Difference between revisions of "Gdb"
From Linuxintro
imported>ThorstenStaerk |
imported>ThorstenStaerk |
||
| Line 11: | Line 11: | ||
== How to debug vlc == | == How to debug vlc == | ||
| − | + | [[vlc]] always exits when I call it as root. Here is how I change this behavior: | |
gdb /usr/bin/vlc | gdb /usr/bin/vlc | ||
(gdb) info functions | (gdb) info functions | ||
| Line 20: | Line 20: | ||
0x0000000000400f40 geteuid | 0x0000000000400f40 geteuid | ||
[...] | [...] | ||
| + | Let's break in the function to get the effective user identity: | ||
(gdb) break geteuid | (gdb) break geteuid | ||
Breakpoint 1 at 0x400f40 | Breakpoint 1 at 0x400f40 | ||
| + | Let's start the program to run till the first breakpoint: | ||
(gdb) run | (gdb) run | ||
Starting program: /usr/bin/vlc | Starting program: /usr/bin/vlc | ||
| Line 36: | Line 38: | ||
0x0000000000401105 in ?? () | 0x0000000000401105 in ?? () | ||
(gdb) | (gdb) | ||
| − | + | Ok, let's look at this program part with a disassembler: | |
| + | objdump -d -M intel /usr/bin/vlc | ||
[...] | [...] | ||
| − | + | 4010f9: e8 32 0a 00 00 call 401b30 <unsetenv> | |
| − | + | 4010fe: e8 3d fe ff ff call 400f40 <geteuid@plt> | |
| − | + | 401103: 85 c0 test eax,eax | |
| − | + | 401105: 0f 84 04 06 00 00 je 40170f <fflush@plt+0x66f> | |
| + | 40110b: be ca 1f 40 00 mov esi,0x401fca | ||
| + | 401110: bf 06 00 00 00 mov edi,0x6 | ||
| + | [...] | ||
| + | Wow, it seems as if 4010fe calls geteuid, 401103 prepares a conditional jump and 401105 jumps if equal somewhere. So we call a hexeditor: | ||
| + | /opt/kde3/bin/khexedit /usr/bin/vlc | ||
| + | and replace | ||
| + | 0f 84 04 06 00 00 | ||
| + | by some instructions to wait: | ||
| + | 90 90 90 90 90 90 | ||
| + | When calling vlc now as root, it does not abort :) | ||
= See also = | = See also = | ||
Revision as of 17:18, 26 November 2011
gdb allows you to debug Linux programs.
Notable functions
info functions finish break run continue
Example
How to debug vlc
vlc always exits when I call it as root. Here is how I change this behavior:
gdb /usr/bin/vlc (gdb) info functions All defined functions: Non-debugging symbols: [...] 0x0000000000400f40 geteuid [...]
Let's break in the function to get the effective user identity:
(gdb) break geteuid Breakpoint 1 at 0x400f40
Let's start the program to run till the first breakpoint:
(gdb) run Starting program: /usr/bin/vlc Breakpoint 1, 0x00007ffff71cfc70 in geteuid () from /lib64/libc.so.6
ok, let's trace the program one command at a time:
(gdb) stepi 0x00007ffff71cfc75 in geteuid () from /lib64/libc.so.6 (gdb) stepi 0x00007ffff71cfc77 in geteuid () from /lib64/libc.so.6 (gdb) 0x0000000000401103 in ?? () (gdb) 0x0000000000401105 in ?? () (gdb)
Ok, let's look at this program part with a disassembler:
objdump -d -M intel /usr/bin/vlc [...] 4010f9: e8 32 0a 00 00 call 401b30 <unsetenv> 4010fe: e8 3d fe ff ff call 400f40 <geteuid@plt> 401103: 85 c0 test eax,eax 401105: 0f 84 04 06 00 00 je 40170f <fflush@plt+0x66f> 40110b: be ca 1f 40 00 mov esi,0x401fca 401110: bf 06 00 00 00 mov edi,0x6 [...]
Wow, it seems as if 4010fe calls geteuid, 401103 prepares a conditional jump and 401105 jumps if equal somewhere. So we call a hexeditor:
/opt/kde3/bin/khexedit /usr/bin/vlc
and replace
0f 84 04 06 00 00
by some instructions to wait:
90 90 90 90 90 90
When calling vlc now as root, it does not abort :)
See also
- objdump -- disassemble a program
- strace -- show syscalls from a running process
- hexeditors
