GDB Tutorial. Young W. Lim Thr. Young W. Lim GDB Tutorial Thr 1 / 24

Similar documents
GDB Tutorial. Young W. Lim Fri. Young W. Lim GDB Tutorial Fri 1 / 24

GDB Tutorial. Young W. Lim Tue. Young W. Lim GDB Tutorial Tue 1 / 32

Stack Tutorial. Young W. Lim Sat. Young W. Lim Stack Tutorial Sat 1 / 15

Stack Debugging. Young W. Lim Sat. Young W. Lim Stack Debugging Sat 1 / 40

Stack Debugging. Young W. Lim Thr. Young W. Lim Stack Debugging Thr 1 / 12

Procedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27

Procedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29

Day05 A. Young W. Lim Sat. Young W. Lim Day05 A Sat 1 / 14

Access. Young W. Lim Sat. Young W. Lim Access Sat 1 / 19

Day02 A. Young W. Lim Sat. Young W. Lim Day02 A Sat 1 / 12

Access. Young W. Lim Fri. Young W. Lim Access Fri 1 / 18

GDB QUICK REFERENCE GDB Version 4

CNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux

Arrays. Young W. Lim Mon. Young W. Lim Arrays Mon 1 / 17

buffer overflow exploitation

Day06 A. Young W. Lim Wed. Young W. Lim Day06 A Wed 1 / 26

18-600: Recitation #3

Arrays. Young W. Lim Wed. Young W. Lim Arrays Wed 1 / 19

Day06 A. Young W. Lim Mon. Young W. Lim Day06 A Mon 1 / 16

Simple C Program. Assembly Ouput. Using GCC to produce Assembly. Assembly produced by GCC is easy to recognize:

GDB cheatsheet - page 1

Processes. Johan Montelius KTH

Princeton University COS 217: Introduction to Programming Systems GDB Tutorial and Reference for x86-64 Assembly Language

A process. the stack

Link 3. Symbols. Young W. Lim Mon. Young W. Lim Link 3. Symbols Mon 1 / 42

Binghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11

Debug for GDB Users. Action Description Debug GDB $debug <program> <args> >create <program> <args>

Day14 A. Young W. Lim Thr. Young W. Lim Day14 A Thr 1 / 14

CS 270 Systems Programming. Debugging Tools. CS 270: Systems Programming. Instructor: Raphael Finkel

Day08 A. Young W. Lim Mon. Young W. Lim Day08 A Mon 1 / 27

Link 2. Object Files

Pointers (1A) Young Won Lim 1/9/18

Pointers (1A) Young Won Lim 1/5/18

Intro x86 Part 3: Linux Tools & Analysis

Buffer-Overflow Attacks on the Stack

Source level debugging. October 18, 2016

Link 2. Object Files

Project 1 Notes and Demo

Link 7. Dynamic Linking

This time. Defenses and other memory safety vulnerabilities. Everything you ve always wanted to know about gdb but were too afraid to ask

Pointers (1A) Young Won Lim 3/5/18

Stack Debugging. Young W. Lim Tue. Young W. Lim Stack Debugging Tue 1 / 70

The IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta

Fall 2015 COMP Operating Systems. Lab #3

Link 4. Relocation. Young W. Lim Thr. Young W. Lim Link 4. Relocation Thr 1 / 26

CMSC 313 Lecture 12 [draft] How C functions pass parameters

Introduction to GDB. Lezione 9 (taken from Owen HSU material)

Binghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11

Buffer-Overflow Attacks on the Stack

Overview (1A) Young Won Lim 9/9/17

U23 - Binary Exploitation

Pointers (1A) Young Won Lim 11/1/17

Day14 A. Young W. Lim Tue. Young W. Lim Day14 A Tue 1 / 15

Sistemi Operativi. Lez. 16 Elementi del linguaggio Assembler AT&T

Using the GNU Debugger

Pointers (1A) Young Won Lim 2/10/18

Using the GNU Debugger

Understanding Software Vulnerabilities: C, Debugging Assembly, and Buffer Overflows

Stack Debugging. Young W. Lim Mon. Young W. Lim Stack Debugging Mon 1 / 63

Problem Set 1: Unix Commands 1

1. A student is testing an implementation of a C function; when compiled with gcc, the following x86-32 assembly code is produced:

GAS Tutorial - 6. Expression

Pointers (1A) Young Won Lim 1/22/18

Chapter 7: User Defined Functions and Stack Mechanics

Control. Young W. Lim Mon. Young W. Lim Control Mon 1 / 16

GDB Linux GNU Linux Distribution. gdb gcc g++ -g gdb EB_01.cpp

Applications of Pointers (1A) Young Won Lim 12/26/17

Pointers (1A) Young Won Lim 2/6/18

CSC 2400: Computing Systems. X86 Assembly: Function Calls

Pointers (1A) Young Won Lim 1/14/18

Exercise Session 6 Computer Architecture and Systems Programming

Overview (1A) Young Won Lim 9/14/17

Link 4. Relocation. Young W. Lim Wed. Young W. Lim Link 4. Relocation Wed 1 / 22

X86 Stack Calling Function POV

CMSC Lecture 03. UMBC, CMSC313, Richard Chang

Assembly Language Programming Debugging programs

ROP It Like It s Hot!

