- HOW TO USE MAC OS 9 DEBUGGER HOW TO
- HOW TO USE MAC OS 9 DEBUGGER MAC OS X
- HOW TO USE MAC OS 9 DEBUGGER PASSWORD
- HOW TO USE MAC OS 9 DEBUGGER WINDOWS
See, my problem with Apple's brain-dead Calculator application is that floating point invariably gets converted to integer (it used to anyway, now this is fixed in 10.3.5).
If we press F8 to step over, the application will crash.This hint requires the Developer Tools, which, of course, everyone has :).
HOW TO USE MAC OS 9 DEBUGGER MAC OS X
Congratulations, you have just discovered your first, somewhat artificial, vunerability in a Mac OS X application! Just out of curiosity, we could single step until the call instruction by pressing F7:
This confirms our guess – yes, the output file name is used as a format string. When the execution reaches our breakpoint, we double click on the eax register to inspect the memory it points to: Terminate the current debugger session with Ctrl-F2 (Terminate process), create a breakpoint with F2 (Toggle breakpoint) and restart the debugger with F9: This will allow us to verify our guess about the format string. Let’s rerun the application and suspend it just before the sprintf call. Double clicking on the next line (with the address 757B on it) will display the offending code: Obviously, the supplied command line argument has been used as a format string to the sprintf function. To find out where the sprintf function was called from, we open the stack trace window (Debugger, Tracing, Stack trace): Pressing F9 will start the application and the immediate result will be a message box about a SIGBUS signal. This is the easiest way to locate the crash address. Let’s go for a first quick run: we will just launch the application and let it crash. In this dialog we explicitly specify all fields because, unfortunately, IDA can’t read minds yet! Well, except for the port number when it happens to use the default value… We begin our session by loading the macvuln file into the database:Īnd set the process options in the Debugger,cess options dialog box:
HOW TO USE MAC OS 9 DEBUGGER WINDOWS
Let’s start IDA on our Windows machine and see if we can figure out what causes the crash. If you run it with a malformed output file name, it crashes: We modified the tool we use to generate IDA message files to make it vulnerable. Lets now take a look at our somewhat artificial macvuln demo application.
HOW TO USE MAC OS 9 DEBUGGER PASSWORD
If your debugger server is directly accessible from the Internet (a strategy we do not recommend!), or if you are working in a sniffable local environment, consider adding encryption such as a SSH tunnel to prevent password sniffing. If you forget to password-protect it, anyone can connect to the debugger server and launch any program on the machine. Do not forget to protect your debugger server from the outside world. We’re all set! We can either create new processes or attach to existing ones. We are now ready to launch the the debugger server: Please note the ‘s’ bit in the file permissions.
In order to connect to other applications and debug them, we first have to set the appropriate permissions for the debugger server: we need to make it setgid “procmod”. But, if you prefer, you may also use the Mac OS X version of IDA, or even the Linux version, they offer the same functionalty. For this tutorial, we will use the Windows version of IDA. The debugger server is stand-alone and it is not necessary to have installed the OS X version of IDA to use it. Unpack the debugger server files to any directory on Mac OS X.
HOW TO USE MAC OS 9 DEBUGGER HOW TO
This primer shows how to use the Mac OS X debugger included in IDA 5.1.īefore we start, please download this archive:
0 kommentar(er)
