Remote Debugging

Remote Debugging

GDB Server

Enable

 1from qiling import Qiling
 2from qiling.const import QL_VERBOSE
 3
 4ql = Qiling(["examples/rootfs/x8664_linux/bin/x8664_hello_static"], "examples/rootfs/x8664_linux", verbose=QL_VERBOSE.OFF)
 5
 6ql.debugger = True                      # listens on localhost:9999
 7ql.debugger = ":9999"                   # listens on 0.0.0.0:9999
 8ql.debugger = "127.0.0.1:9999"         # listens on 127.0.0.1:9999
 9ql.debugger = "gdb:127.0.0.1:9999"     # explicit GDB server
10ql.debugger = "idapro:127.0.0.1:9999"  # IDA Pro remote debug server
11
12ql.run()

Default: localhost:9999. Emulation pauses at entry point.

Connect with GDB

 1(gdb) set architecture i386:x86-64
 2(gdb) target remote localhost:9999
 3(gdb) disas 0x4014e0,0x4014ff
 4(gdb) ni          # next instruction (step over)
 5(gdb) si          # step instruction (step into)
 6(gdb) break *0x401645
 7(gdb) c           # continue
 8(gdb) del 1       # delete breakpoint 1
 9(gdb) i r         # info registers
10(gdb) x/10xg 0x401645  # examine memory

If GDB times out with vMustReplyEmpty:

1(gdb) set remotetimeout 100

Connect with IDA Pro

Tested with IDA Pro 7.4. Configure remote GDB debugger with host 127.0.0.1 and port 9999.

Qdb (Built-in Debugger)

Qdb is a command-line debugger supporting ARM and MIPS (thumb mode). Based on Qdb.

Enable

 1from qiling import Qiling
 2from qiling.const import QL_VERBOSE
 3
 4ql = Qiling([r'rootfs/arm_linux/bin/arm_hello'], r'rootfs/arm_linux', verbose=QL_VERBOSE.DEBUG)
 5
 6ql.debugger = "qdb"            # basic qdb
 7ql.debugger = "qdb::rr"        # enable record-and-replay
 8ql.debugger = "qdb:0x1030c"    # enable qdb + breakpoint at 0x1030c
 9
10ql.run()

Commands

CommandAliasDescription
stepsExecute one instruction
continuecContinue execution
breakpoint <addr>bSet breakpoint at address
examine <addr>xRead memory at address
backwardpStep backward (requires rr=True and prior step-over)