Systems Group Department of Computer Science ETH Zürich Exercise Session 6 Computer Architecture and Systems Programming Herbstsemester 2016
Agenda GDB Outlook on assignment 6
GDB The GNU Debugger 3
Debugging.. If debugging is the process of removing bugs, then programming must be the process of putting them in. Systems Programming and Computer Architecture 4
The Problem C Source 1. int foo(char *a) 2. { 3. return strlen(a); 4. } 5. 6. int main(char *a) 7. { 8. 9. char *a = NULL; 10. printf( %d, foo(a)); 11. 12. return 0; 13. } Output Segmentation fault Problem: The output does not tell you where the Segmentation fault happened 5
Solution Use a debugger to execute the program step by step In our case this will be gdb https://sourceware.org/gdb/documentation/ With help from the binutils https://sourceware.org/binutils/docs/binutils/ 6
Getting the Assembly Objdump: displays information about object files Note: The generated code not necessarily looks that good. Write a small program output binary and the assembly file with gcc Compare it with output of objdump 7
Objdump Parameters Parameter Description -d Display the assembly of the machine instructions (only those sections which are expected to contain instructions) -D Display the assembly of all sections -l Display line numbers when debugging information are present -r Print the relocation entries -S Display the source code (only if possible) -t Display the symbol table entries -x Equivalent to a f -h p r t 8
Getting String Information strings: Prints the printable character sequences > 3 chars with \0 termination. This is helpful to get the strings used in the printf command 1. printf( Result is %d, 123); 9
Strings Parameters Parameter Description -a Scan the whole file, not just initialized and loaded sections -n Change the minimum string length to be considered 10
So far so good.. The outputs give you the structure of the program, but do not reveal information about the execution Next step: run the program in gdb 11
GDB: Interactive Shell gdb behaves pretty much like the linux shell Auto completion, history of commands, Not sure about a command? See online documentation http://www.gnu.org/software/gdb/documentation/ Cheat Sheet http://atnog.av.it.pt/~jpbarraca/classes/security/buffer-overflow/gdb-refcard.pdf http://darkdust.net/files/gdb%20cheat%20sheet.pdf 1. (gdb) help [command] 12
Starting GDB with your program Start gdb with the file as an argument 1. gdb prog.out 2. (gdb) Start gdb then load the program 1. gdb 2. (gdb) file prog.out You will see that you are running gdb by the (gdb) string at the beginning of the line 13
Running Your Program To run your program just type, also for restart 1. (gdb) run No problems: The program runs like you execute it in the shell directly Problems: Additional information such as function, line, file where the crash occured 14
Breakpoints You may want to break the execution at a certain line or when a specific function is called. File-Line pair: here file.c at line 123 1. (gdb) break file.c:123 Function: here foo() 1. (gdb) break foo Address: 1. (gdb) break 0x80487dd 15
Breakpoints Just a break will set a breakpoint to the next instruction to be executed Every time when hitting a breakpoint, the program will pause and gdb prompts for a command 16
Breakpoints Go on executing till next breakpoint 1. (gdb) continue Run until program flow reaches the next source code line. If debug information are available. Stops at first instruction of line. 1. (gdb) step [n] Step one machine instruction at a time 1. (gdb) stepi [n] 17
Debug Information Compiled with the g flag and with available source code. You will see the debug information in bomb.c You do not have debug information in the phase_x() and so on. 18
Debug Information Debug Info available (source code) Systems Programming and Computer Architecture No Debug Info Here 19
Breakpoints Next line of code, but treat the called function as one instruction. (Similar to step) 1. (gdb) next [n] Execute one instruction, but do not go into call 1. (gdb) nexti [n] 20
Breakpoints Execute all code until the current function returns 1. (gdb) finish Delete a breakpoint 1. (gdb) delete <breakpoint> Show information about all declared breakpoints 1. (gdb) into breakpoints 21
Conditional Breakpoints You may want to trigger a breakpoint only if a certain condition is true 1. (gdb) break file.c:123 if variable > 456 22
Examine Program State Variables: Your variables usually contain the needed information. To print the contents of a variable type 1. (gdb) print variable address 2. (gdb) print/x variable address To treat the variable as a string 1. (gdb) x/s stringvariable address Registers: You can get the CPU register contents 1. (gdb) info registers 23
Examine Program State Pointers: You can access pointers like you would in your C program. Print the address of the pointer 1. (gdb) print ptr Print the value of a struct field 1. (gdb) print ptr->field Print all the struct content 1. (gdb) print *ptr 24
Examine Program State Watchpoints: Get informed about changes to a variable This is like setting a breakpoint on the assignment operator for a certain variable 1. (gdb) watch variable You will get the old and new values 25
Some other useful commands Print a stack trace of the entire execution, when a segmentation fault happened 1. (gdb) backtrace Print a stack trace at current position i.e. how got I to this breakpoint 1. (gdb) where 26
GDB UI Activate nice TUI layout 1. (gdb) layout asm 2. (gdb) layout off Or, get gdb-dashboard from github Many others available (ddd, )
Patch your binary To avoid the reporting of explosions, you might want to edit your binary. Use a hex editor. > apt-get install ghex > ghex simple_bomb
Assignment 06 Bomblab 29
Welcome Mr. Powers Here is your bomb (executable binary): 1. # svn/assignment6/bomb I am friendly enough to give you the bomb s main function, but it won t help much 1. # svn/assignment6/bomb.c 30
Some hints Write your key file to avoid typing in the known keys and supply it via an argument 1. #./bomb psol.txt If you just figured out less keys that phases, just provide nothing and the program will switch to stdin i.e. you can type. 31
Advice Do not go into the C library functions such as printf() malloc() and friends This saves you time. 32
Strategy 33
Strategy Make a plan of your strategy i.e. get an overview of the program Think of when to set breakpoints (functions, lines, ) or when to set watchpoints (variables). In any case: You do not want to have the bomb exploded 34
<SVN commit> It is always a good way to add comments to your submissions: Argument: -m This is the comment You can leave out the m flag and you get prompted by a text editor where you can add more lines. 35
Submission This is a server graded exercise. Follow the instructions of the assignment sheet! Make sure your path / filenames are exactly as stated 36
37