Difference between revisions of "Gdb"

From Linuxintro
imported>ThorstenStaerk
m
imported>ThorstenStaerk
 
(One intermediate revision by the same user not shown)
Line 3: Line 3:
 
= Notable functions =
 
= Notable functions =
 
  info functions
 
  info functions
 +
disassemble
 
  finish
 
  finish
 
  break
 
  break
Line 60: Line 61:
 
Also, once the following worked:
 
Also, once the following worked:
 
  sed -<abbr title="in-place edit in the file">i</abbr><abbr title="extended regular expressions">r</abbr> "s/\x0f\x84..../\x90\x90\x90\x90\x90\x90/g" vlc
 
  sed -<abbr title="in-place edit in the file">i</abbr><abbr title="extended regular expressions">r</abbr> "s/\x0f\x84..../\x90\x90\x90\x90\x90\x90/g" vlc
 +
 +
== debugging hello world ==
 +
<pre>
 +
thorsten@ubuntu:~$ cat hello.c
 +
#include <stdio.h>
 +
int main()
 +
{
 +
  printf("hello world");
 +
}
 +
thorsten@ubuntu:~$ gcc hello.c
 +
thorsten@ubuntu:~$ # 0x1160 has the call to printf
 +
thorsten@ubuntu:~$ gdb a.out
 +
GNU gdb (Ubuntu 8.3-0ubuntu1) 8.3
 +
Copyright (C) 2019 Free Software Foundation, Inc.
 +
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
 +
This is free software: you are free to change and redistribute it.
 +
There is NO WARRANTY, to the extent permitted by law.
 +
Type "show copying" and "show warranty" for details.
 +
This GDB was configured as "x86_64-linux-gnu".
 +
Type "show configuration" for configuration details.
 +
For bug reporting instructions, please see:
 +
<http://www.gnu.org/software/gdb/bugs/>.
 +
Find the GDB manual and other documentation resources online at:
 +
    <http://www.gnu.org/software/gdb/documentation/>.
 +
 +
For help, type "help".
 +
Type "apropos word" to search for commands related to "word"...
 +
Reading symbols from a.out...
 +
(No debugging symbols found in a.out)
 +
(gdb) break main
 +
Breakpoint 1 at 0x1149
 +
(gdb) break 0x1160
 +
Function "0x1160" not defined.
 +
Make breakpoint pending on future shared library load? (y or [n])
 +
(gdb) run
 +
Starting program: /home/thorsten/a.out
 +
 +
Breakpoint 1, 0x0000555555555149 in main ()
 +
</pre>
 +
Now let's print register eax
 +
<pre>
 +
(gdb) display $eax
 +
1: $eax = 1431654729
 +
(gdb) continue
 +
Continuing.
 +
hello world[Inferior 1 (process 7954) exited normally]
 +
(gdb)
 +
</pre>
  
 
= See also =
 
= See also =

Latest revision as of 12:33, 19 January 2020

gdb is a command that allows you to debug Linux programs.

Notable functions

info functions
disassemble
finish
break
run 
continue

Example

Allow starting vlc as root

Main article: run vlc as root.

vlc always exits when I call it as root. Here is how I change this behavior:

gdb /usr/bin/vlc
(gdb) info functions
All defined functions:

Non-debugging symbols:
[...]
0x0000000000400f40  geteuid
[...]

Let's break in the function to get the effective user identity:

(gdb) break geteuid
Breakpoint 1 at 0x400f40

Let's start the program to run till the first breakpoint:

(gdb) run
Starting program: /usr/bin/vlc 

Breakpoint 1, 0x00007ffff71cfc70 in geteuid () from /lib64/libc.so.6

ok, let's trace the program one command at a time:

(gdb) stepi
0x00007ffff71cfc75 in geteuid () from /lib64/libc.so.6
(gdb) stepi
0x00007ffff71cfc77 in geteuid () from /lib64/libc.so.6
(gdb) 
0x0000000000401103 in ?? ()
(gdb) 
0x0000000000401105 in ?? ()
(gdb) 

Ok, let's look at this program part with a disassembler:

objdump -d -M intel /usr/bin/vlc
[...]
 4010f9:       e8 32 0a 00 00          call   401b30 <unsetenv>
 4010fe:       e8 3d fe ff ff          call   400f40 <geteuid@plt>
 401103:       85 c0                   test   eax,eax
 401105:       0f 84 04 06 00 00       je     40170f <fflush@plt+0x66f>
 40110b:       be ca 1f 40 00          mov    esi,0x401fca
 401110:       bf 06 00 00 00          mov    edi,0x6
[...]

Wow, it seems as if 4010fe calls geteuid, 401103 prepares a conditional jump and 401105 jumps if equal somewhere. So we call a hexeditor:

okteta /usr/bin/vlc

and replace

0f 84 04 06 00 00

by some instructions to wait:

90 90 90 90 90 90

When calling vlc now as root, it does not abort :)

Also, once the following worked:

sed -ir "s/\x0f\x84..../\x90\x90\x90\x90\x90\x90/g" vlc

debugging hello world

thorsten@ubuntu:~$ cat hello.c
#include <stdio.h>
int main()
{
  printf("hello world");
}
thorsten@ubuntu:~$ gcc hello.c
thorsten@ubuntu:~$ # 0x1160 has the call to printf
thorsten@ubuntu:~$ gdb a.out 
GNU gdb (Ubuntu 8.3-0ubuntu1) 8.3
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from a.out...
(No debugging symbols found in a.out)
(gdb) break main
Breakpoint 1 at 0x1149
(gdb) break 0x1160
Function "0x1160" not defined.
Make breakpoint pending on future shared library load? (y or [n]) 
(gdb) run
Starting program: /home/thorsten/a.out 

Breakpoint 1, 0x0000555555555149 in main ()

Now let's print register eax

(gdb) display $eax
1: $eax = 1431654729
(gdb) continue
Continuing.
hello world[Inferior 1 (process 7954) exited normally]
(gdb) 

See also