exporting ida debug information overview
play

Exporting IDA Debug Information Overview Who am I? What's the - PowerPoint PPT Presentation

Nov 23, 2022 •220 likes •464 views

Exporting IDA Debug Information Overview Who am I? What's the problem? What does this tool do? How does it work? Demo about:me Why export information from IDA? An embedded device may have no way to connect IDA remotely

  1. Exporting IDA Debug Information

  2. Overview ● Who am I? ● What's the problem? ● What does this tool do? ● How does it work? ● Demo

  3. about:me

  4. Why export information from IDA? An embedded device may have no way to connect IDA remotely ● Manually referencing IDA is tedious ○ Some platforms may have software debuggers that would be useful with ● debug info Some tools allow interesting dynamic analysis techniques not available ● with IDA Ex: Reverse debugging ○

  5. Use-case: QNX Provides a version of GDB for their platform on lots of architectures ● Downside: it doesn't use the standard protocol ○ Lots of connected components of mixed architecture ● Maybe no IP connections ● With this plugin: export the debug info from IDA and import into gdb on the target.

  6. Debug Info Formats STABS ● Designed in the 1980s ○ Puts all info in symbol table ○ Not well standardized ○ DWARF ● Designed along with ELF ○ Used by most modern compilers ○ Binary format ○ Windows CodeView/Program Database ● Mostly undocumented, windows-only ○ Many Others ● COFF, OMF, IEEE-695 ○

  7. dwarfexport dwarfexport is a plugin for IDA Pro that creates DWARF debug info using function names/variables locations/structures extracted from IDA. It lets you create binaries as though you had built with debugging enabled.

  8. Implementation

  9. What do we need from Decompiled source ● IDA? 'step' points ● Global/local variable locations ● Type information ●

  10. Decompilation ┌ FunctionDecl main └┬ FunctionCall printf Intermediate ├├─ StringLiteral %d Representation ├└─ NumericLiteral 10

  11. IDA AST

  12. IDA AST

  13. Step Points

  14. Local Variables Stack Variables: ● Location is expressed as an offset from frame base address ○ Note: There is no (complete) SDK interface for this ○ Register Variables: ● Translate the IDA register number to dwarf number ○

  15. Type Information As the binary is traversed, maintain a mapping of `tinfo_t` to DWARF `die`: Extract each struct member ● name and type, as well as the offset from the struct start Handle array/pointer types ●

  16. Demo

  17. Other Uses Add debug info for shared libraries and create a fully debugged ● environment Reverse-debugging ● Tested using 'rr' on linux ○ Hardware Debugging ● Software frontends for hardware debuggers must use some debug format ○ Green Hill 'MULTI' IDE can import DWARF info ○

  18. Eclipse

  19. CLion

  20. VS Code

  21. Visual Studio(?)

  22. Limitations DWARF debug info is not useful for windows utilities ● Limitations in IDA SDK may make some debug info inaccurate (for now) ● Register number translations must be added on a per-architecture basis ● Local variable values don't display correctly under GDB 8 (released June 4) ●

  23. Twitter/Github : @alschwalm Questions? Email : adamschwalm@gmail.com github.com/alschwalm/dwarfexport or goo.gl/MlTkmV

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Exporting and Importing data Overview for exporting/importing data Create an export on one

Exporting and Importing data Overview for exporting/importing data Create an export on one

Exporting and Importing data Overview for exporting/importing data Create an export on one end Create an import on the other end The easiest way to exchange data with another institution, with a neighboring country, or even between

349 views • 17 slides
Debug Information From Metadata to Modules Adrian Prantl Duncan Exon Smith Apple Apple What is

Debug Information From Metadata to Modules Adrian Prantl Duncan Exon Smith Apple Apple What is

Debug Information From Metadata to Modules Adrian Prantl Duncan Exon Smith Apple Apple What is Debug Information? provides a mapping from source code binary program on disk: as DWARF, a highly compressed format in LLVM: as

754 views • 74 slides
Cool Cisco IOS Commands: debug interface debug interface When you are performing debugs you have

Cool Cisco IOS Commands: debug interface debug interface When you are performing debugs you have

Cool Cisco IOS Commands: debug interface debug interface When you are performing debugs you have at least two concerns: 1) making sure the that debug does not clobber the CPU of your device, and 2) filtering the debug output to get to the

460 views • 9 slides
DeBIN: Predicting Debug Information in Stripped Binaries ht https://debin.ai Jingxuan Pesho

DeBIN: Predicting Debug Information in Stripped Binaries ht https://debin.ai Jingxuan Pesho

DeBIN: Predicting Debug Information in Stripped Binaries ht https://debin.ai Jingxuan Pesho Petar Veselin Martin He Ivanov Tsankov Raychev Vechev Binaries with debug symbols Descriptive names for functions and variables Assembly

