![What is ida pro What is ida pro](/uploads/1/2/5/6/125695202/747836998.png)
What we did is simply extend the segment from 512 to 1024 (our sample MBR is 1024 bytes long) and load into IDA the rest of the MBR code from the compiled mbr.asm binary. Importing symbols into IDA When we assemble mbr.asm, a map file will also be generated. While developing the IDA Bochs plugin at Hex-Rays, we had to write a small MBR and we needed a nice and fast way to compile and debug.
Active4 years ago
I have wrote a simple registration program that requires a Name and License Key in order to get to the success message. The coded solution simply expects both fields to be case sensitive, the Name field must be
Admin
and the License Key must be TopSecret
, both fields must match in order to be a success.This of course is nothing complex and would never be used in a real world Application but as I am pretty much a beginner in assembly and reverse-engineering this should hopefully serve me well as I gain more understanding of the inner workings of how assembly works.
The ultimate goal for me is to disassemble my own registration schemes and identify how easy it could potentially be to 'outsiders' who may try and break it, and as I get better I hope to make my Applications more stronger against such attacks.
In OllyDbg, when setting a breakpoint and stepping over using F8 I can view strings from the memory stack as shown below in the bottom right of the screen:
As you can see highlighted in the green, I entered
SOME NAME
in the Name field and 123456789
in the License Key field and OllyDbg has managed to show that in what I assume is the Memory Stack.Is it possible to do this in IDA, and if so how? I have tried opening as many subviews and debugging subviews as possible and yet I cannot see a way of stepping through and watching out for strings in memory. Is there a memory stack window in IDA just like in OllyDbg?
CraigCraig
1 Answer
IDA is much more useful when you are doing static analysis. When it comes to dynamic analysis and dynamic debugging, probably IDA is not my favorite tool.
To see username/password in IDA, just press SHIFT + F12 or go to View -> Open Subviews -> Strings.
There you should see the strings.
If you want to do this in dynamic analysis, put the breakpoint in exact same location you did in Ollydbg, then look at stack view.
72DFBF5B A0DF5BE972DFBF5B A0DF5BE94,43622 gold badges1515 silver badges2222 bronze badges
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Not the answer you're looking for? Browse other questions tagged reverse-engineeringidaollydbg or ask your own question.
Active3 years, 11 months ago
I wrote a x86 assembly program for MBR section.I compile it as follows:
Then I run it in qemu:
The question is how can I debug my program at source level?
Ciro Santilli 新疆改造中心996ICU六四事件170k3636 gold badges655655 silver badges521521 bronze badges
SkyDanSkyDan
3 Answers
You should let
nasm
create the debugging symbols in an ELF file and then dump this to a flat binary to be used in the MBR. You can then instruct GDB to read the necessary symbols from the ELF file.The complete procedure would then become something like this:
For an explanation of the flags I pass to
qemu
see this answer.Community♦
JobJob14k33 gold badges4040 silver badges7272 bronze badges
Instead of using qemu, use bochs. It is completely compatible, albeit slower. It is also an emulator but if you make it from sources, using these flags and build it like this:
you can place breakpoints in your code, step through it, view GDT, IDT and everything you needed to know.
Manuel FerreriaManuel Ferreria99911 gold badge1010 silver badges2323 bronze badges
A really good (and simple) way is to use IDA with bochs, you find an excellent blog post on it here, along with some other hints/suggestions for bootloader development.
NecrolisNecrolis22.7k33 gold badges5151 silver badges9595 bronze badges