GDB Tutorial. Young W. Lim Fri. Young W. Lim GDB Tutorial Fri 1 / 24

Similar documents
GDB Tutorial. Young W. Lim Thr. Young W. Lim GDB Tutorial Thr 1 / 24

GDB Tutorial. Young W. Lim Tue. Young W. Lim GDB Tutorial Tue 1 / 32

Stack Tutorial. Young W. Lim Sat. Young W. Lim Stack Tutorial Sat 1 / 15

Stack Debugging. Young W. Lim Sat. Young W. Lim Stack Debugging Sat 1 / 40

Stack Debugging. Young W. Lim Thr. Young W. Lim Stack Debugging Thr 1 / 12

Procedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27

Procedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29

Access. Young W. Lim Fri. Young W. Lim Access Fri 1 / 18

Day05 A. Young W. Lim Sat. Young W. Lim Day05 A Sat 1 / 14

Access. Young W. Lim Sat. Young W. Lim Access Sat 1 / 19

Day02 A. Young W. Lim Sat. Young W. Lim Day02 A Sat 1 / 12

GDB QUICK REFERENCE GDB Version 4

buffer overflow exploitation

CNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux

Arrays. Young W. Lim Mon. Young W. Lim Arrays Mon 1 / 17

Simple C Program. Assembly Ouput. Using GCC to produce Assembly. Assembly produced by GCC is easy to recognize:

Day06 A. Young W. Lim Wed. Young W. Lim Day06 A Wed 1 / 26

18-600: Recitation #3

Arrays. Young W. Lim Wed. Young W. Lim Arrays Wed 1 / 19

Day06 A. Young W. Lim Mon. Young W. Lim Day06 A Mon 1 / 16

Processes. Johan Montelius KTH

A process. the stack

GDB cheatsheet - page 1

Binghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11

Princeton University COS 217: Introduction to Programming Systems GDB Tutorial and Reference for x86-64 Assembly Language

Link 3. Symbols. Young W. Lim Mon. Young W. Lim Link 3. Symbols Mon 1 / 42

Debug for GDB Users. Action Description Debug GDB $debug <program> <args> >create <program> <args>

Intro x86 Part 3: Linux Tools & Analysis

GAS Tutorial - 6. Expression

Link 7. Dynamic Linking

Day08 A. Young W. Lim Mon. Young W. Lim Day08 A Mon 1 / 27

Project 1 Notes and Demo

CS 270 Systems Programming. Debugging Tools. CS 270: Systems Programming. Instructor: Raphael Finkel

Link 2. Object Files

Pointers (1A) Young Won Lim 1/9/18

Pointers (1A) Young Won Lim 1/5/18

Overview (1A) Young Won Lim 9/9/17

Buffer-Overflow Attacks on the Stack

Source level debugging. October 18, 2016

Link 2. Object Files

Introduction to GDB. Lezione 9 (taken from Owen HSU material)

Stack Debugging. Young W. Lim Tue. Young W. Lim Stack Debugging Tue 1 / 70

Binghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11

Day14 A. Young W. Lim Thr. Young W. Lim Day14 A Thr 1 / 14

This time. Defenses and other memory safety vulnerabilities. Everything you ve always wanted to know about gdb but were too afraid to ask

Problem Set 1: Unix Commands 1

Pointers (1A) Young Won Lim 3/5/18

Overview (1A) Young Won Lim 9/14/17

The IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta

Fall 2015 COMP Operating Systems. Lab #3

GAS Tutorial - 4. Sections & Relocation

Stack Debugging. Young W. Lim Mon. Young W. Lim Stack Debugging Mon 1 / 63

CMSC 313 Lecture 12 [draft] How C functions pass parameters

Overview (1A) Young Won Lim 9/25/17

Buffer-Overflow Attacks on the Stack

U23 - Binary Exploitation

Pointers (1A) Young Won Lim 11/1/17

Day14 A. Young W. Lim Tue. Young W. Lim Day14 A Tue 1 / 15

Sistemi Operativi. Lez. 16 Elementi del linguaggio Assembler AT&T

Using the GNU Debugger

Pointers (1A) Young Won Lim 2/10/18

Using the GNU Debugger

Understanding Software Vulnerabilities: C, Debugging Assembly, and Buffer Overflows

Link 8.A Dynamic Linking

ROP It Like It s Hot!

