I would like to disassamble / debug an elf file. Is it somehow possible to track the function where a specific string in the elf file is called? So I mean, I have a string where I know it is used to search for that string in a file. Is it somehow possible with e.g. gdb to debug exactly that position in the executable? Or is the position of the string in the elf file, somehow visible in the objdump -d output?
Disassamble ELF file - debugging area where specific string of binary is loaded
1k views Asked by Manuel At
1
There are 1 answers
Related Questions in DEBUGGING
- How to pass the value of a function of one class to a function of another with the @property decorator
- Visual Studio C++, breakpoints not stopping debugging DLL (GODOT GDExtention)
- Playwright JS: Getting an error when debugging using line numbers
- C++ skips line when promting for user to enter name of person being added to a string array
- Xcode: Can't Attach to process
- unity navmeshsurface prefab not found or whatever
- It seems to be a bug about "base::trace()" or "methods:::.TraceWithMethods()"?
- How to check reference counting issues when doing direct manipulations of CPython objects?
- How to scroll to the bottom of console window in PyCharm2019 automatically?
- need help debugging prolog
- Is there a way to deactivate (but not delete) conditional breakpoints when debugging?
- How can i debug a python exe which is created by using pyinstaller?
- Increment or Decrement volume programmatically on Xiaomi device adjusts it by 10 steps instead of one step
- Checking request JSON with image data
- Why cannot I set font of `xlabel` in `plotmf` in MATLAB?
Related Questions in DISASSEMBLY
- libopcodes c disassembly file load open and process
- CMP ESI, -20. This part of code makes no sense to me. How does this magic work?
- Reverse engineer LCD Protocol used in MPC2000XL
- Understand strange code found in ReadOnlyMemory<T>
- Debug App in Android Studio open app (disassebly)
- Look up Swift assembler in Xcode
- x86_64 primary opcode byte categorization
- Mysterious ARM Opcode
- how does capstone disassemble instructions? does it dissassemble it to raw assembly code?
- Why does this code speed up when function call overhead is added to the loop?
- IDA Free and _time64 decompilation?
- How movss opcode need to be interpreted?
- IDA disassembler view of loaded DLL in process address space
- How to parse a method invocation in IL bytes?
- How can I identify functions and their size in a x86-64 executable binary (PE)
Related Questions in OBJDUMP
- Cargo objdump doesn't show any binary
- Display source code with disassembly when path has changed
- Quirk with objdump on binary files compiled on a different operating system
- behavior of string literal in rodata section of shared object
- Shellcode execution error Segmentation Fault in C
- how to decompose elf file size into different size of sections or symbols?
- Zero pad RISC-V compressed instruction from objcopy
- Using -ffile-prefix-map with objdump -S
- Objdump for ARM64 Architecture
- How can I make objdump display the size of the operand the assembly instruction is acting upon?
- Do the disassemblers otool and objdump output the exact machine instructions contained in an executable?
- Understanding objdump DWARF information regarding struct and its member variables
- Why does GCC not putting functions at the begining of the text section in a shared library?
- Unable to generate smallest binary from Rust code
- Why doesn't objdump stop at the end of function?
Related Questions in DBG
- Stuck Setting up libc6:i386
- How to add debugging capabilities to a custom programming language
- Save memory dump edit into an exe file in OllyDbg
- dword ptr ss:[esp+0xA] Isn't it correct to get the syntax corresponding to the esp+0xA address?
- No output from erlang tracer
- Extract .class from EXE
- How to fix error "could not initialize WinDbg engine" in ida pro 7.5?
- Disassamble ELF file - debugging area where specific string of binary is loaded
- Why do we use debugger(ollydbg or x64dbg) on Virtual Machine?
- Why my start address in Ollydbg is different than other people
- dbg gets extremely slow (during import of large drawing files)
- Hook breakpoint in ida7.0 failed
- erlang dbg module is not working included in relx
- unimplemented function msvcr120.dll when launching dbg debugger on ubuntu
- how to include line-numbers in Erlang/Elixir Dbg
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
In order to do that you need a disassembler -
objdumpjust dumps the info - it might not give you enough information as some analysis is needed before you can tell where it is being used. What you need is to get theXREFsfor the string you have in mind.If you open your binary in the disassembler it will probably have the ability to show you strings that are present in the binary with the ability to jump to the place where the string is being used (it might be multiple places).
I'll showcase this using radare2.
Open the binary (I'll use
lshere)and then
to display all the strings. There's a lot of them so here's an extract
let's see where this last one is being used. If we move to the location where it's defined
0x100004b72. We can see this:And here we see where it's being referenced -> DATA XREF. We can move there (
s 0x100001cbe) and there we see how it's being used.Having the location you can put a breakpoint there (r2 is also a debugger) or use it in
gdb.