I want to modify my teamspeak server (linux), I'm particulary interested in the connection with clients (UDP), so I figured I need to set a breakpoint at the linux socket function to start reversing. How can I achieve this?
Thanks!
Asked
Active
Viewed 1.9k times
11
-
For write: http://stackoverflow.com/questions/8235436/how-can-i-monitor-whats-being-put-into-the-standard-out-buffer-and-break-when-a – Ciro Santilli OurBigBook.com Jul 28 '15 at 12:52
1 Answers
13
In gdb you can set a syscall breakpoint with catch syscall.
If this is in 32-bit x86 (IA-32), check the syscall number in your_linux_source_dir/usr/include/asm/unistd_32.h. There is no syscall called socket in 32-bit x86, do you mean socketcall? Its number is 102.
If this is in x86-64 (AMD64), check the syscall number in your_linux_kernel_source_dir/usr/include/asm/unistd_64.h. The syscall called socket is 41.
Then run the executable in gdb:
$ gdb myexecutable
And set the syscall breakpoint (41 is the socket syscall number in x86-64, change to appropriate syscall number for you):
(gdb) catch syscall 41
And then run the program:
(gdb) r
Using the name of syscall (such as socket) instead of the number (eg. 41) may also work, depending on your configuration.
nrz
- 445
- 4
- 12
-
1I have no idea when this was added. But now you can use the syscall name instead of its number. So, just
catch syscall socket. – Celelibi Sep 26 '18 at 16:25