Let's perform the following steps:
- Run the following command in the Terminal session:
$ edb --help
- Press Ctrl + Shift + T to open up a new Terminal tab. Once open, type the following in the new Terminal tab:
$ edb --run ./ch05-example rot13 TheBrownFoxJumpsThroughTheForest
- Navigate to Options | Preferences and left-click on the General tab.
- Under the Close Behavior section, select the option for Detach If Debugged Application Was Attached To, Kill if Launched.
- Left-click on the Appearance tab and increase the font size from 8 to 10 next to each of the 4 font settings.
- Left-click on the Debugging tab and review the available options.
- Left-click on the Signals/Exceptions tab and review the available options.
- Left-click on the Disassembly tab and review the various options. Keep the Intel Disassembly Syntax setting as it is.
- Left-click on the Directories tab and review the settings.
- Left-click on the Plugin Options tab and then left-click on the Assembly Plugin sub-tab.
- Change Assembler Helper Application to nasm and click the Close button to exit the preferences window.
- Next, press the Run button and examine what occurs in each output section of the GUI.
- Press the Step Into button and examine the output in each section of the GUI.
- Go to Plugins | Binary Info | Explore Binary Header.
- In the new window that appears, select the first row and click the Explore Header button.
- Expand the output in the bottom section of this window to reveal the ELF header information by left-clicking the down arrow.
- When you have completed the review of the output, left-click the Close button.
- Next, click on Plugins | BinarySearcher | Binary String Search.
- In the window that appears, next to the ASCII label, type rot13 without the quotes and left-click the Find button. Close this window when you finished reviewing the output.
- Click on Plugins | BreakpointManager | Breakpoints.
- In the new window that opens, click the Add Breakpoint button.
- Type 0x0804866e without quotes into the Add Breakpoint window underneath the Address label, then left-click the OK button.
- Next, highlight the breakpoint we just created and left-click the Remove Breakpoint button, then click the Close button to exit the Breakpoint Manager window.
- Navigate to Plugins | CheckVersion | Check For Latest Version.
- Next, navigate to Plugins | FunctionFinder | Function Finder. Alternatively, press the Shift + Ctrl + F keyboard shortcut.
- Left-click on the first row in the new window. It should have the permissions of read and execute. Then, click the Find button.
- Search for the ch05-example!_start symbol in the results section of the Function Finder window, left-click to highlight that row, and click on the Graph Selected Function button.
- After reviewing the new window that appears, close it by clicking on the x button in the upper left corner of that window.
- Next, left-click and highlight the row with the ch05-example!main symbol, and click the Graph Selected Function button. Review the output and close the result window when you've finished.
- Close the Function Finder window by clicking the Close button.
- Navigate to Plugins | OpcodeSearcher | Opcode Search, or press the Ctrl + O keyboard shortcut.
- Left-click and highlight the first row in the Opcode Search window with permissions r-x, then select ANY REGISTER -> EIP from the What To Search For dropdown menu and click on the Find button.
- Examine the output in the Results: section of the Opcode Search window, then click the Close button when you've finished.
- Using the menu at the top of the EDB window, navigate to Plugins | ROPTool| ROP Tool. Alternatively, you can also use the Ctrl + Alt + R.
- Left-click and highlight the first row with the r-x permissions, make sure all the options under Gadgets to Display are selected, and click the Find button.
- Review the output in the Results: section of the ROP Gadget Search window and click the Close button when you've finished.