CS356: Discussion #5 Debugging with GDB. Marco Paolieri

Similar documents
18-600: Recitation #3

Recitation: Bomb Lab. September 17 th 2018

Exercise Session 6 Computer Architecture and Systems Programming

CSE 351 Midterm - Winter 2015

CSE 351 Midterm - Winter 2015 Solutions

CSE 351. GDB Introduction

CSCI0330 Intro Computer Systems Doeppner. Lab 02 - Tools Lab. Due: Sunday, September 23, 2018 at 6:00 PM. 1 Introduction 0.

Jackson State University Department of Computer Science CSC / Advanced Information Security Spring 2013 Lab Project # 5

CSE 351 Section 4 GDB and x86-64 Assembly Hi there! Welcome back to section, we re happy that you re here

CS / ECE , Spring 2010 Exam 1

Princeton University COS 217: Introduction to Programming Systems GDB Tutorial and Reference for x86-64 Assembly Language

Binghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11

CSE 361 Fall 2017 Lab Assignment L2: Defusing a Binary Bomb Assigned: Wednesday Sept. 20 Due: Wednesday Oct. 04 at 11:59 pm

CSCI 356 Fall 2017 : Practice Exam I DO NOT OPEN EXAM PACKET UNTIL INSTRUCTED TO DO SO YOU MAY FILL IN INFORMATION ON THE FRONT NOW

int32_t Buffer[BUFFSZ] = {-1, -1, -1, 1, -1, 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, -1, -1, -1, -1, -1}; int32_t* A = &Buffer[5];

15-213/18-213, Fall 2011 Exam 1

CS201 Lecture 2 GDB, The C Library

CS 270 Systems Programming. Debugging Tools. CS 270: Systems Programming. Instructor: Raphael Finkel

A short session with gdb verifies a few facts; the student has made notes of some observations:

1 Number Representation(10 points)

CS356: Discussion #8 Buffer-Overflow Attacks. Marco Paolieri

1. A student is testing an implementation of a C function; when compiled with gcc, the following x86-32 assembly code is produced:

We first learn one useful option of gcc. Copy the following C source file to your

CS-220 Spring 2018 Test 2 Version Practice Apr. 23, Name:

CSE 351 Midterm - Winter 2017

Source level debugging. October 18, 2016

GDB Tutorial. A Walkthrough with Examples. CMSC Spring Last modified March 22, GDB Tutorial

CSE 374 Programming Concepts & Tools

Download the tarball for this session. It will include the following files:

Binghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11

GDB Tutorial. Young W. Lim Tue. Young W. Lim GDB Tutorial Tue 1 / 32

Review addressing modes

Lab6 GDB debugging. Conventions. Department of Computer Science and Information Engineering National Taiwan University

CSE351 Autumn 2014 Midterm Exam (29 October 2014)

Download the tarball for this session. It will include the following files:

CS356: Discussion #1 Development Environment. Marco Paolieri

CSE351 Autumn 2014 Midterm Exam (29 October 2014)

GDB QUICK REFERENCE GDB Version 4

CS5460: Operating Systems

CSE351 Autumn 2012 Midterm Exam (5 Nov 2012)

ECE 3210 Laboratory 1: Develop an Assembly Program

CSE 374 Programming Concepts & Tools. Brandon Myers Winter 2015 Lecture 11 gdb and Debugging (Thanks to Hal Perkins)

Recitation 4: Bomb Lab

Lab 03 - x86-64: atoi

Number Systems for Computers. Outline of Introduction. Binary, Octal and Hexadecimal numbers. Issues for Binary Representation of Numbers

CS356: Discussion #7 Buffer Overflows. Marco Paolieri

CS356: Discussion #6 Assembly Procedures and Arrays. Marco Paolieri

Project 1 Notes and Demo

CS354 gdb Tutorial Written by Chris Feilbach

Intro to Segmentation Fault Handling in Linux. By Khanh Ngo-Duy

CSE 351 Spring 2017 Midterm Exam (8 May 2017)

