Want to Join Us ?

you'll be able to discuss, share and send private messages.

Tutorial IDA PRO Debugging Via WMware Linux / OS X

Discussion in 'Debuggers' started by storm shadow, Jan 7, 2014.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    When trying to remote gdb to an wmvare linux shell, you soon find out that its almost impossiple.
    You get message in ida pro

    Code (Text):
    Can not set debug privilege
     
    or Target denide connection
    Even hex-rays own Toturial i shitty and dosent offer direct debugging.
    http://lmgtfy.com/?q=ida+pro+vmware

    Well after some research i can show howto do this correctly
    It was an long road o_O


    account debug privilege
    1)
    1. Run the "Local security setting" administrator by typing "secpol.msc" in the Run... option of yout start menu.
    2. Expand the tree by clicking the "Local policies" item.
    3. Select the "User Rights Assignment" item.
    4. Double-click the "Debug programs" option in the right panel.
    5. Click "Add user or group..." button.
    6. Insert the user name and click "Check names" button.
    7. Click the OK button and close all opened windows.
    8. You have to restart your session.

    Setting up Wmware workstation

    onfiguration Parameters
    • VMware Workstation 10 running on Windows 8 PRO
    • The Virtual Machine is an Fedora / PSLGHT4ALL
    • The virtual NIC is configured with DHCP
    2)
    1. Open Virtual Machine Settings (Rightclick -> Settings…) and set your virtual machines network connection to “NAT

    [​IMG]

    2. Power on the Virtual Machine and write down the IP address (You could also use a static IP address)


    [​IMG]

    3. Open Virtual Network Editor (Edit -> Virtual Network Editor…)
    4. Select VMnet8 / NAT and press NAT Settings…

    [​IMG]

    5. Click Add6. Configure Port and IP address
    ida pro uses port 23946 remember to do both TCP and UDP

    [​IMG]

    7.Press OK twice to close NAT Settings and Virtual Network Editor



    Making Firewall Rule

    3)


    1. Open Windows Firewal with Advanced Security (Run > WF.msc)
    [​IMG]

    2. Rightclick Inbound Rules and press New Rule…


    [​IMG]

    3. Select the rule type Port

    [​IMG]

    4. Select TCP and specify Port 23946
    Do the same again just with UCP!!

    [​IMG]

    click next then allow all >>> save
    Do the same for OUTBOUND RULE !!



    Make the image listen fo ida pro
    5)

    Locate your *.vmx file
    mine is psl1ght-dev.vmx
    open and insert these lines.


    Code (Text):
    debugStub.listen.guest32 = "TRUE"
    debugStub.listen.guest64 = "TRUE"
    debugStub.hideBreakpoints = "TRUE"
    debugStub.listen.guest32.remote = "TRUE"
    debugStub.listen.guest64.remote = "TRUE"

    TESTING
    6)
    open virtual machine.
    Copy linux_server and linux_serverx64 på virtual machine

    Run command in shell

    Code (Text):
    [user@psl1ght-dev server]$ sudo ./linux_server64 -Ppass
     
    IDA Linux 64-bit remote debug server(ST) v1.14. Hex-Rays (c) 2004-2011
    Listening on port #23946...
     
    open ida With ADMIN Rights
    i use ida 64

    Press Debugger >> attatch remote debugger >>> Remote Linux Debugger

    [​IMG]

    And Success

    [​IMG]


    TEST 2
    close ./linux_serverx64
    Remote GDB

    grapp the elf from here
    http://techbliss.org/threads/linux-executable-walkthrough-binary-source.472/#post-1128

    copy to VM machine

    run in shell

    Code (Text):
    [user@psl1ght-dev server]$ gdbserver localhost:23946 simple.elf
    Process simple.elf created; pid = 1831
    Listening on port 23946
     
    open ida pro with admin rights
    then debuggers >> attatch >> Remote GDB

    You can change debugger settings to stop on debugging start, but this is only a test.

    see what happends

    [​IMG]

    yep finds it all right.normally it refuses to connect after this step

    [​IMG]

    [​IMG]

    SUCCESS.
     
  2. hoangcuongflp

    New Member

    where I can download "linux_server64 -Ppass"?.
     
  3. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    the linux server is shipped with ida pro
    linux_server = 32 bit
    linux_serverx64 = 64 bit
    the -Ppass is part off the command

    -p = port
    -P = Password
    remember no space like so.
    linux_server -p23946 -Pmypass
     
    hoangcuongflp likes this.
  4. 203030

    Guest

    my vmware os is kali
    i dont know what should i do ?
    it doesnt permit
     

    Attached Files:

    • gdb.JPG
      gdb.JPG
      File size:
      50.8 KB
      Views:
      9
  5. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    launch as a SU
     
  6. mehdi

    New Member

    i just did but this came up
     

    Attached Files:

    • SU.JPG
      SU.JPG
      File size:
      54.9 KB
      Views:
      7
  7. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    i have to disable antivirus in windows , and its important that i run ida with admin privl.Also did you open your ports in Wmware ?
     
  8. mehdi

    New Member

    i did it now ! all of it
    except the first part of tuturial my windows doesnt have Local security setting" but i entered as admin !
     
  9. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    ohh youre using windows 8 ?
    they actuelly disapled you options to fiddle with the account debug privilege.
    You need windows 8 pro to enable this "hurray Microsoft":depressed.png:
     
  10. mehdi

    New Member

    not actually i am using windows 7 :| home premium
     
  11. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    windows home premium got the secpol.msc from start menu.
     
  12. mehdi

    New Member

     

    Attached Files:

  13. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    C:\Windows\System32\secpol.msc
    there poberly have been some screwup to your PATH in invirament settings you should add C:\Windows\System32 to your path
     
    Rip Cord and mehdi like this.
  14. Rip Cord

    Administrator Staff Member Admin Developer

    agree, thank for the awesome website.
     
    storm shadow and mehdi like this.
  15. hoangcuongflp

    New Member

    Thanks to Admin for help!.
     
    mehdi likes this.
  16. hachzz

    Member

    How i can do this on Virtual-Box?
    do the same things?
     
  17. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    proberly same thing on VB
    defently debug privg.in windows.
    And always remember to run as Admin when doing cross debugging.
     
    hachzz and Rip Cord like this.
  18. hachzz

    Member

    sir,
    when i click on "Attach -> Remote Linux debugger", i have error message:
    upload_2014-8-23_15-0-17.png

    and "Ouput windows":

    upload_2014-8-23_15-3-38.png

    i did as your instructed, but i dont know why it happens (im new in ida).
    pls help me... ty.
     
  19. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    ahh you are using wrong version. it loads the pc(pc.32) insteed off linux so error.
    Do you do

    Code (Text):
    sudo ./linux_server64
    on the linux image ?
    What image are you running in virtual box ?
     
  20. hachzz

    Member

    im using vmware player with vmnetcfg (from vm workstation 10):
    upload_2014-8-23_16-31-41.png
    linux: backtrack 5r3 x86 (base-on ubuntu 12 LTS) (default-root user).

    pls help... :D

    bonus: my NAT config:
    upload_2014-8-23_16-37-15.png
     

    Attached Files:

Top