304 views • 29 slides
Exporting 101: Is Exporting Right for You? Presented by: Opening Remarks Jim Watson, Pero Family

Exporting 101: Is Exporting Right for You? Presented by: Opening Remarks Jim Watson, Pero Family

Exporting 101: Is Exporting Right for You? Presented by: Opening Remarks Jim Watson, Pero Family Farms & Economic Development Committee Co-Chair Welcome from Camden County College President Don Borden Panelists Moderator Eddy Mayen

1.09k views • 84 slides
To use it, you must compile your code with the -g option CXXFLAGS += -g g++ -g debug.cpp -o

To use it, you must compile your code with the -g option CXXFLAGS += -g g++ -g debug.cpp -o

To use it, you must compile your code with the -g option CXXFLAGS += -g g++ -g debug.cpp -o debug To run, type in gdb ./debug After typing in gdb ./debug you will enter the debugger Type run and it will run

502 views • 6 slides
Exporting Exporting and and Wo Worker Tr Training Joana Silva World Bank Paulo Bastos World Bank

Exporting Exporting and and Wo Worker Tr Training Joana Silva World Bank Paulo Bastos World Bank

Exporting Exporting and and Wo Worker Tr Training Joana Silva World Bank Paulo Bastos World Bank Rafael Prado Proenca World Bank June 2015, Nottingham In Intr troducti oduction on A growing body of literature suggests that exporting has

692 views • 20 slides
Wool exporting and risk management Mr Michael Blake Elders/BWK Ltd 1. Introduction Exporting,

Wool exporting and risk management Mr Michael Blake Elders/BWK Ltd 1. Introduction Exporting,

Wool exporting and risk management Mr Michael Blake Elders/BWK Ltd 1. Introduction Exporting, Documentation and Risk Management q Risks in exporting wool are carried by the exporter v Financial capacity v Specifications v

197 views • 18 slides
A Plan to Fix Local Variable Debug Information in GCC Alexandre Oliva aoliva@redhat.com

A Plan to Fix Local Variable Debug Information in GCC Alexandre Oliva aoliva@redhat.com

1 A Plan to Fix Local Variable Debug Information in GCC Alexandre Oliva aoliva@redhat.com http://people.redhat.com/~aoliva/ GCC Summit, June, 2008 A Plan to Fix Local Variable Debug Information in GCC Alexandre Oliva 2 Summary > -Wall

490 views • 16 slides
EXPORTING AMERICA, EXPORTING CAPITALISM: CULTURAL IMPERIALISM AND SOFT POWER CULTURAL

EXPORTING AMERICA, EXPORTING CAPITALISM: CULTURAL IMPERIALISM AND SOFT POWER CULTURAL

Week 6 EXPORTING AMERICA, EXPORTING CAPITALISM: CULTURAL IMPERIALISM AND SOFT POWER CULTURAL IMPERIALISM The Role of US Private and State Media The CIA and Abstract Expressionism Free Media: Corporate Ownership and Control

273 views • 13 slides
Aaron Pulkka 2 Evolving International Partnerships from Outsourcing to Exporting Aaron

Aaron Pulkka 2 Evolving International Partnerships from Outsourcing to Exporting Aaron

Aaron Pulkka 2 Evolving International Partnerships from Outsourcing to Exporting Aaron Pulkka | Director of Production | Activision 3 Overview Aaron Pulkka Key Ideas My Background Development Outsourcing Game Exporting

549 views • 52 slides
Plan for Today and Thursday Bottom-Up Parsing with LR parse tables JavaCUP debug information

Plan for Today and Thursday Bottom-Up Parsing with LR parse tables JavaCUP debug information

Plan for Today and Thursday Bottom-Up Parsing with LR parse tables JavaCUP debug information using an LR parser Building the LR Parsing Table for LR(0) items, closure, and goto, oh my! why does it need to know input token if LR(0)?

207 views • 5 slides
Leader in Exporting US Wines to the World. http://www.uswineexports.com Our Strengths &

Leader in Exporting US Wines to the World. http://www.uswineexports.com Our Strengths &

Leader in Exporting US Wines to the World. http://www.uswineexports.com Our Strengths & Expertise We specialize in exporting US Wines Globally We have direct relationships, ownership and exclusivity with our wineries to export the

218 views • 10 slides
Debug Info for Optimized Code LLVM BoF Session Adrian Prantl & Vedant Kumar, Apple October

Debug Info for Optimized Code LLVM BoF Session Adrian Prantl & Vedant Kumar, Apple October

Debug Info for Optimized Code LLVM BoF Session Adrian Prantl & Vedant Kumar, Apple October 2018 Ten years of LLVM Debug Info Ten years of debug info in LLVM #commits to LLVM 12000 9000 6000 3000 0 2007 2008 2009 2010 2011

