#1
|
||||
|
||||
Linux "dbgsym" symbols for IDA pro
I have a Linux ELF file and its "dbgsym" package.
Can I load the symbols into IDA pro?
__________________
AKA Solomon/blowfish. |
#2
|
|||
|
|||
Good question. TL;DR: Yes you can.
I think the "dbgsym" package you are referring are those from Debian, like `nginx-dbgsym` for `nginx`. "dbgsym" package is just another type of ELF file, having its own structure. Assuming you know much about C development under Linux, and you certainly know `strip` a binary will remove its debugging info, even if compiled via `gcc -g`. The "dbgsym" is what being stripped. You can actually read how files in dbgsym packages generated here. And you can see it using `file` command: Code:
./dbgsym: ELF 32-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter *empty*, BuildID[sha1]=0a727c660f21b23b1c43985d6a8a0bedb6dba7c7, for GNU/Linux 3.4.0, with debug_info, not stripped If, unluckily, you can't do this, there is a command: Code:
objcopy --add-section .debug_aranges=./sym ./pwn ./pwn.out EDIT: one more hint. If you have installed the package, those symbol files will located at /usr/lib/debug/.build-id/[first_2_char_of_buildid]/[rest_of_buildid]. For example, them symbol file mentioned above actually sits at /usr/lib/debug/.build-id/0a/727c660f21b23b1c43985d6a8a0bedb6dba7c7.debug Last edited by silver; 06-23-2023 at 07:17. Reason: info about symbol location |
Thread Tools | |
Display Modes | |
|
|