b1m0-debugger
Linux (debugger, syscall tracer, elf parser) for x86_64, I code it from scratch for educational purpose.
Features
Parsing Elf File
- Display the ELF file header.
- Display the program headers.
- Display the sections' header.
Tracing syscalls
- Trace syscalls (like strace).
- Continue execution until syscall.
- Tracing specific syscall (unimplemented).
Check executable security mitigation
- RELRO.
- NoExecute (NX).
- Position Independent Executables (PIE).
- Stack Canaries (unimplemented).
Stepping
- Single step - step over function calls.
- Step out of the present function.
- Step to _start
- Step in - Step into function calls (unimplemented).
Get/Set Registers
- Dump all registers.
- Modify specific register.
Breakpoints
- Set breakpoints.
- list all breakpoint.
Process information
- Show the original command line of the process.
- Show the memory address space ranges accessible in a process.
Check wiki page for all commands.
Dependencies
note While I'm trying to code an elf parser, I discovered an anti-debug technique on gdb. POC | poc.c