Menu

Subscribe

edb 安装小记

on edb, ollydbg, boost, qt, git, github, 逆向

发现神器

逆向工具ollydbg对于64位支持不好,而且只是windows下而已。发现神器edb,linux下qt编写而成。 github地址,我当前系统是xubuntu 15.04 64位系统。

安装

下载qt,qt官网地址,下载.run文件,然后./xxx.run,安装图形界面安装即可。或者

sudo apt-get install qt-sdk

下载edb源码

git clone git@github.com:eteran/edb-debugger.git

安装命令如下:

$ mkdir build
$ cd build
$ cmake ..
$ make
$ ./edb
问题1

但是我在cmake ..的时候报错,如下: 

错误

没有boost头文件,安装boost完美解决

$ sudo apt-get install libboost-all-dev
问题2

然后..... 新的错误,线索戳这 

capstone 

//如果仅仅安装二进制,我们选这种就可以了
sudo apt-get install libcapstone2  
//如果需要安装开发
sudo apt-get install libcapstone-dev
问题3

还是有问题,报错如下。FindQt5Core.cmake找不到。

CMake Warning at CMakeLists.txt:38 (find_package):  
  By not providing "FindQt5Core.cmake" in CMAKE_MODULE_PATH this project has
  asked CMake to find a package configuration file provided by "Qt5Core", but
  CMake did not find one.

  Could not find a package configuration file provided by "Qt5Core" with any
  of the following names:

    Qt5CoreConfig.cmake
    qt5core-config.cmake

  Add the installation prefix of "Qt5Core" to CMAKE_PREFIX_PATH or set
  "Qt5Core_DIR" to a directory containing one of the above files.  If
  "Qt5Core" provides a separate development package or SDK, be sure it has
  been installed.

-- Configuring done

解决命令如下

sudo apt-get install qt5-default
问题4
CMake Error at /usr/lib/x86_64-linux-gnu/cmake/Qt5/Qt5Config.cmake:26 (find_package):  
  Could not find a package configuration file provided by "Qt5XmlPatterns"
  with any of the following names:

    Qt5XmlPatternsConfig.cmake
    qt5xmlpatterns-config.cmake

  Add the installation prefix of "Qt5XmlPatterns" to CMAKE_PREFIX_PATH or set
  "Qt5XmlPatterns_DIR" to a directory containing one of the above files.  If
  "Qt5XmlPatterns" provides a separate development package or SDK, be sure it
  has been installed.
Call Stack (most recent call first):  
  src/CMakeLists.txt:26 (find_package)

解决命令

sudo apt-get install libqt5xmlpatterns5-dev
问题5
  Could not find a package configuration file provided by "Qt5Svg" with any
  of the following names:

    Qt5SvgConfig.cmake
    qt5svg-config.cmake

解决问题

apt install libqt5svg5-dev
问题6
CMake Error at src/CMakeLists.txt:198 (add_executable):  
  Cannot find source file:
    qjson4/QJsonArray.h

线索,子模块的问题,tar.gz和.zip等格式的源码上传github后,包含在其中的子模块就不见了。 重新下载源码的tgz格式,重新编译。

成功安装

cmake 成功后,直接make即可。

edb edb_main

实例

1. 编写代码如下,gcc编译
#include <stdio.h>

int main() {  
    printf("hello world\n");
    return 0;
}
2. F3 热键 打开文件

start_edb

3. F8 跟踪代码

一直到0040052a的地方,鼠标右击选中,选择Follow Constant In Dump
此时注意Data Dump的窗口

dump

4. 修改输出字符串

在Data Dump的窗口,右击"hello world"的第一个出现的"l",选择 edit bytes,修改字节为B

edit_bytes

5. F9 运行

可以得到结果

output

未经同意,禁止转载
本文地址 http://blog.hacking.pub/2016/11/03/edb-an-zhuang-xiao-ji/