Day21 A. Young W. Lim Wed. Young W. Lim Day21 A Wed 1 / 13

Tips on Using GDB to Track Down and Stamp Out Software Bugs

The Process Abstraction. CMPU 334 Operating Systems Jason Waterman

Jackson State University Department of Computer Science CSC / Advanced Information Security Spring 2013 Lab Project # 5

Basic Buffer Overflows

Overview (1A) Young Won Lim 9/25/17

mp2 Warmup Instructions (Updated 1/25/2016 by Ron Cheung for using VMs)

BUFFER OVERFLOW DEFENSES & COUNTERMEASURES

Link 8.A Dynamic Linking

An Experience Like No Other. Stack Discipline Aug. 30, 2006

Migrating from Inspect to Native Inspect

20: Exploits and Containment

Reverse Engineering II: Basics. Gergely Erdélyi Senior Antivirus Researcher

x86 Assembly Tutorial COS 318: Fall 2017

System calls and assembler

Systems I. Machine-Level Programming V: Procedures

CSC 591 Systems Attacks and Defenses Return-into-libc & ROP

CS 161 Computer Security. Week of January 22, 2018: GDB and x86 assembly

Programming Assignment #1: A Simple Shell

Lecture 03 Bits, Bytes and Data Types

Recitation: Bomb Lab. September 17 th 2018

Reverse Engineering II: The Basics

CSC 2400: Computing Systems. X86 Assembly: Function Calls"

Transcription:

GDB Tutorial Young W. Lim 2016-09-29 Thr Young W. Lim GDB Tutorial 2016-09-29 Thr 1 / 24

Outline 1 Introduction Young W. Lim GDB Tutorial 2016-09-29 Thr 2 / 24

Based on "Self-service Linux: Mastering the Art of Problem Determination", Mark Wilding I, the copyright holder of this work, hereby publish it under the following licenses: GNU head Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. CC BY SA This file is licensed under the Creative Commons Attribution ShareAlike 3.0 Unported License. In short: you are free to share and make derivative works of the file under the conditions that you appropriately attribute it, and that you distribute it only under a license compatible with this one. Young W. Lim GDB Tutorial 2016-09-29 Thr 3 / 24

Controlling Processes executing a program in the gdb attaching a running program to the gdb using core dump (process image) in the gdb Young W. Lim GDB Tutorial 2016-09-29 Thr 4 / 24

Executing a program in the gdb (1) g++ hang.c -g -o hang gdb hang (gdb) break main (gdb) run user // hang arg1 arg2... (gdb) list (gdb) show args (gdb) set args 6 7 (gdb) show args (gdb) run // run 6 7 Young W. Lim GDB Tutorial 2016-09-29 Thr 5 / 24

Executing a program in the gdb (2) (gdb) show environment (gdb) show envirnoment var (gdb) set environment var=val (gdb) unset environment var (gdb) set environment FOO=BAR (gdb) show envionment FOO (gdb) unset environment FOO (gdb) show environment FOO Young W. Lim GDB Tutorial 2016-09-29 Thr 6 / 24

Attatching a running program to the gdb hang system gdb -3051 (gdb) bt (gdb) up (gdb) list // must stop : sleep(5000); // attaching to process 3051 // backtrace // upward stack hang.c, system: 1st argument pid: 3051 bt: backtrace up: upward stack list code Young W. Lim GDB Tutorial 2016-09-29 Thr 7 / 24

Using Core Dump in the gdb D process heap memory image memory segments make_core.c --- int main(void) { int *p=0; *p = 1; return 0; } --- make_core ulimit -a ulimit -c unlimited ls -l core readelf -all core gdb make_core core Young W. Lim GDB Tutorial 2016-09-29 Thr 8 / 24

Core File /proc/sys/kernel/core_pattern directory /core_files echo "/core_file/%u.%e.%p.core" > /proc/sys/kernel/core_pattern %u process name %e executing user id %p pid ls -l /core_files help generate-core-file generate-core-file Young W. Lim GDB Tutorial 2016-09-29 Thr 9 / 24