380 views • 8 slides
Debug info in optimized code how far can we go? Improving LLVM debug info with function entry

Debug info in optimized code how far can we go? Improving LLVM debug info with function entry

Debug info in optimized code how far can we go? Improving LLVM debug info with function entry values RT-RK LLC Speakers: Djordje Todorovic djordje.todorovic@rt-rk.com Nikola Prica nikola.prica@rt-rk.com 1 CONFIDENTIAL Reproduction

543 views • 30 slides
efforts count: Best practices with the CDT Debugger Marc Khouzam ABOUT Me Working with CDT

efforts count: Best practices with the CDT Debugger Marc Khouzam ABOUT Me Working with CDT

Making your debugging efforts count: Best practices with the CDT Debugger Marc Khouzam ABOUT Me Working with CDT Debug since 2007 CDT project co-lead, lead for Debug component Things you don't like about CDT Debug are probably my

636 views • 50 slides
DATA Act Webinar for Agencies January 5, 2016 Analysis with Structured Data Brought to you

DATA Act Webinar for Agencies January 5, 2016 Analysis with Structured Data Brought to you

DATA Act Webinar for Agencies January 5, 2016 Analysis with Structured Data Brought to you through a partnership between AGA and XBRL US https://www.agacgfm.org/DataActHub Analysis with Structured Data Agenda Introductions Herschel

530 views • 31 slides
Multi-Task Minimum Error Rate Training for SMT Patrick Simianer, Katharina W aschle, Stefan

Multi-Task Minimum Error Rate Training for SMT Patrick Simianer, Katharina W aschle, Stefan

Multi-Task MERT Simianer, W aschle, Riezler Multi-Task Minimum Error Rate Training for SMT Patrick Simianer, Katharina W aschle, Stefan Riezler Department of Computational Linguistics University of Heidelberg, Germany Multi-Task

522 views • 17 slides
The View from AI2 Oren Etzioni, CEO Allen Institute for AI (AI2) Mission: contribute to the world

The View from AI2 Oren Etzioni, CEO Allen Institute for AI (AI2) Mission: contribute to the world

The View from AI2 Oren Etzioni, CEO Allen Institute for AI (AI2) Mission: contribute to the world through high-impact AI research and engineering, with emphasis on reasoning, learning, and reading capabilities. Outline: 1. Overview of AI2

784 views • 37 slides
Towards More Adequate Natural Idea: Using . . . Linear Dependence . . . Value-Added How to

Towards More Adequate Natural Idea: Using . . . Linear Dependence . . . Value-Added How to

Assessment is Important Need for Value-Added . . . Current Approaches to . . . Towards More Adequate Natural Idea: Using . . . Linear Dependence . . . Value-Added How to Determine the . . . Case of Interval . . . Teacher Assessments:

595 views • 16 slides
Anatomy of cross-compilation toolchains Thomas Petazzoni thomas.petazzoni@free-electrons.com

Anatomy of cross-compilation toolchains Thomas Petazzoni thomas.petazzoni@free-electrons.com

Embedded Linux Conference Europe 2016 Anatomy of cross-compilation toolchains Thomas Petazzoni thomas.petazzoni@free-electrons.com Artwork and Photography by Jason Freeny http://free-electrons.com 1/1 free electrons free electrons - Embedded

781 views • 37 slides
Analyzing Parallel Program Performance using HPCToolkit John Mellor-Crummey Department of

Analyzing Parallel Program Performance using HPCToolkit John Mellor-Crummey Department of

Analyzing Parallel Program Performance using HPCToolkit John Mellor-Crummey Department of Computer Science Rice University http://hpctoolkit.org ALCF Many-Core Developer Session 21 February, 2018 1 Acknowledgments Current funding

741 views • 51 slides
Extracting Tables from PDFs Extracting Tables from PDFs Using Camelot and Excalibur to

Extracting Tables from PDFs Extracting Tables from PDFs Using Camelot and Excalibur to

Extracting Tables from PDFs Extracting Tables from PDFs Using Camelot and Excalibur to automate PDF table extraction and export Dimiter Naydenov @dimitern 1 . 1 Overview Overview PDF: brief history, structure, representing tables Camelot

355 views • 13 slides
Physical-layer Identification of RFID Devices Boris Danev Thomas Heydt-Benjamin Srdjan Capkun

Physical-layer Identification of RFID Devices Boris Danev Thomas Heydt-Benjamin Srdjan Capkun

Dept. of Computer Science System Security Group Physical-layer Identification of RFID Devices Boris Danev Thomas Heydt-Benjamin Srdjan Capkun bdanev@inf.ethz.ch hey@zurich.ibm.com capkuns@inf.ethz.ch Dept. of Computer Science System

276 views • 15 slides

More recommend