Open besentv opened 2 years ago
10110111
commented
2 years ago AFAICT, EDB doesn't support PE symbols at all, only ELF support is implemented. And Wine DLLs is yet another thing to add support for (since DLLs are not native on Linux).
But, since you are analyzing a Windows program, you might be better off with a Windows debugger like OllyDbg or x64dbg run via Wine. I had used OllyDbg via Wine, and it did work.
besentv
commented
2 years ago The problem with either OllyDbg or x64dbg is, that you cannot debug the Unix side. Another issue is debugging programs with builtin DRM. They're usually very annoying on the PE side, as they like to kill off the whole program when they detect a debugger, but are pretty useless when you're debugging the Windows program as a Unix process, as they can't really see a debugger anymore. Many Wine/Proton developers usually use gdb to debug Wine, just because of these two facts. So having PE symbols would be very cool to have, as edb has a much better interface than gdb. :)
eteran
commented
2 years ago Interesting. As @10110111 said, there is no built in PE support of any kind in EDB. I of course like the idea of being able to debug Windows binaries via wine... but we've definitely got some work to do to support it.
We'll see what we can do, but sadly can't make any promises yet.
I tried to debug a program running in Wine with dwarf debug symbols, but edb doesn't seem to be able to read them from the Win-PE file format.
The highlighted row should show something along the lines of "<win32u.dll!FooBar+0>"
To reproduce, just compile Wine in MinGW mode (for symbols) https://wiki.winehq.org/Building_Wine, run a Windows program, and attach to it.