Difference between revisions of "Gdb"

From Linuxintro
imported>ThorstenStaerk
imported>ThorstenStaerk
 
(15 intermediate revisions by the same user not shown)
Line 1: Line 1:
gdb allows you to debug Linux programs.
+
gdb is a [[command]] that allows you to debug Linux [[programs]].
  
 
= Notable functions =
 
= Notable functions =
 
  info functions
 
  info functions
 +
disassemble
 +
finish
 +
break
 +
run
 +
continue
  
 
= Example =
 
= Example =
  
== How to debug vlc ==
+
== Allow starting vlc as root ==
Here I try to find out where vlc exits because I am root:
+
Main article: [[run vlc as root]].
  gdb /usr/bin/vlc
+
 
 +
[[vlc]] always exits when I call it as root. Here is how I change this behavior:
 +
  [[gdb]] /usr/bin/vlc
 
  (gdb) info functions
 
  (gdb) info functions
 
  All defined functions:
 
  All defined functions:
Line 16: Line 23:
 
  0x0000000000400f40  geteuid
 
  0x0000000000400f40  geteuid
 
  [...]
 
  [...]
 +
Let's break in the function to get the effective user identity:
 
  (gdb) break geteuid
 
  (gdb) break geteuid
 
  Breakpoint 1 at 0x400f40
 
  Breakpoint 1 at 0x400f40
 +
Let's start the program to run till the first breakpoint:
 
  (gdb) run
 
  (gdb) run
 
  Starting program: /usr/bin/vlc  
 
  Starting program: /usr/bin/vlc  
Line 32: Line 41:
 
  0x0000000000401105 in ?? ()
 
  0x0000000000401105 in ?? ()
 
  (gdb)  
 
  (gdb)  
  0x000000000040170f in ?? ()
+
Ok, let's look at this program part with a disassembler:
 +
  [[objdump]] -d -M intel /usr/bin/vlc
 
  [...]
 
  [...]
  (gdb) break *0x40170e
+
  4010f9:      e8 32 0a 00 00          call  401b30 <unsetenv>
Breakpoint 3 at 0x40170e
+
  4010fe:      e8 3d fe ff ff          call  400f40 <geteuid@plt>
(gdb) continue
+
  401103:      85 c0                  test  eax,eax
 +
  401105:      0f 84 04 06 00 00      je    40170f <fflush@plt+0x66f>
 +
  40110b:      be ca 1f 40 00          mov    esi,0x401fca
 +
  401110:      bf 06 00 00 00          mov    edi,0x6
 +
  [...]
 +
Wow, it seems as if 4010fe calls geteuid, 401103 prepares a conditional jump and 401105 jumps if equal somewhere. So we call a [[hexeditor]]:
 +
okteta /usr/bin/vlc
 +
and replace
 +
0f 84 04 06 00 00
 +
by some instructions to wait:
 +
90 90 90 90 90 90
 +
When calling vlc now as root, it does not abort :)
 +
 
 +
Also, once the following worked:
 +
sed -<abbr title="in-place edit in the file">i</abbr><abbr title="extended regular expressions">r</abbr> "s/\x0f\x84..../\x90\x90\x90\x90\x90\x90/g" vlc
 +
 
 +
== debugging hello world ==
 +
<pre>
 +
thorsten@ubuntu:~$ cat hello.c
 +
#include <stdio.h>
 +
int main()
 +
{
 +
  printf("hello world");
 +
}
 +
thorsten@ubuntu:~$ gcc hello.c
 +
thorsten@ubuntu:~$ # 0x1160 has the call to printf
 +
thorsten@ubuntu:~$ gdb a.out
 +
GNU gdb (Ubuntu 8.3-0ubuntu1) 8.3
 +
Copyright (C) 2019 Free Software Foundation, Inc.
 +
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
 +
This is free software: you are free to change and redistribute it.
 +
There is NO WARRANTY, to the extent permitted by law.
 +
Type "show copying" and "show warranty" for details.
 +
This GDB was configured as "x86_64-linux-gnu".
 +
Type "show configuration" for configuration details.
 +
For bug reporting instructions, please see:
 +
<http://www.gnu.org/software/gdb/bugs/>.
 +
Find the GDB manual and other documentation resources online at:
 +
    <http://www.gnu.org/software/gdb/documentation/>.
  
