The usual approach to understanding the behavior of an executable program is to attach it to a debugger and to set break points at various locations to interpret the code flow of the software under test. A debugger, as the name suggests, is a software utility or a computer program that can be used by programmers to debug their programs or software. It also lets programmers see the assembly of the code that is being executed. A debugger is capable of displaying the exact stack on which the code is executed. A debugger is capable of displaying the assembly level equivalent of the high-level programming language code written. Thus, a debugger shows the execution flow of the program in terms of execution stack for function calls, registers, and their addresses/values for program variables, and so on.

Let's take a look at the debuggers that we are going to cover in this chapter:

• The Evans Linux debugger: This is a native Linux debugger, and we don't need wine to run it; it comes in a tar.gz file. Download the source code, extract it, and copy it to your computer. The installation steps required are shown here:

$ sudo apt-get install cmake build-essential libboost-dev libqt5xmlpatterns5-dev qtbase5-dev qt5-default libqt5svg5-dev libgraphviz-dev libcapstone-dev
$ git clone --recursive https://github.com/eteran/edb-debugger.git
$ cd edb-debugger
$ mkdir build
$ cd build
$ cmake ..
$ make
$ ./edb

Either add this to the environment variable path or go to the installation directory and run ./edb to launch the debugger. This will give us the following interface:

Let's open the edb exe/linux file:

• GDB/GNU debugger: This is a very old debugger and is commonly found by default in Ubuntu. It is a nice debugger but doesn't have many features. To run it, simply type gdb and its prompt will open. It is, by default, a CLI tool:

• Another good tool is idea-pro, but this is a commercial tool and is not free.