To find out where the sprintf function was called from, we open the stack trace window (Debugger, Tracing, Stack trace): Pressing F9 will start the application and the immediate result will be a message box about a SIGBUS signal. This is the easiest way to locate the crash address. Let’s go for a first quick run: we will just launch the application and let it crash. In this dialog we explicitly specify all fields because, unfortunately, IDA can’t read minds yet! Well, except for the port number when it happens to use the default value… We begin our session by loading the macvuln file into the database:Īnd set the process options in the Debugger,cess options dialog box: Let’s start IDA on our Windows machine and see if we can figure out what causes the crash. If you run it with a malformed output file name, it crashes: We modified the tool we use to generate IDA message files to make it vulnerable. Lets now take a look at our somewhat artificial macvuln demo application. If your debugger server is directly accessible from the Internet (a strategy we do not recommend!), or if you are working in a sniffable local environment, consider adding encryption such as a SSH tunnel to prevent password sniffing.
If you forget to password-protect it, anyone can connect to the debugger server and launch any program on the machine. Do not forget to protect your debugger server from the outside world. We’re all set! We can either create new processes or attach to existing ones.
We are now ready to launch the the debugger server: Please note the ‘s’ bit in the file permissions. In order to connect to other applications and debug them, we first have to set the appropriate permissions for the debugger server: we need to make it setgid “procmod”. But, if you prefer, you may also use the Mac OS X version of IDA, or even the Linux version, they offer the same functionalty. For this tutorial, we will use the Windows version of IDA. The debugger server is stand-alone and it is not necessary to have installed the OS X version of IDA to use it. Unpack the debugger server files to any directory on Mac OS X. macvuln.tgz – a sample vulnerable Mac OS X application which will be used in this primer.This primer shows how to use the Mac OS X debugger included in IDA 5.1.īefore we start, please download this archive:
0 kommentar(er)
