Reverse Engineering Asked by forgodsakehold on April 8, 2021
I see a string being output to my Terminal, when I ran an executable. I have the source code (in C) of the executable, but it was not written by me. I compiled it with -g flag. Is there any way to know which line in which file resulted in the output, with dtrace, lldb, gdb, or any other means?
I am using macOS 10.13. When I ran gdb and the following:
catch syscall write
I got this error:
The feature ‘catch syscall’ is not supported on this architecture yet.
Is there any way that can achieve my goal?
You can use strace:
strace --instruction-pointer --stack-traces -e write ./your-app
This will show the place in the binary, for instance:
[00007fe942df6537] write(1, "c", 1c) = 1
> /usr/lib64/libc-2.31.so(write+0x17) [0xf2537]
> /usr/lib64/libc-2.31.so(_IO_file_write@@GLIBC_2.2.5+0x2c) [0x8285c]
> /usr/lib64/libc-2.31.so(new_do_write+0x65) [0x81b95]
> /usr/lib64/libc-2.31.so(_IO_do_write@@GLIBC_2.2.5+0x18) [0x83948]
> /usr/lib64/libc-2.31.so(_IO_file_sync@@GLIBC_2.2.5+0xa7) [0x819b7]
> /usr/lib64/libc-2.31.so(_IO_fflush+0x85) [0x76595]
> /tmp/a.out(main+0x62) [0x4011a8]
> /usr/lib64/libc-2.31.so(__libc_start_main+0xf1) [0x27041]
> /tmp/a.out(_start+0x2d) [0x40108d]
This means that 0x4011a8 (main+0x62). You can use your favourite disassembler to tell what place in code that is.
Edit: oh damn, I didn't realize there's no strace for macOS. I think I'll leave the answer though.
Answered by enedil on April 8, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP