Welcome to ldbg’s documentation!¶
Welcome to ldbg’s documentation
Installation¶
ldbg can be installed from the github repository.
$ git clone https://github.com/njord0/ldbg
$ cd ldbg
$ python3 -m pip install requirements.txt
$ python3 setup.py install
Examples¶
Simple program¶
from ldbg import Debugger
import ldbg
p = Debugger.debug('./executable')
print(f'Process started with PID: {p.pid}')
print(f'The process is stopped at the entry point by default, {hex(p.get_instruction_pointer())}')
try:
p.pcontinue()
except ldbg.ProcessExitedException as e:
print('The process exited with code: ', e.n)
print(
p.stdout.read()
) ## printing the output of the program
Where executable can either be a x86 or a x86-64 ELF file.
Interception of function calls and modifying parameters¶
Here is a simple example of usage of the functions property to intercept functions calls and modify parameters:
source.c :
// gcc -o executable source.c
#include <stdio.h>
#include <stdlib.h>
void power2(int a)
{
printf("a^2 = %d\n", a*a);
}
int main(int argc, char **argv)
{
int a;
printf("Give me a number: ");
scanf("%d", &a);
power2(a);
return 0;
}
And the script:
from ldbg import Debugger
import ldbg
p = Debugger.debug('./executable')
power2 = p.get_function_by_name('power2')
for xref in power2.call_xrefs:
p.breakpoint(xref)
p.stdin.write(b'10\n') # feeding scanf
p.pcontinue()
rdi = p.get_reg('rdi')
print(f'Intercepted value: {rdi}')
p.set_reg('rdi', 42)
try:
p.pcontinue()
except ldbg.ProcessExitedException as e:
print(p.stdout.read(100))
print('process exited with status code: ', e.n)
And the output of program will be:
Intercepted value: 10
b'Give me a number: 42^2 = 1764\n'
process exited with status code: 0
A simple strace like tool¶
from ldbg import Debugger
import ldbg
p = Debugger.debug('./executable')
format_str = '{0:4} {1:20} {2:20} {3:20}'
print(format_str.format('no', 'rdi', 'rsi', 'rdx'))
while True:
p.syscall() # stops before syscall execution
regs = p.get_regs()
rax, rdi, rsi, rdx = regs['orig_rax'], regs['rdi'], regs['rsi'], regs['rdx']
print(format_str.format(hex(rax)[2:], hex(rdi)[2:], hex(rsi)[2:], hex(rdx)[2:]), end="")
try:
p.syscall() # stops after syscall
except ldbg.ProcessExitedException as e:
exit(0)
rax = p.get_reg('rax')
print('= ' + hex(rax)[2:])