Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How does a debug build make reverse engineering easy?

Tags:

c++

debugging

reverse-engineering

Some answer here stated that debug info would make it easier to reverse engineer the software. When I use Visual C++ and distribute an executable with debugging information but without other files (.pdb), will it contain any interesting things?

I looked to the executable with a hex editor and found nothing like symbol names, for now I assume the .exe file just links to information in the .pdb files, right?

Do you know whether it contains

  • variable names?
  • function/member names?
  • line numbers?
  • anything interesting?
like image 646
danny Avatar asked Dec 07 '10 09:12

danny

People also ask

What is debugging in reverse engineering?

The debugger is the ultimate replacement of the console. log. The problem with console log is it provides only a static view into the code, forcing you to hardcode some arbitrary piece of code for everything you want to see, going back and forth and making changes to your source code to test various things.

What are techniques for reverse engineering?

The reverse-engineering process involves measuring an object and then reconstructing it as a 3D model. The physical object can be measured using 3D scanning technologies like CMMs, laser scanners, structured light digitizers, or industrial CT scanning (computed tomography).

What is a common reason to do reverse engineering?

The purpose of reverse-engineering is to find out how an object or system works. There are a variety of reasons to do this. Reverse-engineering can be used to learn how something works and to recreate the object or to create a similar object with added enhancements.

1 Answers

Debug builds tend to generate output that can easily be correlated with high-level language constructs. You can identify variables, tests, loops, etc., just by looking at the machine code. You won't get names of variables, but that's usually among the least important considerations when reverse-engineering.

Optimised code, OTOH, rearranges instructions, unfolds loops, reuses slots for multiple variables, shares blocks of code between functions, inlines small functions and so on, making it quite a bit more difficult to discern the original intent. It also makes it more difficult to debug, even if you own the code, since the current line marker is often very misleading, and variables tend to disappear or show random crap.

None of this makes reverse-engineering impossible, though. It's just more work to tease out the meaning.

like image 158
Marcelo Cantos Avatar answered Oct 16 '22 09:10

Marcelo Cantos
Sign in to Comment

Related questions

Saving passwords inside an application
How to write directly to linux framebuffer?
Declare but not define inner struct/class - legal C++ or not?
__LP64__ on OS X --> Snow Leopard Equivalent?
Java generics and JNI
Complement to valgrind?
Boost.Bind to access std::map elements in std::for_each
one question about default value in C++
Better cout a.k.a coutn;
_dl_runtime_resolve -- When do the shared objects get loaded in to memory?
Override or remove an inherited constructor
What does "BUS_ADRALN - Invalid address alignment" error means?
Memory structure of a function-only object?
No copy constructor available or copy constructor is declared 'explicit'
How to copy binary data from one stream to another?
Split on substring
Slow face detection on OpenCV?
Compound literals in MSVC
Overhead of DLL
C++ How to have "NOT" (!) in Predicate?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!