 +
For help, type "help".
 +
Type "apropos word" to search for commands related to "word"...
 +
Reading symbols from a.out...
 +
(No debugging symbols found in a.out)
 +
(gdb) break main
 +
Breakpoint 1 at 0x1149
 +
(gdb) break 0x1160
 +
Function "0x1160" not defined.
 +
Make breakpoint pending on future shared library load? (y or [n])
 +
(gdb) run
 +
Starting program: /home/thorsten/a.out
 +
 +
Breakpoint 1, 0x0000555555555149 in main ()
 +
</pre>
 +
Now let's print register eax
 +
<pre>
 +
(gdb) display $eax
 +
1: $eax = 1431654729
 +
(gdb) continue
 +
Continuing.
 +
hello world[Inferior 1 (process 7954) exited normally]
 +
(gdb)
 +
</pre>
  
 
= See also =
 
= See also =
 
* [[objdump]] -- disassemble a program
 
* [[objdump]] -- disassemble a program
 
* [[strace]] -- show syscalls from a running process
 
* [[strace]] -- show syscalls from a running process
 +
* [[hexeditors]]
 +
* http://try-linux.blogspot.de/2013/02/run-vlc-as-root.html
 +
 +
[[Category:Geeky]]
 +
[[Category:Command]]

Latest revision as of 12:33, 19 January 2020

gdb is a command that allows you to debug Linux programs.

Notable functions

info functions
disassemble
finish
break
run 
continue

Example

Allow starting vlc as root

Main article: run vlc as root.

vlc always exits when I call it as root. Here is how I change this behavior:

gdb /usr/bin/vlc
(gdb) info functions
All defined functions:

Non-debugging symbols:
[...]
0x0000000000400f40  geteuid
[...]

Let's break in the function to get the effective user identity:

(gdb) break geteuid
Breakpoint 1 at 0x400f40

Let's start the program to run till the first breakpoint:

(gdb) run
Starting program: /usr/bin/vlc 

Breakpoint 1, 0x00007ffff71cfc70 in geteuid () from /lib64/libc.so.6

ok, let's trace the program one command at a time:

(gdb) stepi
0x00007ffff71cfc75 in geteuid () from /lib64/libc.so.6
(gdb) stepi
0x00007ffff71cfc77 in geteuid () from /lib64/libc.so.6
(gdb) 
0x0000000000401103 in ?? ()
(gdb) 
0x0000000000401105 in ?? ()
(gdb) 

Ok, let's look at this program part with a disassembler:

objdump -d -M intel /usr/bin/vlc
[...]
 4010f9:       e8 32 0a 00 00          call   401b30 <unsetenv>
 4010fe:       e8 3d fe ff ff          call   400f40 <geteuid@plt>
 401103:       85 c0                   test   eax,eax
 401105:       0f 84 04 06 00 00       je     40170f <fflush@plt+0x66f>
 40110b:       be ca 1f 40 00          mov    esi,0x401fca
 401110:       bf 06 00 00 00          mov    edi,0x6
[...]

Wow, it seems as if 4010fe calls geteuid, 401103 prepares a conditional jump and 401105 jumps if equal somewhere. So we call a hexeditor:

okteta /usr/bin/vlc

and replace

0f 84 04 06 00 00

by some instructions to wait:

90 90 90 90 90 90

When calling vlc now as root, it does not abort :)

Also, once the following worked:

sed -ir "s/\x0f\x84..../\x90\x90\x90\x90\x90\x90/g" vlc

debugging hello world

thorsten@ubuntu:~$ cat hello.c
#include <stdio.h>
int main()
{
  printf("hello world");
}
thorsten@ubuntu:~$ gcc hello.c
thorsten@ubuntu:~$ # 0x1160 has the call to printf
thorsten@ubuntu:~$ gdb a.out 
GNU gdb (Ubuntu 8.3-0ubuntu1) 8.3
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from a.out...
(No debugging symbols found in a.out)
(gdb) break main
Breakpoint 1 at 0x1149
(gdb) break 0x1160
Function "0x1160" not defined.
Make breakpoint pending on future shared library load? (y or [n]) 
(gdb) run
Starting program: /home/thorsten/a.out 

Breakpoint 1, 0x0000555555555149 in main ()

Now let's print register eax

(gdb) display $eax
1: $eax = 1431654729
(gdb) continue
Continuing.
hello world[Inferior 1 (process 7954) exited normally]
(gdb) 

See also