1. A student is testing an implementation of a C function; when compiled with gcc, the following x86-32 assembly code is produced:

The Process Abstraction. CMPU 334 Operating Systems Jason Waterman

Assembly Language Programming Debugging programs

Pointers (1A) Young Won Lim 1/22/18

Basic Buffer Overflows

CMPSC 311- Introduction to Systems Programming Module: Debugging

Chapter 7: User Defined Functions and Stack Mechanics

Control. Young W. Lim Mon. Young W. Lim Control Mon 1 / 16

An Experience Like No Other. Stack Discipline Aug. 30, 2006

20: Exploits and Containment

Applications of Pointers (1A) Young Won Lim 12/26/17

GDB Linux GNU Linux Distribution. gdb gcc g++ -g gdb EB_01.cpp

Pointers (1A) Young Won Lim 2/6/18

CSC 2400: Computing Systems. X86 Assembly: Function Calls

CSC 591 Systems Attacks and Defenses Return-into-libc & ROP

System calls and assembler

Lecture 03 Bits, Bytes and Data Types

Pointers (1A) Young Won Lim 1/14/18

CMPSC 311- Introduction to Systems Programming Module: Debugging

Recitation: Bomb Lab. September 17 th 2018

Exercise Session 6 Computer Architecture and Systems Programming

Link 4. Relocation. Young W. Lim Thr. Young W. Lim Link 4. Relocation Thr 1 / 26

Link 4. Relocation. Young W. Lim Wed. Young W. Lim Link 4. Relocation Wed 1 / 22

X86 Stack Calling Function POV

CMPT 300. Operating Systems. Brief Intro to UNIX and C

CMSC Lecture 03. UMBC, CMSC313, Richard Chang

Day21 A. Young W. Lim Wed. Young W. Lim Day21 A Wed 1 / 13

Tips on Using GDB to Track Down and Stamp Out Software Bugs

Week 2 Intro to the Shell with Fork, Exec, Wait. Sarah Diesburg Operating Systems CS 3430

Jackson State University Department of Computer Science CSC / Advanced Information Security Spring 2013 Lab Project # 5

Stack Discipline Jan. 19, 2018

mp2 Warmup Instructions (Updated 1/25/2016 by Ron Cheung for using VMs)

Stack Debugging. Young W. Lim Fri. Young W. Lim Stack Debugging Fri 1 / 79

CS C Primer. Tyler Szepesi. January 16, 2013

BUFFER OVERFLOW DEFENSES & COUNTERMEASURES

Transcription:

GDB Tutorial Young W. Lim 2016-02-19 Fri Young W. Lim GDB Tutorial 2016-02-19 Fri 1 / 24

Outline 1 Introduction Young W. Lim GDB Tutorial 2016-02-19 Fri 2 / 24

Based on Self-service Linux: Mastering the Art of Problem Determination, Mark Wilding I, the copyright holder of this work, hereby publish it under the following licenses: GNU head Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. CC BY SA This le is licensed under the Creative Commons Attribution ShareAlike 3.0 Unported License. In short: you are free to share and make derivative works of the le under the conditions that you appropriately attribute it, and that you distribute it only under a license compatible with this one. Young W. Lim GDB Tutorial 2016-02-19 Fri 3 / 24

Controlling Processes executing attaching using core dump - process image Young W. Lim GDB Tutorial 2016-02-19 Fri 4 / 24

Executing g++ hang.c -g -o hang gdb hang break main run user (argv list) list show args set args 6 7 show args run show envronment set environment var=val unset environment var set environment FOO=BAR show envionment FOO unset environment FOO show environment FOO Young W. Lim GDB Tutorial 2016-02-19 Fri 5 / 24

Attatching processes to gdb hang system gdb -3051 bt --> stack up --> upward stack list hang.c, system: 1st argument pid: 3051 bt: backtrace up: upward stack list code Young W. Lim GDB Tutorial 2016-02-19 Fri 6 / 24

Using Core process heap memory image memory segments make_core.c --- int main(void) { int *p=0; *p = 1; return 0; } --- make_core ulimit -a ulimit -c unlimited ls -l core readelf -all core gdb make_core core Young W. Lim GDB Tutorial 2016-02-19 Fri 7 / 24

Core File /proc/sys/kernel/core_pattern directory /core_files echo "/core_file/%u.%e.%p.core" > /proc/sys/kernel/core_pattern %u process name %e executing user id %p pid ls -l /core_files help generate-core-file generate-core-file Young W. Lim GDB Tutorial 2016-02-19 Fri 8 / 24

Checking Memory Map memory map : memory segment list process heap process stack execution code shared libraries global var address function address info program shell cat /proc/<pid>/maps Young W. Lim GDB Tutorial 2016-02-19 Fri 9 / 24

