I would like to debug my elf file on linux using GDB and follow the disassembly in IDA, is this possible? And if it is how would I rebase IDA to match with GDB?
Thanks!
Asked
Active
Viewed 3,972 times
4
-
Why not just debug it directly in IDA? – Igor Skochinsky Dec 18 '14 at 07:06
1 Answers
4
If you are trying to rebase an elf, you could do info proc mappings. This will show you all of the mapped addresses. (This could also be viewed by doing cat /proc/<pid>/map)
Then just rebase your IDA via EDIT->Segments->Rebase program and select Image Base from the radio buttons.
Ex:
(gdb) info proc mappings
process 12383
Mapped address spaces:
Start Addr End Addr Size Offset objfile
0x8048000 0x8049000 0x1000 0 /home/user/my_elf
0x8049000 0x804a000 0x1000 0 /home/user/my_elf
0x804a000 0x804b000 0x1000 0x1000 /home/user/my_elf
0xb7e73000 0xb7e74000 0x1000 0
0xb7e74000 0xb7fbd000 0x149000 0 /lib/i386-linux-gnu/libc-2.13.so
0xb7fbd000 0xb7fbe000 0x1000 0x149000 /lib/i386-linux-gnu/libc-2.13.so
0xb7fbe000 0xb7fc0000 0x2000 0x149000 /lib/i386-linux-gnu/libc-2.13.so
0xb7fc0000 0xb7fc1000 0x1000 0x14b000 /lib/i386-linux-gnu/libc-2.13.so
0xb7fc1000 0xb7fc4000 0x3000 0
0xb7fdf000 0xb7fe1000 0x2000 0
0xb7fe1000 0xb7fe2000 0x1000 0 [vdso]
0xb7fe2000 0xb7ffe000 0x1c000 0 /lib/i386-linux-gnu/ld-2.13.so
0xb7ffe000 0xb7fff000 0x1000 0x1b000 /lib/i386-linux-gnu/ld-2.13.so
0xb7fff000 0xb8000000 0x1000 0x1c000 /lib/i386-linux-gnu/ld-2.13.so
0xbffdf000 0xc0000000 0x21000 0 [stack]
If I would be looking at the elf in IDA i would use 0x8048000 for the base. If I would be looking at libc-2.13.so I would use 0xb7e74000.
Hope that helps.
Bambu
- 556
- 2
- 8