Constants and Expressions. Lecture 7: Assembly Language Programs. Constants and Expressions (cont.) Statements. Names. Assembly Directives

Ceng Recitation 1 - Defusing a Binary Bomb

CS 107 Lecture 0: Welcome

U Reverse Engineering

Understanding Software Vulnerabilities: C, Debugging Assembly, and Buffer Overflows

An Introduction to Komodo

Machine Level Programming: Basics

CS 161 Computer Security. Week of January 22, 2018: GDB and x86 assembly

CS 261 Fall Machine and Assembly Code. Data Movement and Arithmetic. Mike Lam, Professor

Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction

Debug for GDB Users. Action Description Debug GDB $debug <program> <args> >create <program> <args>

Compilation, Disassembly, and Profiling (in Linux)

Introduction Presentation A

Do not turn the page until 5:10.

1. Allowed you to see the value of one or more variables, or 2. Indicated where you were in the execution of a program

Buffer Overflow. An Introduction

Program Exploitation Intro

mp2 Warmup Instructions (Updated 1/25/2016 by Ron Cheung for using VMs)

CSCI 2021: x86-64 Control Flow

Program Design: Using the Debugger

It is possible to define a number using a character or multiple numbers (see instruction DB) by using a string.

Machine Programming 1: Introduction

Buffer-Overflow Attacks on the Stack

Problem Set 1: Unix Commands 1

GDB cheatsheet - page 1

CS , Fall 2007 Exam 1

Machine Level Programming: Basics

Constants and. Lecture 7: Assembly Language Programs. Expressions (cont.) Constants and. Statements. Expressions

CMSC Lecture 03. UMBC, CMSC313, Richard Chang

Do not turn the page until 5:10.

Using the GNU Debugger

Using the GNU Debugger

Buffer-Overflow Attacks on the Stack

Blossom Hands-on exercises for computer forensics and security. Buffer Overflow

Buffer overflows. Specific topics:

CPS104 Recitation: Assembly Programming

SU 2017 May 18/23 LAB 3 Bitwise operations, Program structures, Functions (pass-by-value), local vs. global variables. Debuggers

CS 11 C track: lecture 6

Systems I. Machine-Level Programming I: Introduction

Winter 2017 CS107 Midterm #2 Examination (Practice #2) Problem Points Score Grader TOTAL 30

Lab 10: Introduction to x86 Assembly

Survey. Motivation 29.5 / 40 class is required

CNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux

1. A student is testing an implementation of a C function; when compiled with gcc, the following x86-64 assembly code is produced:

Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of bounds-checking HUGE PROBLEM

Debugging. ICS312 Machine-Level and Systems Programming. Henri Casanova


administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?

CSE2421 FINAL EXAM SPRING Name KEY. Instructions: Signature

Transcription:

CS356: Discussion #5 Debugging with GDB Marco Paolieri (paolieri@usc.edu)

Schedule: Exams and Assignments Week 1: Binary Representation HW0. Week 2: Integer Operations Week 3: Floating-Point Operations Data Lab 1. Week 4: Assembly (Arithmetic Instruction) Week 5: Assembly (Debugging with GDB) Data Lab 2. Week 6: Assembly (Function Calls) Week 7: Bomb Lab.(Oct. 1), Exam I (Oct. 4), Security Vulnerabilities Week 8: Memory Organization Week 9: Caching Attack Lab. Week 10: Virtual Memory Week 11: Dynamic Memory Allocation and Linking Week 12: Processor Organization and Exam II (Nov. 8) Cache Lab. Week 13: Processor Organization Week 14: Code Optimization and Thanksgiving Week 15: Cache Coherency and Review Allocation Lab. Week 16: Study Days and Final (Dec. 6)