Stack frame 1 print &var backtrace bt bt_full backtrace (bt) shows a function list in a stack PC addr -> function name stack tracing #0, #1, : stack frame no x86 based 0x40000000 shared libraries 0x08048000 exec le image address mapping : /proc/<pid>/maps bt_full : shows local var's Young W. Lim GDB Tutorial 2016-02-19 Fri 10 / 24

Stack Frame finish frame 3 up down nish the curr func in the curr stack frame, return to the caller always start with #0 stack frame: the topmost frame up : #0 -> #1 down : #1 -> #0 Young W. Lim GDB Tutorial 2016-02-19 Fri 11 / 24

Stack Frame Information info frame 2 Stack frame at at 0xbffff330: eip = 0x80483e9 in function3 (st_prog.c:16): saved eip 0x804843a eip (exteneded instruction pointer) command to be executed in a frame called by frame at 0xbffff370, caller of frame at 0xbffff310 source language c. Arglist at 0xbffff328, args: string=0xbffff340 "This is a local string" Locals at 0xbffff328, Previous frame's sp is 0xbffff330 Saved registers: ebp at 0xbffff328, eip at 0xbffff32c eip (extended instruction pointer) command to be executed in a frame called by frame callled of frame Young W. Lim GDB Tutorial 2016-02-19 Fri 12 / 24

Checking Variabls global variable static variable auto variable const char *cstr = "Hello"; without -g print cstr $2 = 12345... with -g printf "%s\n", cstr Hello info variable sint All variables matching regular expression "sint": print /x sint $3 = 0x5 Young W. Lim GDB Tutorial 2016-02-19 Fri 13 / 24

Convenience Variable print var print /x var print $1 + 5 $num = value conveinience variable gdb automatically creates var $1, $2,... printf "val in hex is %x\n", var Young W. Lim GDB Tutorial 2016-02-19 Fri 14 / 24

Array int list[5] = {0,1,2,3,4}; print list print list[3] int *array = (int *) malloc(len * sizeof(int)); array[0]=5; array[1]=1; array[2]=5; print array@3 whatis a type = int examine (x) x /8xw 0x08048000 Young W. Lim GDB Tutorial 2016-02-19 Fri 15 / 24

Formatted Output cb 1byte ascii char dh 2byte decimal dw 4byte decimal xb 1bye hexadecimal xh 2byte hexadecimal xw 4byte hexadecimal xg 8byte hexadecimal print cstr x /s 0x090485c0 printf "%s\n", 0x080485c0 print (char *) 0x080485c0 s string Young W. Lim GDB Tutorial 2016-02-19 Fri 16 / 24

Type Casting class myc { public: int var; myc() { var=5 } }; print (myc) *0x080485c0 set variable a=5 set a=5 print a set $eax=1 print $eax Young W. Lim GDB Tutorial 2016-02-19 Fri 17 / 24

Register Dump eax function return val eip command PC ebp, esp stack, stack segment 32-bit, 64-bit machine dierence info registers info all-registers print $eax Young W. Lim GDB Tutorial 2016-02-19 Fri 18 / 24

Execution next <N> without going inside a function step <N> with going inside a function nexti <N> next for the assembly command stepi <N> step for the assembly command continue jump <address> until call <function> CTRL-C <N> the number of commands (machine or assembly) Young W. Lim GDB Tutorial 2016-02-19 Fri 19 / 24

step-mode break main run next step show step-mode set step-mode on show step-mode next step -> now go into printf() without debug symbol, step cannot go into printf() after setting step-mode on, step goes into printf() Young W. Lim GDB Tutorial 2016-02-19 Fri 20 / 24

fork before fork called follow-fork-mode child set follow-fork-mode ask show follow-fork-mode proc 1 fork proc2 & proc3 proc 2 fork proc4 Young W. Lim GDB Tutorial 2016-02-19 Fri 21 / 24

Signal info signals SIGALRM Stop :gdb stops execution, user takes control Print : gdb displays messages Pass to Programm Description Young W. Lim GDB Tutorial 2016-02-19 Fri 22 / 24

Handling Signals #include <stdio.h> #include <unistd.h> #include <sys/utsname.h> int main() { alarm(7); sleep(9); return 0; } run : terminates because no handler exist for SIGALRM after handle SIGALRM nopass, the program exits normally handle SIGALRM nopass handle SIGALRM stop info signals Young W. Lim GDB Tutorial 2016-02-19 Fri 23 / 24

TTTT Young W. Lim GDB Tutorial 2016-02-19 Fri 24 / 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback