Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Binary Analysis Cookbook

You're reading from   Binary Analysis Cookbook Actionable recipes for disassembling and analyzing binaries for security risks

Arrow left icon
Product type Paperback
Published in Sep 2019
Publisher Packt
ISBN-13 9781789807608
Length 396 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Michael Born Michael Born
Author Profile Icon Michael Born
Michael Born
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Setting Up the Lab 2. 32-bit Assembly on Linux and the ELF Specification FREE CHAPTER 3. 64-bit Assembly on Linux and the ELF Specification 4. Creating a Binary Analysis Methodology 5. Linux Tools for Binary Analysis 6. Analyzing a Simple Bind Shell 7. Analyzing a Simple Reverse Shell 8. Identifying Vulnerabilities 9. Understanding Anti-Analysis Techniques 10. A Simple Reverse Shell With Polymorphism 11. Another Book You May Enjoy

Installing the EDB Debugger

I first learned about Evan Teran's EDB Debugger (appropriately referred to as the Evan Debugger) when studying for a hands-on penetration testing certification. I instantly fell in love with the user interface and usability. EDB Debugger is licensed under the GNU General Public License v2.0 (GPL v2.0). I hope you enjoy using this tool as much as I do.

The EDB Debugger is a GUI-based debugger capable of performing static and dynamic analysis of binaries, similar to the GNU Debugger (GDB). The only difference is that GDB doesn't have a GUI like the EDB Debugger. I plan on teaching both tools in later chapters, so we'll retrieve the source code for the EDB Debugger and will use this recipe to compile it.

Getting ready

If the 32-bit and 64-bit Ubuntu virtual machines aren't running, go ahead and start them both now. Once they are running, log into both of them if needed, and start the Terminal application within each virtual machine. Once the Terminal is running, you can work through this recipe. We've already installed the dependencies for this tool in Installing the dependencies and the tools recipe earlier in this chapter, so we can move right along and compile this tool from the source.

How to do it...

Perform the following steps:

  1. Using the open Terminal application, type the following commands:
$ cd ~/bac
$ git clone --recursive https://github.com/eteran/edb-debugger.git
  1. If there are no errors when cloning the EDB Debugger source code, we'll compile the source code by issuing the following Terminal commands:
$ cd ~/bac/edb-debugger
$ mkdir build
$ cd build
$ cmake ..
$ make
  1. Wait for the compilation process to finish. As long as there are no errors, you should see the edb binary in the build directory we just created. For the sake of ease of use, we can create a symbolic link to the edb binary in /usr/local/bin. To do that, we need to issue the following Terminal command:
$ sudo ln -s ~/bac/edb-debugger/build/edb /usr/local/bin/
  1. As long as there were no errors, you should be able to run edb from any directory from a Terminal:
$ edb
  1. If the binary ran correctly, we should see the EDB Debugger start window, as shown in the following screenshot:

How it works...

We started off by changing our current working directory to ~/bac, which we created in the previous recipe. Once our current working directory was changed, we used Git to clone the EDB Debugger source code from its repository on GitHub. Next, we followed the developer's instructions by making a build directory inside the edb-debugger directory, changing our current working directory into that build directory, running cmake against the primary edb-debugger directory, denoted by the .. in the cmake command, and finally, running make to compile the code from the developer's supplied makefile.

Once the compilation process was completed, we created a symbolic link to the binary in the build directory inside the /usr/local/bin directory on our virtual machines. Last, but not least, we verified that the compilation process went well by actually running the binary from our active Terminal session. If you get the same start window as I did, you're ready to move on to the next recipe. Just as a reminder, you need to perform this recipe on both the 32-bit and 64-bit Ubuntu virtual machines.

There's more...

When we retrieved the source code using Git, the --recursive flag also retrieved all of the submodules and plugins that are available from the developers repository. I encourage you to read the wiki about the available plugins: https://github.com/eteran/edb-debugger/wiki.

See also

While I would love to write an entire book on this tool, the developer already has a great wiki for us so that we can learn how to use the EDB Debugger. Visit https://github.com/eteran/edb-debugger/wiki if you want to get insight into how to use some of the features of this great tool work. We'll cover some of this functionality in later chapters as it pertains to looking for buffer overflow vulnerabilities in ELF binaries written in C.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime