1

I want to debug an application I don't have symbol files for. I understood that it is necessary to debug on assembly level if I lack the necessary debug information. Since I don't have debug symbols I can't set breakpoints directly on method names, however I still should be able to set a breakpoint on an address.

So I simply tried to set a breakpoint on the entry address, this is what I did:

user@MacBookAir$ gdb
(gdb) file someexecutable
(gdb) info file

The last command returned the following entry point: enter image description here

After having the address, I simply said:

(gdb) break *0x0000000100119ec8
(gdb) run

Unfortunately the target application launched without breaking at the entry point, so I tried it again but this time I did set breakpoints on a few addresses following the entry point address - without success.

The next attempt was to try the solution by Igor Skochinsky which he posted in this question (Stopping at the first machine code instruction in GDB) to set breakpoints with:

(gdb) b _start
(gdb) b start

But both of these commands resulted in the same error:

No symbol table is loaded. Use the "file" command.

Well yeah, apparently I need debug symbols for this to work as well. Then I thought perhaps it just showed an incorrect entry point address, so I verified it with the command:

user@MacBookAir$ otool -l someexecutable

And received the following output: enter image description here

So it appears to be the same entry point as GDB returned. And now I don't know what else I could try. :) Perhaps you guys have an idea on what else I could try. Any help would be very much appreciated. If something is unclear or if I missed some important information just leave a short comment.

Community
  • 1
  • 1
beta
  • 2,583
  • 15
  • 34
  • 46

1 Answers1

2

This looks like a bug in GDB to me. I'm guessing the ASLR relocates the binary to another address but GDB does not move the breakpoint. I'd suggest one of the following:

  1. disable ASLR: set disable-aslr on
  2. set env var DYLD_NO_PIE=1
  3. remove the MH_PIE flag from the executable's header
  4. patch the entrypoint to 0xCC. Once it breaks, you can patch it back to the original byte.
Igor Skochinsky
  • 24,629
  • 2
  • 72
  • 109
  • Awesome to see you dropped by to help me with my question! I tried to disable ASLR or to set the env var, as you suggested, but unfortunately these did not work (it still "skips" the breakpoint). For the latter two options I have to do some research as I'm not very familiar with darwin binaries, will give it a shot tomorrow and report back if I make any progress. :) – beta Apr 16 '13 at 18:10
  • Unfortunately none of these solutions worked for me. I'm closing this now, though, since I cancelled working on this project. Thanks anyway. – beta Apr 25 '13 at 20:44