Checking Memory Map memory map : memory segment list process heap process stack execution code shared libraries global var address function address info program shell cat /proc/<pid>/maps Young W. Lim GDB Tutorial 2016-09-29 Thr 10 / 24

Stack frame 1 print &var backtrace bt bt_full backtrace (bt) shows a function list in a stack PC addr -> function name stack tracing #0, #1, : stack frame no x86 based 0x40000000 shared libraries 0x08048000 exec file image address mapping : /proc/<pid>/maps bt\_full : shows local var s Young W. Lim GDB Tutorial 2016-09-29 Thr 11 / 24

Stack Frame finish frame 3 up down finish the curr func in the curr stack frame, return to the caller always start with #0 stack frame: the topmost frame up : #0 -> #1 down : #1 -> #0 Young W. Lim GDB Tutorial 2016-09-29 Thr 12 / 24

Stack Frame Information info frame 2 Stack frame at at 0xbffff330: eip = 0x80483e9 in function3 (st_prog.c:16): saved eip 0x804843a eip (exteneded instruction pointer) command to be executed in a frame called by frame at 0xbffff370, caller of frame at 0xbffff310 source language c. Arglist at 0xbffff328, args: string=0xbffff340 "This is a local string" Locals at 0xbffff328, Previous frame s sp is 0xbffff330 Saved registers: ebp at 0xbffff328, eip at 0xbffff32c eip (extended instruction pointer) command to be executed in a frame called by frame callled of frame Young W. Lim GDB Tutorial 2016-09-29 Thr 13 / 24

Checking Variabls global variable static variable auto variable const char *cstr = "Hello"; without -g print cstr $2 = 12345... with -g printf "%s\n", cstr Hello info variable sint All variables matching regular expression "sint": print /x sint $3 = 0x5 Young W. Lim GDB Tutorial 2016-09-29 Thr 14 / 24

Convenience Variable print var print /x var print $1 + 5 $num = value conveinience variable gdb automatically creates var $1, $2,... printf "val in hex is %x\n", var Young W. Lim GDB Tutorial 2016-09-29 Thr 15 / 24

Array int list[5] = {0,1,2,3,4}; print list print list[3] int *array = (int *) malloc(len * sizeof(int)); array[0]=5; array[1]=1; array[2]=5; print array@3 whatis a type = int examine (x) x /8xw 0x08048000 Young W. Lim GDB Tutorial 2016-09-29 Thr 16 / 24

Formatted Output cb 1byte ascii char dh 2byte decimal dw 4byte decimal xb 1bye hexadecimal xh 2byte hexadecimal xw 4byte hexadecimal xg 8byte hexadecimal print cstr x /s 0x090485c0 printf "%s\n", 0x080485c0 print (char *) 0x080485c0 s string Young W. Lim GDB Tutorial 2016-09-29 Thr 17 / 24

Type Casting class myc { public: int var; myc() { var=5 } }; print (myc) *0x080485c0 set variable a=5 set a=5 print a set $eax=1 print $eax Young W. Lim GDB Tutorial 2016-09-29 Thr 18 / 24

Register Dump eax function return val eip command PC ebp, esp stack, stack segment 32-bit, 64-bit machine difference info registers info all-registers print $eax Young W. Lim GDB Tutorial 2016-09-29 Thr 19 / 24

Execution next <N> without going inside a function step <N> with going inside a function nexti <N> next for the assembly command stepi <N> step for the assembly command continue jump <address> until call <function> CTRL-C <N> the number of commands (machine or assembly) Young W. Lim GDB Tutorial 2016-09-29 Thr 20 / 24

step-mode break main run next step show step-mode set step-mode on show step-mode next step -> now go into printf() without debug symbol, step cannot go into printf() after setting step-mode on, step goes into printf() Young W. Lim GDB Tutorial 2016-09-29 Thr 21 / 24

fork before fork called follow-fork-mode child set follow-fork-mode ask show follow-fork-mode proc 1 fork proc2 & proc3 proc 2 fork proc4 Young W. Lim GDB Tutorial 2016-09-29 Thr 22 / 24

Signal info signals SIGALRM Stop :gdb stops execution, user takes control Print : gdb displays messages Pass to Programm Description Young W. Lim GDB Tutorial 2016-09-29 Thr 23 / 24

Handling Signals #include <stdio.h> #include <unistd.h> #include <sys/utsname.h> int main() { alarm(7); sleep(9); return 0; } run : terminates because no handler exist for SIGALRM after "handle SIGALRM nopass", the program exits normally handle SIGALRM nopass handle SIGALRM stop info signals Young W. Lim GDB Tutorial 2016-09-29 Thr 24 / 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback