GDB Tutorial. Young W. Lim Tue. Young W. Lim GDB Tutorial Tue 1 / 32

Similar documents
GDB Tutorial. Young W. Lim Thr. Young W. Lim GDB Tutorial Thr 1 / 24

GDB Tutorial. Young W. Lim Fri. Young W. Lim GDB Tutorial Fri 1 / 24

Stack Tutorial. Young W. Lim Sat. Young W. Lim Stack Tutorial Sat 1 / 15

Stack Debugging. Young W. Lim Sat. Young W. Lim Stack Debugging Sat 1 / 40

Stack Debugging. Young W. Lim Thr. Young W. Lim Stack Debugging Thr 1 / 12

buffer overflow exploitation

Procedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29

Procedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27

Day05 A. Young W. Lim Sat. Young W. Lim Day05 A Sat 1 / 14

18-600: Recitation #3

GDB QUICK REFERENCE GDB Version 4

Simple C Program. Assembly Ouput. Using GCC to produce Assembly. Assembly produced by GCC is easy to recognize:

Access. Young W. Lim Sat. Young W. Lim Access Sat 1 / 19

Binghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11

Day02 A. Young W. Lim Sat. Young W. Lim Day02 A Sat 1 / 12

CNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux

Access. Young W. Lim Fri. Young W. Lim Access Fri 1 / 18

Project 1 Notes and Demo

Introduction to GDB. Lezione 9 (taken from Owen HSU material)

GDB cheatsheet - page 1

Processes. Johan Montelius KTH

A process. the stack

Princeton University COS 217: Introduction to Programming Systems GDB Tutorial and Reference for x86-64 Assembly Language

CSE 351 Section 4 GDB and x86-64 Assembly Hi there! Welcome back to section, we re happy that you re here

Download the tarball for this session. It will include the following files:

Day06 A. Young W. Lim Wed. Young W. Lim Day06 A Wed 1 / 26

Debug for GDB Users. Action Description Debug GDB $debug <program> <args> >create <program> <args>

Overview (1A) Young Won Lim 9/9/17

Day06 A. Young W. Lim Mon. Young W. Lim Day06 A Mon 1 / 16

Recitation: Bomb Lab. September 17 th 2018

Arrays. Young W. Lim Mon. Young W. Lim Arrays Mon 1 / 17

Jackson State University Department of Computer Science CSC / Advanced Information Security Spring 2013 Lab Project # 5

Binghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11

Buffer-Overflow Attacks on the Stack

Overview (1A) Young Won Lim 9/14/17

Arrays. Young W. Lim Wed. Young W. Lim Arrays Wed 1 / 19

Intro x86 Part 3: Linux Tools & Analysis

1. A student is testing an implementation of a C function; when compiled with gcc, the following x86-32 assembly code is produced:

The Process Abstraction. CMPU 334 Operating Systems Jason Waterman

Download the tarball for this session. It will include the following files:

Link 3. Symbols. Young W. Lim Mon. Young W. Lim Link 3. Symbols Mon 1 / 42

CMSC Lecture 03. UMBC, CMSC313, Richard Chang

CS 270 Systems Programming. Debugging Tools. CS 270: Systems Programming. Instructor: Raphael Finkel

Overview (1A) Young Won Lim 9/25/17

Buffer Overflow Attack

Link 2. Object Files

mp2 Warmup Instructions (Updated 1/25/2016 by Ron Cheung for using VMs)

Problem Set 1: Unix Commands 1

ROP It Like It s Hot!

Stack Debugging. Young W. Lim Tue. Young W. Lim Stack Debugging Tue 1 / 70

GDB Linux GNU Linux Distribution. gdb gcc g++ -g gdb EB_01.cpp

Buffer-Overflow Attacks on the Stack

System calls and assembler

Understanding Software Vulnerabilities: C, Debugging Assembly, and Buffer Overflows

Pointers (1A) Young Won Lim 1/9/18

Pointers (1A) Young Won Lim 1/5/18

This time. Defenses and other memory safety vulnerabilities. Everything you ve always wanted to know about gdb but were too afraid to ask

