Difference between revisions of "Gdb"
From Linuxintro
imported>ThorstenStaerk m |
imported>ThorstenStaerk |
||
(One intermediate revision by the same user not shown) | |||
Line 3: | Line 3: | ||
= Notable functions = | = Notable functions = | ||
info functions | info functions | ||
+ | disassemble | ||
finish | finish | ||
break | break | ||
Line 60: | Line 61: | ||
Also, once the following worked: | Also, once the following worked: | ||
sed -<abbr title="in-place edit in the file">i</abbr><abbr title="extended regular expressions">r</abbr> "s/\x0f\x84..../\x90\x90\x90\x90\x90\x90/g" vlc | sed -<abbr title="in-place edit in the file">i</abbr><abbr title="extended regular expressions">r</abbr> "s/\x0f\x84..../\x90\x90\x90\x90\x90\x90/g" vlc | ||
+ | |||
+ | == debugging hello world == | ||
+ | <pre> | ||
+ | thorsten@ubuntu:~$ cat hello.c | ||
+ | #include <stdio.h> | ||
+ | int main() | ||
+ | { | ||
+ | printf("hello world"); | ||
+ | } | ||
+ | thorsten@ubuntu:~$ gcc hello.c | ||
+ | thorsten@ubuntu:~$ # 0x1160 has the call to printf | ||
+ | thorsten@ubuntu:~$ gdb a.out | ||
+ | GNU gdb (Ubuntu 8.3-0ubuntu1) 8.3 | ||
+ | Copyright (C) 2019 Free Software Foundation, Inc. | ||
+ | License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> | ||
+ | This is free software: you are free to change and redistribute it. | ||
+ | There is NO WARRANTY, to the extent permitted by law. | ||
+ | Type "show copying" and "show warranty" for details. | ||
+ | This GDB was configured as "x86_64-linux-gnu". | ||
+ | Type "show configuration" for configuration details. | ||
+ | For bug reporting instructions, please see: | ||
+ | <http://www.gnu.org/software/gdb/bugs/>. | ||
+ | Find the GDB manual and other documentation resources online at: | ||
+ | <http://www.gnu.org/software/gdb/documentation/>. | ||
+ | |||
+ | For help, type "help". | ||
+ | Type "apropos word" to search for commands related to "word"... | ||
+ | Reading symbols from a.out... | ||
+ | (No debugging symbols found in a.out) | ||
+ | (gdb) break main | ||
+ | Breakpoint 1 at 0x1149 | ||
+ | (gdb) break 0x1160 | ||
+ | Function "0x1160" not defined. | ||
+ | Make breakpoint pending on future shared library load? (y or [n]) | ||
+ | (gdb) run | ||
+ | Starting program: /home/thorsten/a.out | ||
+ | |||
+ | Breakpoint 1, 0x0000555555555149 in main () | ||
+ | </pre> | ||
+ | Now let's print register eax | ||
+ | <pre> | ||
+ | (gdb) display $eax | ||
+ | 1: $eax = 1431654729 | ||
+ | (gdb) continue | ||
+ | Continuing. | ||
+ | hello world[Inferior 1 (process 7954) exited normally] | ||
+ | (gdb) | ||
+ | </pre> | ||
= See also = | = See also = |
Latest revision as of 12:33, 19 January 2020
gdb is a command that allows you to debug Linux programs.
Contents
Notable functions
info functions disassemble finish break run continue
Example
Allow starting vlc as root
Main article: run vlc as root.
vlc always exits when I call it as root. Here is how I change this behavior:
gdb /usr/bin/vlc (gdb) info functions All defined functions: Non-debugging symbols: [...] 0x0000000000400f40 geteuid [...]
Let's break in the function to get the effective user identity:
(gdb) break geteuid Breakpoint 1 at 0x400f40
Let's start the program to run till the first breakpoint:
(gdb) run Starting program: /usr/bin/vlc Breakpoint 1, 0x00007ffff71cfc70 in geteuid () from /lib64/libc.so.6
ok, let's trace the program one command at a time:
(gdb) stepi 0x00007ffff71cfc75 in geteuid () from /lib64/libc.so.6 (gdb) stepi 0x00007ffff71cfc77 in geteuid () from /lib64/libc.so.6 (gdb) 0x0000000000401103 in ?? () (gdb) 0x0000000000401105 in ?? () (gdb)
Ok, let's look at this program part with a disassembler:
objdump -d -M intel /usr/bin/vlc [...] 4010f9: e8 32 0a 00 00 call 401b30 <unsetenv> 4010fe: e8 3d fe ff ff call 400f40 <geteuid@plt> 401103: 85 c0 test eax,eax 401105: 0f 84 04 06 00 00 je 40170f <fflush@plt+0x66f> 40110b: be ca 1f 40 00 mov esi,0x401fca 401110: bf 06 00 00 00 mov edi,0x6 [...]
Wow, it seems as if 4010fe calls geteuid, 401103 prepares a conditional jump and 401105 jumps if equal somewhere. So we call a hexeditor:
okteta /usr/bin/vlc
and replace
0f 84 04 06 00 00
by some instructions to wait:
90 90 90 90 90 90
When calling vlc now as root, it does not abort :)
Also, once the following worked:
sed -ir "s/\x0f\x84..../\x90\x90\x90\x90\x90\x90/g" vlc
debugging hello world
thorsten@ubuntu:~$ cat hello.c #include <stdio.h> int main() { printf("hello world"); } thorsten@ubuntu:~$ gcc hello.c thorsten@ubuntu:~$ # 0x1160 has the call to printf thorsten@ubuntu:~$ gdb a.out GNU gdb (Ubuntu 8.3-0ubuntu1) 8.3 Copyright (C) 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from a.out... (No debugging symbols found in a.out) (gdb) break main Breakpoint 1 at 0x1149 (gdb) break 0x1160 Function "0x1160" not defined. Make breakpoint pending on future shared library load? (y or [n]) (gdb) run Starting program: /home/thorsten/a.out Breakpoint 1, 0x0000555555555149 in main ()
Now let's print register eax
(gdb) display $eax 1: $eax = 1431654729 (gdb) continue Continuing. hello world[Inferior 1 (process 7954) exited normally] (gdb)
See also
- objdump -- disassemble a program
- strace -- show syscalls from a running process
- hexeditors
- http://try-linux.blogspot.de/2013/02/run-vlc-as-root.html