why does ghidra ignores .debug information for certain binaries?
Reverse Engineering Asked on January 19, 2021
I am using debin project to recover symbols in stripped binaries. This project leverages machine learning approach to reverse engineer variables, types and variable names from stripped binaries. It also rebuilds the stripped section (.debug) so that it will be easier for the reverse engineering frameworks to leverage this information to improve the analysis.
But, I observed that even debin successfully builds some of the symbols, ghidra ignores these symbols during analysis. Is there a particular reason for tha? and is there any way to force ghidra to use such symbols (in gui as well as in cli).
for e.g. I have following code (ref: sard 89 benchmark – 000/000/151):
50 int main(int argc, char *argv[])
51 {
52 int init_value;
53 int inc_value;
54 int loop_counter;
55 char buf[10];
56
57 init_value = 0;
58 inc_value = 4105 - (4105 - 1);
59
60 loop_counter = init_value;
61 while((loop_counter += inc_value) && (loop_counter <= 4105))
62 {
63 /* BAD */
64 buf[loop_counter] = 'A';
65 }
66
67
68 return 0;
69 }
readelf -wi output on debin binary (symbols are generated by debin):
<1><2d>: Abbrev Number: 2 (DW_TAG_subprogram)
<2e> DW_AT_name : main
<33> DW_AT_type : <0x1d>
<37> DW_AT_low_pc : 0x401106
<3f> DW_AT_high_pc : 0x47
<2><47>: Abbrev Number: 4 (DW_TAG_variable)
<48> DW_AT_name : matchError
<53> DW_AT_location : 2 byte block: 76 5c (DW_OP_breg6 (rbp): -36)
<56> DW_AT_type : <0x24>
<2><5a>: Abbrev Number: 4 (DW_TAG_variable)
<5b> DW_AT_name : name
<60> DW_AT_location : 2 byte block: 76 50 (DW_OP_breg6 (rbp): -48)
<63> DW_AT_type : <0x2b>
<2><67>: Abbrev Number: 4 (DW_TAG_variable)
<68> DW_AT_name : group
<6e> DW_AT_location : 2 byte block: 76 78 (DW_OP_breg6 (rbp): -8)
<71> DW_AT_type : <0x1d>
<2><75>: Abbrev Number: 4 (DW_TAG_variable)
<76> DW_AT_name : flushType
<80> DW_AT_location : 2 byte block: 76 74 (DW_OP_breg6 (rbp): -12)
<83> DW_AT_type : <0x1d>
<2><87>: Abbrev Number: 4 (DW_TAG_variable)
<88> DW_AT_name : i
<8a> DW_AT_location : 2 byte block: 76 7c (DW_OP_breg6 (rbp): -4)
<8d> DW_AT_type : <0x1d>
Ghidra GUI:
Thanks in advanced.
Debin paper ref: https://dl.acm.org/doi/pdf/10.1145/3360572
Add your own answers!
Ask a Question
Get help from others!
Recent Answers
- Jon Church on Why fry rice before boiling?
- Lex on Does Google Analytics track 404 page responses as valid page views?
- Peter Machado on Why fry rice before boiling?
- haakon.io on Why fry rice before boiling?
- Joshua Engel on Why fry rice before boiling?
Recent Questions
- How can I transform graph image into a tikzpicture LaTeX code?
- How Do I Get The Ifruit App Off Of Gta 5 / Grand Theft Auto 5
- Iv’e designed a space elevator using a series of lasers. do you know anybody i could submit the designs too that could manufacture the concept and put it to use
- Need help finding a book. Female OP protagonist, magic
- Why is the WWF pending games (“Your turn”) area replaced w/ a column of “Bonus & Reward”gift boxes?