Exetools - Linux "dbgsym" symbols for IDA pro

Good question. TL;DR: Yes you can.

I think the "dbgsym" package you are referring are those from Debian, like `nginx-dbgsym` for `nginx`.

"dbgsym" package is just another type of ELF file, having its own structure. Assuming you know much about C development under Linux, and you certainly know `strip` a binary will remove its debugging info, even if compiled via `gcc -g`. The "dbgsym" is what being stripped. You can actually read how files in dbgsym packages generated here.

And you can see it using `file` command:

Code:

./dbgsym: ELF 32-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter *empty*, BuildID[sha1]=0a727c660f21b23b1c43985d6a8a0bedb6dba7c7, for GNU/Linux 3.4.0, with debug_info, not stripped

Actually, IDA will try to load them if you have a running linux_server. So if you have a Linux IDA, or you can connect a linux_server to your IDA, just put the symbol file under /usr/lib/debug, and make sure gnu_debuginfo section is matching with your symbol.

If, unluckily, you can't do this, there is a command:

Code:

objcopy --add-section .debug_aranges=./sym ./pwn ./pwn.out

which allowing you adding section from one file to another file. After adding all sections, remember remove the gnu_debuginfo. Someone also have a script, but I had never used them.

EDIT: one more hint. If you have installed the package, those symbol files will located at /usr/lib/debug/.build-id/[first_2_char_of_buildid]/[rest_of_buildid]. For example, them symbol file mentioned above actually sits at /usr/lib/debug/.build-id/0a/727c660f21b23b1c43985d6a8a0bedb6dba7c7.debug