.
You can trash an ELF header with just this line:
$ echo wx 99 @ 0x21 | radare -nw your.elf
And recover it with this simple oneliner radare macro:
(fix-shoff,s 0,s/ .text,loop:,s/x 00,? [1:$$+1],?!.loop:,s +4-$$%4,f nsht,wv nsht @ 0x20)
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}