It is possible to use
gef in a remote debugging environment. Required files
will be automatically downloaded and cached in a temporary directory (
/tmp/gef on most
Unix systems). Remember to manually delete the cache if you change the target file or
gef will use the outdated version.
With a local copy
If you want to remotely debug a binary that you already have, you simply need to
gdb where to find the debug information.
For example, if we want to debug
uname, we do on the server:
$ gdbserver 0.0.0.0:1234 /bin/uname Process /bin/uname created; pid = 32280 Listening on port 1234
And on the client, simply run
$ gdb /bin/uname gef➤ target remote 192.168.56.1:1234 Process /bin/uname created; pid = 10851 Listening on port 1234
$ gdb gef➤ file /bin/uname gef➤ target remote 192.168.56.1:1234
Without a local copy
It is possible to use
gdb internal functions to copy our targeted binary.
Following our previous example, if we want to debug
connect to our
gdbserver. To be able to locate the right process in the
/proc structure, the command
gef-remote requires 1 argument, the target
host and port. The option
-p must be provided and indicate the process PID
on the remote host, only if the extended mode (
-E) is being used.
$ gdb gef➤ gef-remote 192.168.56.1:1234 [+] Connected to '192.168.56.1:1234' [+] Downloading remote information [+] Remote information loaded, remember to clean '/tmp/gef/10851' when your session is over
As you can observe, if it cannot find the debug information,
gef will try to
automatically download the target file and store in the local temporary
directory (on most Unix
/tmp). If successful, it will then automatically load
the debug information to
gdb and proceed with the debugging.
You can then reuse the downloaded file for your future debugging sessions, use it under IDA and such. This makes the entire remote debugging process (particularly for Android applications) a child's game.
Although GDB through QEMU-user works, QEMU only supports a limited subset of all
commands existing in the
gdbremote protocol. For example, commands such as
remote get or
remote put (to download and upload a file from remote target,
respectively) are not supported. As a consequence, the default
gef will not work either, as
gef won't be able to fetch the content of
the remote procfs.
To circumvent this and still enjoy
gef features with QEMU-user, a simple stub
can be artificially added, with the option
-q option of
that you need to set the architecture properly first:
$ qemu-arm -g 1234 ./my/arm/binary $ gdb-multiarch ./my/arm/binary gef➤ set architecture arm gef➤ gef-remote -q localhost:1234