I would like to disassamble / debug an elf file. Is it somehow possible to track the function where a specific string in the elf file is called? So I mean, I have a string where I know it is used to search for that string in a file. Is it somehow possible with e.g. gdb to debug exactly that position in the executable? Or is the position of the string in the elf file, somehow visible in the objdump -d output?
Disassamble ELF file - debugging area where specific string of binary is loaded
1k Views Asked by Manuel At
1
There are 1 best solutions below
Related Questions in DEBUGGING
- Eclipse find source file from library
- Debug native code in Android Studio
- Breakpoint "concurrency" in Intellij
- PhpStorm IDE. Collapse custom/debug code
- How does one debug infinite recursion in Haskell?
- Android Studio missing exception stacktrace in Logcat
- java FileNotFoundException wont locate a file in the same project
- How can I debug scala.js unit tests?
- Why Eclipse Debugger does not stop on scoped exception breakpoint (how to stop on handled exception)
- Suggestions for my Selection Sort / Java
- Fortran Debugging
- Debug Excel VSTO add-in when launched by double-clicking existing file
- Starting GDB with interpreter mi via .gdbinit file
- How to print call stack in Swift?
- Preventing threads in Xcode
Related Questions in DISASSEMBLY
- Library name and function name obfuscation
- Visual Studio 2013 Disassembly Reference
- Differences between call, push+ret and push+jump in assembly
- Attempt to raise Null exception in disassembled code in Visual Studio
- IDA Python - Identify Pushes for a Function Call
- Is value of ebp register always multiple of 8?
- Causes and benefits of this improvement on gcc version >= 4.9.0 vs gcc version < 4.9?
- Can radare2 print local variables by name?
- REPE CMPSB problems
- Understanding JMP Codes in Assembly
- What does this bsr.l instruction do?
- SCSI Packets from USB
- C++ read from class by its pointer and offset
- disassemble code from c#
- IAR Workbench - How to get the file name and its path of the code appears in dis-assembly window?
Related Questions in OBJDUMP
- C std library don't appear to be linked in object file
- Differences between objdump and xxd
- Why does register_tm_clones and deregister_tm_clones reference an address past the .bss section? Where is this memory allocated?
- Building objdump on osx to allow disassembling arm64 objects
- Difference between using objcopy and xxding the file into a c source
- Show each function's calling convention using objdump or similar
- Get list of source files (and locations) from binary
- Can I combine all the sections "Objdump -S -d elf-file" generate into a re-assemble capable file?
- How does the linker determine at which line a symbol is called?
- I don't understand meaning of this: +"a function to be evaluated during reloc processing"
- How do I find out which functions of a shared object are used by a program or an other library?
- how to get minimum executable opcodes for c program?
- Compiling C to 32-bit assembly with GCC doesn't match a book
- readelf vs. objdump: why are both needed
- objdump and resolving linkage of local function calls?
Related Questions in DBG
- How to debug .so on aix which is invoked from java
- Unable to configure Notepad++ DBGP plugin. Xdebug already installed
- dword ptr ss:[esp+0xA] Isn't it correct to get the syntax corresponding to the esp+0xA address?
- Hook breakpoint in ida7.0 failed
- erlang dbg - trace calls to all functions by all functions
- Where is erlang dbg module gone on rebar3 build?
- how to define metadata for @llvm.dbg.declare?
- unimplemented function msvcr120.dll when launching dbg debugger on ubuntu
- How to fix error "could not initialize WinDbg engine" in ida pro 7.5?
- Is there a tracing debugger like `dbg` available for Haskell or OCaml?
- Android NDK | How to debugging app startup or suspend app until debugger connected
- IDA Pro Windbg Commands do not work
- Extract .class from EXE
- Ruby debug output - switch on/off easily
- Disassamble ELF file - debugging area where specific string of binary is loaded
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
In order to do that you need a disassembler -
objdumpjust dumps the info - it might not give you enough information as some analysis is needed before you can tell where it is being used. What you need is to get theXREFsfor the string you have in mind.If you open your binary in the disassembler it will probably have the ability to show you strings that are present in the binary with the ability to jump to the place where the string is being used (it might be multiple places).
I'll showcase this using radare2.
Open the binary (I'll use
lshere)and then
to display all the strings. There's a lot of them so here's an extract
let's see where this last one is being used. If we move to the location where it's defined
0x100004b72. We can see this:And here we see where it's being referenced -> DATA XREF. We can move there (
s 0x100001cbe) and there we see how it's being used.Having the location you can put a breakpoint there (r2 is also a debugger) or use it in
gdb.