Wine

From MILEDROPEDIA
Jump to: navigation, search

Intro

For example we want do debug (because of Reverse Engineering) of asm55p utility (from TI utils) So, we need find opcodes table. Ok. just install latest wine, gdb (and IDA Pro, if you have it)

First, we need to see, which functions call this program:

WINEDEBUG=+relay wine asm55p.exe &> asm55p_trace.log

start program with windbg:

winedbg asm55p.exe

if you want use windbg directly. Here you can find commands reference http://www.winehq.org/docs/winedev-guide/dbg-commands

If you prefer work in gdb or in another debugger in gdb-remote mode, you need run wine in gdbserver mode:

[xvilka $] winedbg --gdb --no-start asm55p.exe
001e:001f: create process 'Z:\home\xvilka\Secure\motodroid\tms320c55x_plus\asm55p.exe'/0x110788 @0x502b5a ()0<0>)
001e:001f: create thread I @0x502b5a
target remote localhost:33563

In the output of this command you see line with gdbserver listening port, like "target remote localhost:33563" in our example

In you gdb, or another debugger you need connect to this port at localhost for start debugging. "--no-start" option stop program at the start.

IDA Pro example

1. You need choose "Remote GDB": Wine asm55p ida 0.png

2. Then you need set host and port for remote debugging: Wine asm55p ida 1.png

Wine asm55p ida 2.png

3. Then setup debugging options: Wine asm55p ida 3.png

4. Then do "Attach to process" and you can see running program in your IDA. Now you can use step/jump/continue, see and edit variables and registers, and other interesting things: Wine asm55p ida 4.png

Personal tools
Namespaces
Variants
Actions
Navigation
see also
Toolbox