gdb is a command that allows you to debug Linux programs.

Notable functions

info functions


Allow starting vlc as root

Main article: run vlc as root.

vlc always exits when I call it as root. Here is how I change this behavior:

gdb /usr/bin/vlc
(gdb) info functions
All defined functions:

Non-debugging symbols:
0x0000000000400f40  geteuid

Let's break in the function to get the effective user identity:

(gdb) break geteuid
Breakpoint 1 at 0x400f40

Let's start the program to run till the first breakpoint:

(gdb) run
Starting program: /usr/bin/vlc 

Breakpoint 1, 0x00007ffff71cfc70 in geteuid () from /lib64/

ok, let's trace the program one command at a time:

(gdb) stepi
0x00007ffff71cfc75 in geteuid () from /lib64/
(gdb) stepi
0x00007ffff71cfc77 in geteuid () from /lib64/
0x0000000000401103 in ?? ()
0x0000000000401105 in ?? ()

Ok, let's look at this program part with a disassembler:

objdump -d -M intel /usr/bin/vlc
 4010f9:       e8 32 0a 00 00          call   401b30 <unsetenv>
 4010fe:       e8 3d fe ff ff          call   400f40 <geteuid@plt>
 401103:       85 c0                   test   eax,eax
 401105:       0f 84 04 06 00 00       je     40170f <fflush@plt+0x66f>
 40110b:       be ca 1f 40 00          mov    esi,0x401fca
 401110:       bf 06 00 00 00          mov    edi,0x6

Wow, it seems as if 4010fe calls geteuid, 401103 prepares a conditional jump and 401105 jumps if equal somewhere. So we call a hexeditor:

okteta /usr/bin/vlc

and replace

0f 84 04 06 00 00

by some instructions to wait:

90 90 90 90 90 90

When calling vlc now as root, it does not abort :)

Also, once the following worked:

sed -ir "s/\x0f\x84..../\x90\x90\x90\x90\x90\x90/g" vlc

debugging hello world

thorsten@ubuntu:~$ cat hello.c
#include <stdio.h>
int main()
  printf("hello world");
thorsten@ubuntu:~$ gcc hello.c
thorsten@ubuntu:~$ # 0x1160 has the call to printf
thorsten@ubuntu:~$ gdb a.out 
Reading symbols from a.out...
(No debugging symbols found in a.out)
(gdb) break main
Breakpoint 1 at 0x1149
(gdb) break 0x1160
Function "0x1160" not defined.
Make breakpoint pending on future shared library load? (y or [n]) 
(gdb) run
Starting program: /home/thorsten/a.out 

Breakpoint 1, 0x0000555555555149 in main ()

Now let's print register eax

(gdb) display $eax
1: $eax = 1431654729
(gdb) continue
hello world[Inferior 1 (process 7954) exited normally]

