Weblogs for Pooya
#1
Posted by Pooya on Mon 3 Jan 2011 at 18:47
Do you know GDB?
Have you ever worked with GDB?
to get enough information about GDB recourse to this link :
http://www.gnu.org/software/gdb/
“What is GDB?
GDB, the GNU Project debugger, allows you to see what is going on `inside’ another program while it executes — or what another program was doing at the moment it crashed.
GDB can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act:
* Start your program, specifying anything that might affect its behavior.
* Make your program stop on specified conditions.
* Examine what has happened, when your program has stopped.
* Change things in your program, so you can experiment with correcting the effects of one bug and go on to learn about another. ”
Now, i expect, you know the some essential information about GDB,GNU debugger.
it’s a time of cerebrating! ;) .
if you have hacking brain!, i bet you’ll think How we can cheat GDB to prevent of debugging our program!
Let me , to clear the purpose .
For example, you have the C program and you’ll compile it by GCC . by default your program is debuggable!
How can we prevent of debugging it?
Can we cheat the debuggers?!
Now, It’s a time of using TCC ! ;)
TCC or Tiny C is a compiler as same as the GCC with a little difference.
TCC helps us by 2 way :
1 – generate obfuscated code
2 – affecting the executable essence of our executable file!
see also :
http://bellard.org/tcc/
Just see the result and enjoy!! ;)
It’s result of using gcc :
view source
print?
01 pooya@pooya:~/t$ gcc a.c
02 pooya@pooya:~/t$ gdb a.out
03 GNU gdb (GDB) 7.1-ubuntu
04 Copyright (C) 2010 Free Software Foundation, Inc.
05 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>;
06 This is free software: you are free to change and redistribute it.
07 There is NO WARRANTY, to the extent permitted by law. Type "show copying"
08 and "show warranty" for details.
09 This GDB was configured as "i486-linux-gnu".
10 For bug reporting instructions, please see:
11 <http://www.gnu.org/software/gdb/bugs/>;...
12 Reading symbols from /home/pooya/t/a.out...(no debugging symbols found)...done.
13 (gdb) disass main
14 Dump of assembler code for function main:
15 0x080483e4 <+0>: push %ebp
16 0x080483e5 <+1>: mov %esp,%ebp
17 0x080483e7 <+3>: and $0xfffffff0,%esp
18 0x080483ea <+6>: sub $0x20,%esp
19 0x080483ed <+9>: mov $0x80484d0,%eax
20 0x080483f2 <+14>: mov %eax,(%esp)
21 0x080483f5 <+17>: call 0x804831c <printf@plt>
22 0x080483fa <+22>: mov $0x0,%eax
23 0x080483ff <+27>: leave
24 0x08048400 <+28>: ret
25 End of assembler dump.
26 (gdb)
but it’s result of using TCC :
view source
print?
01 pooya@pooya:~/t$ tcc a.c
02 pooya@pooya:~/t$ gdb a.out
03 GNU gdb (GDB) 7.1-ubuntu
04 Copyright (C) 2010 Free Software Foundation, Inc.
05 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>;
06 This is free software: you are free to change and redistribute it.
07 There is NO WARRANTY, to the extent permitted by law. Type "show copying"
08 and "show warranty" for details.
09 This GDB was configured as "i486-linux-gnu".
10 For bug reporting instructions, please see:
11 <http://www.gnu.org/software/gdb/bugs/>;...
12 /home/pooya/t/a.out: not in executable format: File format not recognized <====
13 (gdb)
the results are illustrative of anything! ;)
*** It’s very essential to thing about TCC algorithm!! yeah! it’s very important! because you mustn’t be Script Kiddie!
I hate Script Kiddies!
Have you ever worked with GDB?
to get enough information about GDB recourse to this link :
http://www.gnu.org/software/gdb/
“What is GDB?
GDB, the GNU Project debugger, allows you to see what is going on `inside’ another program while it executes — or what another program was doing at the moment it crashed.
GDB can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act:
* Start your program, specifying anything that might affect its behavior.
* Make your program stop on specified conditions.
* Examine what has happened, when your program has stopped.
* Change things in your program, so you can experiment with correcting the effects of one bug and go on to learn about another. ”
Now, i expect, you know the some essential information about GDB,GNU debugger.
it’s a time of cerebrating! ;) .
if you have hacking brain!, i bet you’ll think How we can cheat GDB to prevent of debugging our program!
Let me , to clear the purpose .
For example, you have the C program and you’ll compile it by GCC . by default your program is debuggable!
How can we prevent of debugging it?
Can we cheat the debuggers?!
Now, It’s a time of using TCC ! ;)
TCC or Tiny C is a compiler as same as the GCC with a little difference.
TCC helps us by 2 way :
1 – generate obfuscated code
2 – affecting the executable essence of our executable file!
see also :
http://bellard.org/tcc/
Just see the result and enjoy!! ;)
It’s result of using gcc :
view source
print?
01 pooya@pooya:~/t$ gcc a.c
02 pooya@pooya:~/t$ gdb a.out
03 GNU gdb (GDB) 7.1-ubuntu
04 Copyright (C) 2010 Free Software Foundation, Inc.
05 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>;
06 This is free software: you are free to change and redistribute it.
07 There is NO WARRANTY, to the extent permitted by law. Type "show copying"
08 and "show warranty" for details.
09 This GDB was configured as "i486-linux-gnu".
10 For bug reporting instructions, please see:
11 <http://www.gnu.org/software/gdb/bugs/>;...
12 Reading symbols from /home/pooya/t/a.out...(no debugging symbols found)...done.
13 (gdb) disass main
14 Dump of assembler code for function main:
15 0x080483e4 <+0>: push %ebp
16 0x080483e5 <+1>: mov %esp,%ebp
17 0x080483e7 <+3>: and $0xfffffff0,%esp
18 0x080483ea <+6>: sub $0x20,%esp
19 0x080483ed <+9>: mov $0x80484d0,%eax
20 0x080483f2 <+14>: mov %eax,(%esp)
21 0x080483f5 <+17>: call 0x804831c <printf@plt>
22 0x080483fa <+22>: mov $0x0,%eax
23 0x080483ff <+27>: leave
24 0x08048400 <+28>: ret
25 End of assembler dump.
26 (gdb)
but it’s result of using TCC :
view source
print?
01 pooya@pooya:~/t$ tcc a.c
02 pooya@pooya:~/t$ gdb a.out
03 GNU gdb (GDB) 7.1-ubuntu
04 Copyright (C) 2010 Free Software Foundation, Inc.
05 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>;
06 This is free software: you are free to change and redistribute it.
07 There is NO WARRANTY, to the extent permitted by law. Type "show copying"
08 and "show warranty" for details.
09 This GDB was configured as "i486-linux-gnu".
10 For bug reporting instructions, please see:
11 <http://www.gnu.org/software/gdb/bugs/>;...
12 /home/pooya/t/a.out: not in executable format: File format not recognized <====
13 (gdb)
the results are illustrative of anything! ;)
*** It’s very essential to thing about TCC algorithm!! yeah! it’s very important! because you mustn’t be Script Kiddie!
I hate Script Kiddies!