3

Should I use GDB or Radare2 for reversing an executable(I am a beginner)? I try to programming in C and I got a SegFault. I want to Reverse Engineer it to get experience in Assembly and see where I get the SegFault.

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
MP13
  • 390
  • 3
  • 11

2 Answers2

6

For debugging an executable you built from source yourself, GDB is intended as a debugger. You can use layout reg to get a disassembly + registers view which can help understanding segfaults, if looking at C variables didn't help.

Debug info from compiling with gcc -g means you don't need to reverse-engineer anything, just use a normal debugger. But to get experience in asm, using a debugger both ways (source view and asm view) can help you understand how the compiler used certain asm instructions to implement each C statement. So you definitely want a debugger that can take advantage of debug info. There are some GUI GDB front-ends, like https://www.gdbgui.com that can be easier to use than command-line GDB.

But see also How to remove "noise" from GCC/clang assembly output? for more about seeing how C compiles to asm.

I haven't used radare2. I assume it has features that are good for intentionally-obfuscated executables without source, which is the opposite of what you have from compiling your own C programs with a normal compiler.

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
  • 2
    To be fair, many of features a RE-type tool provides are great for exploring non-obfuscated compiled binaries as well. One could also consider optimized binaries a type of obfuscation :). That said, I tried Radare2 for a while but never even to become competent. The learning curve is ... steep. – BeeOnRope Nov 12 '19 at 19:54
4

I would recommend Radare2 because it's clearer than GDB and easier for beginners ;)

Lockna
  • 691
  • 1
  • 8
  • 24