Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-07-2023, 22:42
WhoCares's Avatar
WhoCares WhoCares is offline
who cares
 
Join Date: Jan 2002
Location: Here
Posts: 409
Rept. Given: 10
Rept. Rcvd 16 Times in 14 Posts
Thanks Given: 41
Thanks Rcvd at 155 Times in 61 Posts
WhoCares Reputation: 17
Linux "dbgsym" symbols for IDA pro

I have a Linux ELF file and its "dbgsym" package.

Can I load the symbols into IDA pro?
__________________
AKA Solomon/blowfish.
Reply With Quote
  #2  
Old 06-23-2023, 07:14
silver silver is offline
Friend
 
Join Date: May 2017
Posts: 13
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 12
Thanks Rcvd at 4 Times in 4 Posts
silver Reputation: 0
Good question. TL;DR: Yes you can.

I think the "dbgsym" package you are referring are those from Debian, like `nginx-dbgsym` for `nginx`.

"dbgsym" package is just another type of ELF file, having its own structure. Assuming you know much about C development under Linux, and you certainly know `strip` a binary will remove its debugging info, even if compiled via `gcc -g`. The "dbgsym" is what being stripped. You can actually read how files in dbgsym packages generated here.

And you can see it using `file` command:

Code:
./dbgsym: ELF 32-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter *empty*, BuildID[sha1]=0a727c660f21b23b1c43985d6a8a0bedb6dba7c7, for GNU/Linux 3.4.0, with debug_info, not stripped
Actually, IDA will try to load them if you have a running linux_server. So if you have a Linux IDA, or you can connect a linux_server to your IDA, just put the symbol file under /usr/lib/debug, and make sure gnu_debuginfo section is matching with your symbol.

If, unluckily, you can't do this, there is a command:

Code:
objcopy --add-section .debug_aranges=./sym ./pwn ./pwn.out
which allowing you adding section from one file to another file. After adding all sections, remember remove the gnu_debuginfo. Someone also have a script, but I had never used them.

EDIT: one more hint. If you have installed the package, those symbol files will located at /usr/lib/debug/.build-id/[first_2_char_of_buildid]/[rest_of_buildid]. For example, them symbol file mentioned above actually sits at /usr/lib/debug/.build-id/0a/727c660f21b23b1c43985d6a8a0bedb6dba7c7.debug

Last edited by silver; 06-23-2023 at 07:17. Reason: info about symbol location
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 22:26.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )