radare2
radare2 copied to clipboard
debug an executable with dive into its libraries
I have an executable ELF file e.g. aaa
. This executable file uses its library e.g. ../bin/libaaa.so
. When I debug r2 -d aaa
I see some call functions from the library libaaa.so
e.g. sym.imp.AAAfunc1
at 0x44651.
When I reach that call, I can only step over it. How can I deep dive into libaaa.so
file to debug that function contents?
Do you plan to get function body? it is not possible. you need to open the .so itself.
oh sorry.I was just testing and no. I misundertood your question. You misuse r2.
pd 1 mov rax, qword [sym.imp.KERNEL32.dll_IsDebuggerPresent]
could you try same command with aaaaa
then let's try to read the .got. you should read library call. then read access to got.