tidal wigeon
Trying to debug someone else's compiled binary (without debug information unfortunately).
The binary at some point calls syscall 0x1f which is unimplemented in the x86 kernel, so I'm wondering if there's a way to just, skip over that and keep running? Just to see what happens.
This isn't a C question, but it's a GDB question, so I thought it's still close enough to ask here.
steady fableBOT
tidal wigeon
Slightly unrelated but tangential: is it possible to single-step through something that wasn't compiled with debug flags? If not, where could I find out how to add that debug information myself, post-compilation?
-# i guess i could figure out how elf works, for starters..
I've discovered handle SIGILL but it just repeatedly attempts the same syscall instead of continuing past it.
at least it's not exiting this time?
My current thoughts are to jump past the instruction, but I don't know how wide the instruction is, and I'd assume jumping only halfway would make things worse.
tidal wigeon
Slight progress update: I've tried jumping 1 2 3 and 4 bytes. Most promising seems to be 2 bytes, but I run into another SIGILL (eax = ioctl with a negative file descriptor)
This also assumes SIGILL is being raised from syscalls, which I'm assuming is the only case?
...The more I interact with this, the more I feel this isn't a C thing, but I'm not sure where else to ask something like this at.
right-O. close this i shall, then
blegh
!solved
steady fableBOT