Good disassembler / debugger for Linux

tkdfighter · 2009-11-01 15:49:13

Hi,

for my studies I'm learning x86 assembler and in general how a computer works at that level. So far I've used the standard tools, objdump and gdb. But reversing even small programs for practice is very tedious with the aformentioned tools. Are there any better alternatives? I've heard good things about IDA on Windows, is it any good on Linux? I'd prefer to use open source programs of course, if they are decent.
What do my fellow Arch users use?

Trent · 2009-11-01 18:10:21

Not to be critical, but you're learning assembly by disassembling programs? Seems a bit backwards to me...

Lich · 2009-11-01 18:21:30

Trent, that's not the worse way to learn ASM you know...But I agree, without any base of ASM programming, learning from disassemblies (alone) will be near damn impossible.
To be a bit more constructive, GDB! Best disassembler/debugger out there (for Linux anyway). If you're a GUI fellow, try Insight, a rather nice GDB frontend.
A nice guide to GDB > http://dirac.org/linux/gdb/

Last edited by Lich (2009-11-01 18:22:02)

tkdfighter · 2009-11-02 23:28:42

First of all, thanks for the responses!

Well, as I stated in the OP, I am using gdb. I just find it tedious to work with, because I can't see all my information (registers, stack, stuff stack and registers reference to, etc.) in a nice, formatted way at one glance. I'd just like to be able to concentrate on what the app is doing instead of searching for all the data I need after each and every step. "display" makes it a bit easier, of course, but it's not really sufficient. It feels like I'm using stuff from the 80's. And no, ddd doesn't cut it, IMO.

Maybe I should have elaborated a bit more on what I'm doing in the first place im my original post: this is homework from the semester course "Computer architecture and system programming". We didn't start with disassembling of course. I do have some knowledge of asm and some coding/calling conventions on this level. The recent task was to defuse a "code bomb", which I had to disassemble, of course. After some hours in gdb you can get frustrated, so please excuse my rant above

Googling brought me to Kdbg, but it seems unmaintained, although the page says they're working on porting it to KDE4. I might check that out again sometime when they're done. In the mean time, Insight seems usable judged by the screenshots, showing the registers, stack and so on in windows.

@Lich: thanks for the link!

Of course, suggestions are always welcome!

hidefromkgb · 2009-11-02 23:49:35

To my mind, EDB is better.
It is an analogue of OllyDBG for Windows, copying (well, not exactly) its interface and basic features.

http://aur.archlinux.org/packages.php?ID=10660

SoleSoul · 2009-11-03 00:04:00

Did you try Nemiver?
http://projects.gnome.org/nemiver/

And I know it's not what you asked but I never saw programs for linux which were as good as IDApro and OllyDbg.

bernarcher · 2009-11-03 02:23:35

I still prefer the "classical" motif/lesstif based Data Display Debugger (ddd from extra).

Lich · 2009-11-03 07:07:49

bernarcher wrote:

I still prefer the "classical" motif/lesstif based Data Display Debugger (ddd from extra).

I use it too sometimes, but that's not a debugger per say, it's a front end to GDB (and optionally a few others), so you're still using GDB

essence-of-foo · 2009-11-04 15:02:35

tkdfighter wrote:

First of all, thanks for the responses!
Well, as I stated in the OP, I am using gdb. I just find it tedious to work with, because I can't see all my information (registers, stack, stuff stack and registers reference to, etc.) in a nice, formatted way at one glance. I'd just like to be able to concentrate on what the app is doing instead of searching for all the data I need after each and every step. "display" makes it a bit easier, of course, but it's not really sufficient. It feels like I'm using stuff from the 80's. And no, ddd doesn't cut it, IMO.

You should try out GDB's Tui interface
Simply invoke GDB with: gdbtui filetodebug
Or press ctrl+x a when GDB has already started

Then press ctrl+x 2 (several times) to get different views.

Further reading: http://sourceware.org/gdb/current/onlin … tml#SEC268

kenen · 2009-11-04 15:42:23

As SoleSoul already said, there is no equivalent to IDApro or OllyDbg/ImmunityDebugger on Linux. Not even IDApro for Linux by HexRays is close.

While you are reversing statically (disassembling), I recommend a VM with Windows XP/2k(3) and IDApro.
Considering debugging, GDB with or without a graphical frontend is more or less the way to go, even though EDB seems worth a try.

Last edited by kenen (2009-11-04 15:45:39)

tkdfighter · 2009-11-05 18:41:48

Things have settled down a bit on my end, as I'm not disassembling alot this week. I played around a bit with most of the mentioned applications. Especially EDB seems like it has a lot of potential, but the last update was in 2007, so I guess development has stalled

On the debugging front, nemivr looks good, but is very Gnome-ish, with dependencies and all. Not very KDE friendly. Presumably, I'll just stick to DDD and the console, with some input from EDB here and there. It's really a pitty that there are so many projects that had a good start and got abandoned.

deej · 2009-11-05 18:53:43

Try : http://www.totalviewtech.com/

Free trial available for download; I use to use it, as I
recall it was very good.

Deej

Arch Linux

#1 2009-11-01 15:49:13

Good disassembler / debugger for Linux

#2 2009-11-01 18:10:21

Re: Good disassembler / debugger for Linux

#3 2009-11-01 18:21:30

Re: Good disassembler / debugger for Linux

#4 2009-11-02 23:28:42

Re: Good disassembler / debugger for Linux

#5 2009-11-02 23:49:35

Re: Good disassembler / debugger for Linux

#6 2009-11-03 00:04:00

Re: Good disassembler / debugger for Linux

#7 2009-11-03 02:23:35

Re: Good disassembler / debugger for Linux

#8 2009-11-03 07:07:49

Re: Good disassembler / debugger for Linux

#9 2009-11-04 15:02:35

Re: Good disassembler / debugger for Linux

#10 2009-11-04 15:42:23

Re: Good disassembler / debugger for Linux

#11 2009-11-05 18:41:48

Re: Good disassembler / debugger for Linux

#12 2009-11-05 18:53:43

Re: Good disassembler / debugger for Linux

Board footer