search

mahaloz / decomp2dbg

A plugin to introduce interactive symbols into your debugger from your decompiler
BSD 2-Clause "Simplified" License
621 stars 39 forks source link

#54 add elf info method #90

Closed unknown321 closed 8 months ago

unknown321 commented 9 months ago

This method provides info required to build ELF file accepted by gdb:

It also provides:

mahaloz commented 9 months ago

Hi @unknown321, I like the code you've added here, but I don't see it used on the client side. What exactly is the purpose of adding this api endpoint?

unknown321 commented 9 months ago

When https://github.com/lief-project/LIEF/issues/213 is resolved, this endpoint could be used by client to build ELF without gcc.

Right now it is used by my client - https://github.com/unknown321/decompelf.

mahaloz commented 8 months ago

Since it doesn't cause any harm, I'm for merging it. Ideally, if you learn anything about better caching in your project, I'd appreciate the backport here since you'll be the main user of this API :).

unknown321 commented 8 months ago

Ideally, if you learn anything about better caching in your project, I'd appreciate the backport here since you'll be the main user of this API :).

There is no need to cache on client side at all; Ghidra has all tools to build ELF by itself (most likely with DWARF).

Possible implementation:

  1. Create minimal ELF in Ghidra from .text, symtab, strtab, shstrtab sections, cache this object
  2. Update sections on any ghidra changes (can plugin watch for specific changes?)
  3. Return binary representation on /get_elf endpoint.
  4. Return changes status on /changed endpoint. If there were no changes, no need to download the binary.

In fact, you can just slap new symbols into original binary without having to recreate elf from scratch.

This solves following problems:

Not sure about DWARF, but as far as I can see, Ghidra has some utility to work with it.

However, this api will be unique to Ghidra only - no idea if other decompilers can produce binary with built-in tools (angr, binja, ida).

mahaloz commented 8 months ago

@unknown321 I'm not sure what your full use-case is, but maybe you would be interested in a tool more like this: https://github.com/cesena/ghidra2dwarf

It uses the Ghidra API to actually construct a DWARF (though it relies on libdwarf to do the actual building). In general, I've stayed closer to the client machine constructing the ELF because the client may be running on a different arch than the decompiler. That is nearly always true for me at least: I debug on an x86 machine, but my host is arm.