CS3210: Tutorial Session 2. Kyuhong Park-- edited by Kyle Harrigan

1. Allowed you to see the value of one or more variables, or 2. Indicated where you were in the execution of a program

Reviewing gcc, make, gdb, and Linux Editors 1

Day14 A. Young W. Lim Tue. Young W. Lim Day14 A Tue 1 / 15

Lecture 03 Bits, Bytes and Data Types

Link 2. Object Files

Source level debugging. October 18, 2016

Fall 2015 COMP Operating Systems. Lab #3

An Experience Like No Other. Stack Discipline Aug. 30, 2006

Assembly Language Programming Debugging programs

Basic Buffer Overflows

CMPT 300. Operating Systems. Brief Intro to UNIX and C

CSC 591 Systems Attacks and Defenses Return-into-libc & ROP

CS/COE 0449 term 2174 Lab 5: gdb

Exercise Session 6 Computer Architecture and Systems Programming

Princeton University COS 217: Introduction to Programming Systems GDB Tutorial and Reference

CS356: Discussion #5 Debugging with GDB. Marco Paolieri

CS 161 Computer Security. Week of January 22, 2018: GDB and x86 assembly

Pointers (1A) Young Won Lim 3/5/18

Stack Debugging. Young W. Lim Mon. Young W. Lim Stack Debugging Mon 1 / 63

Day08 A. Young W. Lim Mon. Young W. Lim Day08 A Mon 1 / 27

CSE 351. GDB Introduction

The IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta

Using gdb to find the point of failure

Return Oriented Programming

Systems/DBG Debugger Version 2.20

When you add a number to a pointer, that number is added, but first it is multiplied by the sizeof the type the pointer points to.

Stack Discipline Jan. 19, 2018

CMPSC 311- Introduction to Systems Programming Module: Debugging

Link 7. Static Linking

CMPSC 311- Introduction to Systems Programming Module: Debugging

Practical Malware Analysis

Sistemi Operativi. Lez. 16 Elementi del linguaggio Assembler AT&T

CSCI0330 Intro Computer Systems Doeppner. Lab 02 - Tools Lab. Due: Sunday, September 23, 2018 at 6:00 PM. 1 Introduction 0.

Program Design: Using the Debugger

CSC 2400: Computing Systems. X86 Assembly: Function Calls

Day14 A. Young W. Lim Thr. Young W. Lim Day14 A Thr 1 / 14

Pointers (1A) Young Won Lim 11/1/17

Final Exam. Fall Semester 2016 KAIST EE209 Programming Structures for Electrical Engineering. Name: Student ID:

CS 241 Honors Security

Operating System Structure

System Programming. Signals I

Interrupts, Fork, I/O Basics

Transcription:

GDB Tutorial Young W. Lim 2017-02-14 Tue Young W. Lim GDB Tutorial 2017-02-14 Tue 1 / 32

Outline 1 Introduction Young W. Lim GDB Tutorial 2017-02-14 Tue 2 / 32

Based on "Self-service Linux: Mastering the Art of Problem Determination", Mark Wilding I, the copyright holder of this work, hereby publish it under the following licenses: GNU head Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. CC BY SA This file is licensed under the Creative Commons Attribution ShareAlike 3.0 Unported License. In short: you are free to share and make derivative works of the file under the conditions that you appropriately attribute it, and that you distribute it only under a license compatible with this one. Young W. Lim GDB Tutorial 2017-02-14 Tue 3 / 32

Summary (1) Starting and Stopping quit : exit GDB run : run your program kill : stop your program Breakpoints break func : set breakpoint at entry to function func break *0x80483c3 : set breakpoint at address 0x80483c3 delete 1 : delete breakpoint 1 delete : delete all breakpoints Young W. Lim GDB Tutorial 2017-02-14 Tue 4 / 32

Summary (2) Execution stepi : execute one instruction setpi 4 : execute 4 instructions nexti : like stepi, but proceed throught function calls continue : resume execution finish : run until current function returns Examining code disas : disassemble current function disas func : disassemble function func disas 0x80483b7 : disassemble function around address 0x80483b7 disas 0x80483b7 0x80483c7 : disassemble code within specified address range print /x $eip : print program counter in hex Young W. Lim GDB Tutorial 2017-02-14 Tue 5 / 32

Summary (3) Examining Data print $eax : print contents of %eax in decimal print /x $eax : print contents of %eax in hex print /t $eax : print contents of %eax in binary print 0x100 : print decimal representation of 0x100 print /x 555 : print hex representation of 555 print /x ($ebp+8) : print contents of %ebp +8 in hex print *(int *) 0xbffff890 : print integer at address 0xbffff890 print *(int *) ($ebp+8) : print integer at address %ebp+8 x/2w 0xbffff890 : examine two 4-byte words starting at 0xbffff890 x/20b sum : examine first 20 bytes of function sum Useful information info frame : information about current stack frame info registers : values of all the registers help : get information about gdb Young W. Lim GDB Tutorial 2017-02-14 Tue 6 / 32

Controlling Processes executing a program in the gdb attaching a running program to the gdb using core dump (process image) in the gdb Young W. Lim GDB Tutorial 2017-02-14 Tue 7 / 32

Executing a program in the gdb (1) g++ hang.c -g -o hang gdb hang (gdb) break main (gdb) run user // hang user (gdb) list (gdb) show args (gdb) set args 6 7 (gdb) show args (gdb) run // hang 6 7 int main(int argc, char *argv[]) { getpid(); if (argc < 2) { printf("hang (user system)"); }... Young W. Lim GDB Tutorial 2017-02-14 Tue 8 / 32

Executing a program in the gdb (2) (gdb) show environment (gdb) show envirnoment var (gdb) set environment var=val (gdb) unset environment var (gdb) set environment FOO=BAR (gdb) show envionment FOO (gdb) unset environment FOO (gdb) show environment FOO Young W. Lim GDB Tutorial 2017-02-14 Tue 9 / 32

Attatching a running program to the gdb (1) hang system // must stop : sleep(5000); gdb -3051 // attaching to process 3051 (gdb) bt // backtrace (gdb) up // upward stack (gdb) list Young W. Lim GDB Tutorial 2017-02-14 Tue 10 / 32

Attatching a running program to the gdb (2) bt: backtrace #0 nanosleep() from /lib/libc.so.6 #1 sleep () from /lib/libc.so.6 #2 main (...) at hang.c... #3 lib_start_main () from /lib/libc.so.6 up: upward stack #1 sleep () from /lib/libc.so.6 up: upward stack #2 main (...) at hang.c... list: diplaying the code shows main code around sleep( 5000 ); Young W. Lim GDB Tutorial 2017-02-14 Tue 11 / 32

Core Dump File core dump file contains process heap memory image memory segments Young W. Lim GDB Tutorial 2017-02-14 Tue 12 / 32

Making Core Dump File (1) make_core.c --- int main(void) { int *p=0; *p = 1; return 0; } p is int pointer variable initialize p with 0, then assign 1 to *p referecing the NULL pointer incurs trap with SIGSEGV Segmentation fault Young W. Lim GDB Tutorial 2017-02-14 Tue 13 / 32

Making Core Dump File (2) make_core.c g++ -o make_core make_core.c make_core Segmentation fault -> core gdb make_core core Young W. Lim GDB Tutorial 2017-02-14 Tue 14 / 32

Making Core Dump File (3) ulimit -a ulimit -c unlimited ls -l core readelf -all core [ulimit -a] shows shell resource settings core file size (blocks, -c) 0 [ulimit -c unlimited] removes limitation Young W. Lim GDB Tutorial 2017-02-14 Tue 15 / 32

Core File Name and Location /proc/sys/kernel/core_pattern /core_file/%u.%e.%p.core %u: process name %e: executing user id %p: pid.500.user.12589.core in core_file directory directory /core_files echo "/core_file/%u.%e.%p.core" > /proc/sys/kernel/core_pattern ls -l /core_files Young W. Lim GDB Tutorial 2017-02-14 Tue 16 / 32

Generating a Core File in GDB help generate-core-file generate-core-file [core-file-name] default core file name: core.<pid> Young W. Lim GDB Tutorial 2017-02-14 Tue 17 / 32

Checking Memory Map memory map : memory segment list process heap process stack execution code shared libraries global var address function address info program shell cat /proc/<pid>/maps Young W. Lim GDB Tutorial 2017-02-14 Tue 18 / 32