Project #3 Goal: to defuse a binary bomb by figuring out the correct inputs. A sequence of 6 phases: each phase asks for an input from stdin. If the correct input is provided, the program proceeds to the next phase. If the wrong input is provided, the program terminates with an explosion. Your goal is to complete all phases. You must figure out the correct inputs by disassembling the binary program that is already in your GitHub repository. Complete the assignment inside the VM (must have internet connection). No need to submit your work: the binary program pings our server. Score (see: http://bytes.usc.edu/cs356/assignments/bomblab.pdf) You gain 10 points for phases 1-4) and 15 points for phases 5-6 (total: 70). You lose 0.5 points if you cause an explosion in an unsolved phase. Your score is updated with these losses only after you complete the phase. You have 1 free explosion for phases 1-4 and 3 for phases 5-6. Completing a phase always gives you at least 40% of its points.

gdb: The GNU Debugger Goal: To help you catch bugs in the act. How? Start your program (specifying inputs). Pause it when a condition is met (breakpoints). Examine the current state (inspect). Proceed step-by-step (understand). For a fish, the archer fish is known to shoot down bugs from low hanging plants by spitting water at them. Getting started Install gdb: apt-get install gdb (already present on your VM) Include debugging information: gcc -g hello.c -o hello Run gdb on your binary program: $ gdb hello Reading symbols from hello...done. (gdb) _ Jamie Guinan https://goo.gl/vxsgbu

User Interface An interactive shell Autocomplete a command with tab Scroll history of previous commands with up / down Repeat the previous command with enter Commands can often be abbreviated with few letters (in red) Help about a command: (gdb) help <command> Open a file for debug: (gdb) file <binary file> Quit: (gdb) quit Looking at the C code Show 10 lines around beginning of a function: (gdb) list func_name Show next 10 lines: (gdb) list Set how many lines to show: (gdb) set linesize 20 A bit tedious! There is a more practical interface: gdb -tui, the terminal user interface

User Interface Reloaded: gdb -tui Scroll through source code Enter commands

A few tips Moving the focus By pressing up / down / left / right, you scroll the source sub-window To scroll the history or move along the command line, you must set the focus on the other part of the screen: C-x o (press ctrl+x, release, press o) Redrawing the screen If your program prints to stdout, it will interfere with the TUI interface In case, you can redraw the screen with C-l Changing mode You can enable/disable the TUI mode with C-x a Or, you can select a mode: (gdb) layout src Show source and commands (gdb) layout asm Show assembly and commands (gdb) layout split Show source, assembly, commands (gdb) layout regs Show registers

Layouts

Breakpoints and Control Flow Breakpoints Add at current location: (gdb) break Add at the beginning of a function: (gdb) break func_name Add at a specific line of a source file: (gdb) break hello.c:5 Add at a specific line of current file: (gdb) break 5 List all breakpoints: (gdb) info breakpoints Delete a breakpoint: (gdb) delete <breakpoint #> Disable/enable breakpoint: (gdb) disable <#> and (gdb) enable <#> Controlling the execution Run a program from start, until first breakpoint: (gdb) run <args> Advance your program execution manually Continue to the next line, executing subroutines: (gdb) next Continue to the next line, stepping into subroutines: (gdb) step Run until the next breakpoint: (gdb) continue Run until the end of the function and print return value: (gdb) finish

Inspecting Data Registers: (gdb) info registers Stack: (gdb) info stack and (gdb) info frame Memory Print 1 byte at 0x12345 as unsigned int: (gdb) x/1ub 0x12345 Print 2 words above stack pointer as hex: (gdb) x/2xw $sp Print string at memory address contained in %rdi: (gdb) x/s $rdi Variables Print an expression: (gdb) print a/b+3.0*func_name(3) In hexadecimal: (gdb) print/x var_name Display an expression after every step: (gdb) display var_name Pausing on variable or condition changes Add a watchpoint for a variable (current scope): (gdb) watch var_name Pausing at a line on given conditions Add a conditional breakpoint: (gdb) break 8 if x > y

Disassembling binary code When source code is missing... List all the strings in a binary file using: strings objfile Print the symbol table: objdump -t objfile Names of all functions and global variables in objfile Example: 0000000000400ab6 g F.text 0000000000000064 riddle_2 Meaning: a global Function in section.text with name riddle_2 Debugging with gdb (use layout asm in gdb -tui) Print the assembly of a function: (gdb) disassemble <func> Breakpoint at a given address: (gdb) break *<addr> Next/step one assembly instruction at a time: (gdb) ni and si Jump to a given address: (gdb) jump *<addr> Print the string at a given address: (gdb) x/s <addr>

Getting started with the assignment Disassemble and step through main Open gdb -tui and set layout asm Load the binary file: (gdb) file riddle Set a breakpoint on main: (gdb) b main Start the program: (gdb) run Look around and advance with ni and si Can you find where inputs are read from stdin? Can you find the calls to riddle_1 and riddle_2? Can you figure out their input parameters? Remember Disassemble a function with (gdb) disas func_name Redraw the screen with Ctrl-l Print the string at the address in %rdi using: (gdb) x/s $rdi

Today: an easier problem Download from: http://bytes.usc.edu/cs356/labs/riddle.zip Two-Phases The main program reads two strings from stdin. The strings are validated by calling functions riddle_1 and riddle_2 $./riddle To continue, tell me: how is an orange like a bell? I know you can Google it, but don't. <enter correct answer here> Very well then. Tell me the ages of my three children. Hint 1: If you multiply their ages, the product is 36. Hint 2: If you add up their ages, it is the number of my neighbor's house. Hint 3: The oldest one is in fourth grade. <enter three numbers here> Sorry, you failed to complete the riddle challenge.

Riddle 1 Understanding Which functions are called by riddle_1? Which parameters are passed? Which output values are used afterward? Jumps? Conditional jumps? (gdb) disas riddle_1 Dump of assembler code for function riddle_1: 0x0000000000400a30 <+0>: sub $0x8,%rsp 0x0000000000400a34 <+4>: mov $0x400dd0,%esi 0x0000000000400a39 <+9>: callq 0x4009c9 <strings_not_equal> 0x0000000000400a3e <+14>: test %eax,%eax 0x0000000000400a40 <+16>: je 0x400a47 <riddle_1+23> 0x0000000000400a42 <+18>: callq 0x400891 <explode_bomb> 0x0000000000400a47 <+23>: add $0x8,%rsp 0x0000000000400a4b <+27>: retq End of assembler dump.

Riddle 2 0x0000000000400a79 <+0>: sub $0x18,%rsp 0x0000000000400a7d <+4>: lea 0x4(%rsp),%rsi 0x0000000000400a82 <+9>: callq 0x400a4c <read_three_numbers> 0x0000000000400a87 <+14>: mov 0x4(%rsp),%eax 0x0000000000400a8b <+18>: test %eax,%eax 0x0000000000400a8d <+20>: jns 0x400a94 <riddle_2+27> 0x0000000000400a8f <+22>: callq 0x400891 <explode_bomb> 0x0000000000400a94 <+27>: cmp $0x2,%eax 0x0000000000400a97 <+30>: je 0x400a9e <riddle_2+37> 0x0000000000400a99 <+32>: callq 0x400891 <explode_bomb> 0x0000000000400a9e <+37>: cmpl $0x2,0x8(%rsp) 0x0000000000400aa3 <+42>: je 0x400aaa <riddle_2+49> 0x0000000000400aa5 <+44>: callq 0x400891 <explode_bomb> 0x0000000000400aaa <+49>: cmpl $0x9,0xc(%rsp) 0x0000000000400aaf <+54>: je 0x400ab6 <riddle_2+61> 0x0000000000400ab1 <+56>: callq 0x400891 <explode_bomb> 0x0000000000400ab6 <+61>: add $0x18,%rsp 0x0000000000400aba <+65>: retq

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback