Pentesting Tools: Debuggers - Paiet/SEC-335 GitHub Wiki

  • Debuggers

    • Immunity debugger
      • Look at the interface
        • Attach a program/app
        • Search for: Command
          • jmp esp
        • Registers
          • EAX: Accumulator Register
            • Mostly for holding temporary data
          • EBX: Base Register
            • Mostly for holding temporary data
          • ECX: Counter Register
            • Loop counter
          • EDX: Data Register
            • I/O and General data handling
          • EBP: Base Pointer
            • Contains parameter variables
            • Also used to pass arguments
          • ESP: Stack Pointer
            • Contains address for the top of the memory stack
          • EIP: Instruction Pointer
            • Contains instructions to be executed next
        • Hex Dump
          • Shows the contents of the register
        • Stack
          • Shows the contents of the register
    • OLLYDBG
      • Alternative to Immunity
      • Also a Windows based debugger
      • Runs on Linux with WINE installed
    • GDB
      • Linux command line debugger
      • gdb ./program
      • disassemble main
        • Shows main program code in assembly
    • WinDBG
      • WinDBG = Windows Debugger
      • Software debugging tool created by Microsoft
      • Runs on Windows OS
    • IDA
      • IDA = Interactive Disassembler
      • Runs on
        • Windows
        • Linux
        • Mac OS
      • Supports variety of processors
        • ARM, INTEL, DEC, MOTOROLA, NEC, SPARC, etc...
      • Supports variety of executable formats
        • COM, COFF, ELF, AIM, etc...
      • Recognizes variety of compilers
        • BORLAND, GNU, MICROSOFT C/C++, ARM
      • Pricy $$$
        • Can run over $3k for all bells and whistles

  • Software assurance