Stack frame 1 print &var backtrace bt bt_full backtrace (bt) shows a function list in a stack PC addr -> function name stack tracing #0, #1, : stack frame no x86 based 0x40000000 shared libraries 0x08048000 exec file image address mapping : /proc/<pid>/maps bt\_full : shows local var s Young W. Lim GDB Tutorial 2017-02-14 Tue 19 / 32

Stack Frame finish frame 3 up down finish the curr func in the curr stack frame, return to the caller always start with #0 stack frame: the topmost frame up : #0 -> #1 down : #1 -> #0 Young W. Lim GDB Tutorial 2017-02-14 Tue 20 / 32

Stack Frame Information info frame 2 Stack frame at at 0xbffff330: eip = 0x80483e9 in function3 (st_prog.c:16): saved eip 0x804843a eip (exteneded instruction pointer) command to be executed in a frame called by frame at 0xbffff370, caller of frame at 0xbffff310 source language c. Arglist at 0xbffff328, args: string=0xbffff340 "This is a local string" Locals at 0xbffff328, Previous frame s sp is 0xbffff330 Saved registers: ebp at 0xbffff328, eip at 0xbffff32c eip (extended instruction pointer) command to be executed in a frame called by frame callled of frame Young W. Lim GDB Tutorial 2017-02-14 Tue 21 / 32

Checking Variabls global variable static variable auto variable const char *cstr = "Hello"; without -g print cstr $2 = 12345... with -g printf "%s\n", cstr Hello info variable sint All variables matching regular expression "sint": print /x sint $3 = 0x5 Young W. Lim GDB Tutorial 2017-02-14 Tue 22 / 32

Convenience Variable print var print /x var print $1 + 5 $num = value conveinience variable gdb automatically creates var $1, $2,... printf "val in hex is %x\n", var Young W. Lim GDB Tutorial 2017-02-14 Tue 23 / 32

Array int list[5] = {0,1,2,3,4}; print list print list[3] int *array = (int *) malloc(len * sizeof(int)); array[0]=5; array[1]=1; array[2]=5; print array@3 whatis a type = int examine (x) x /8xw 0x08048000 Young W. Lim GDB Tutorial 2017-02-14 Tue 24 / 32

Formatted Output cb 1byte ascii char dh 2byte decimal dw 4byte decimal xb 1bye hexadecimal xh 2byte hexadecimal xw 4byte hexadecimal xg 8byte hexadecimal print cstr x /s 0x090485c0 printf "%s\n", 0x080485c0 print (char *) 0x080485c0 s string Young W. Lim GDB Tutorial 2017-02-14 Tue 25 / 32

Type Casting class myc { public: int var; myc() { var=5 } }; print (myc) *0x080485c0 set variable a=5 set a=5 print a set $eax=1 print $eax Young W. Lim GDB Tutorial 2017-02-14 Tue 26 / 32

Register Dump eax function return val eip command PC ebp, esp stack, stack segment 32-bit, 64-bit machine difference info registers info all-registers print $eax Young W. Lim GDB Tutorial 2017-02-14 Tue 27 / 32

Execution next <N> without going inside a function step <N> with going inside a function nexti <N> next for the assembly command stepi <N> step for the assembly command continue jump <address> until call <function> CTRL-C <N> the number of commands (machine or assembly) Young W. Lim GDB Tutorial 2017-02-14 Tue 28 / 32

step-mode break main run next step show step-mode set step-mode on show step-mode next step -> now go into printf() without debug symbol, step cannot go into printf() after setting step-mode on, step goes into printf() Young W. Lim GDB Tutorial 2017-02-14 Tue 29 / 32

fork before fork called follow-fork-mode child set follow-fork-mode ask show follow-fork-mode proc 1 fork proc2 & proc3 proc 2 fork proc4 Young W. Lim GDB Tutorial 2017-02-14 Tue 30 / 32

Signal info signals SIGALRM Stop :gdb stops execution, user takes control Print : gdb displays messages Pass to Programm Description Young W. Lim GDB Tutorial 2017-02-14 Tue 31 / 32

Handling Signals #include <stdio.h> #include <unistd.h> #include <sys/utsname.h> int main() { alarm(7); sleep(9); return 0; } run : terminates because no handler exist for SIGALRM after "handle SIGALRM nopass", the program exits normally handle SIGALRM nopass handle SIGALRM stop info signals Young W. Lim GDB Tutorial 2017-02-14 Tue 32 / 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback