Mac uses Ida Pro to remotely debug Linux programs

1 background

While learning some of the vulnerabilities on Linux systems, it often requires "field testing", but debugging on a Linux system is not very convenient, because the Linux comes with the GDB debugging tool is really not very human, even if there is a gdbtui such as "pseudo-graphical interface debugger", also with Ida The debugger, such as pro, is far apart. There's another problem here. Ida Pro for the--linux platform is not very easy to find.

In conclusion, the best solution for beginners is to use IDA Pro's remote debugging capabilities!

2 Environment Configuration

This article explains how to remotely debug a Linux program on a Mac system (if the host is a Windows system, similar to the principle).

2.1 Remote Linux End environment configuration

First, you need to copy the program from IDA Pro for remote debugging to a Linux machine, which is linux_server or linux_serverx64, which is used to debug 32-bit programs, which are used for 64-bit programs, and the latter is not compatible with the former. Therefore, it is necessary to pay attention when debugging. The following article is an example of debugging a 32-bit program.

The author of the remote Linux system for Ubuntu14.04, which is a 64-bit system, so by default cannot run 32-bit Linux_server program, the main error is the lack of libstdc++.so.6 system library, the solution is simple:

sudo apt-get install lib32stdc++6

And then run the linux_server will be no problem, the successful operation of the following results:

chouchou:~$./linux_serverida linux 32-bit Remote debug Server (ST) v1.20. Hex-rays (c) 2004-2015listening on port #23946 ...

At this point, the Linux side of the environment configuration is complete, is not very simple ^_^?

2.2 Host Mac-side environment configuration

1. First, you need to copy the Linux application waiting for debugging to the Mac side, in order to debug the OverFlow program as an example, the program is copied to the Mac directory, the author is ~/documents/vmware/share/overflow.

2. Then, using IDA to open the program, note that because it is a 32bit program, we also need to choose 32bit ida, usually named Idaq. (64bit Ida is usually named idaq64)

3. Select Debugger->select Debugger in the Ida menu and select the remote Linux debugger as shown:

4. Click the Debugger menu again, select the process options, and then follow the settings:

At this point, the Mac side of the environment configuration is complete.

3 Start Debugging

First, we'll break the breakpoint in the main function in Ida, as shown in:

Then select Start process in the debugger, select Yes and cancle in the popup window according to the prompt information, and finally get the Debug interface as shown:

Done! Start enjoying the non-general debugging experience that Ida brings!

Mac uses Ida Pro to remotely debug Linux programs