I wish to jump to a line, either in same context, or outside the function. I've got a "test.c"
1
2 #include<stdio.h>
3 void fa(int c)
4 {
5 printf("begin\n");/*I break here*/
6 printf("%d\n",c); /*I wish to jump 1 line here*/
7 }
8 void fb(){}
9
10 int main(){
11 int b=1;
12 int i=2;
13 fa('a');
14 fb(); /*I also want to jump here*/
15 return 0;
16 }
Then compiled it with gcc test.c -g and run it using gdb a.out.
gdb a.out
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.04) 7.11.1
...
(gdb) b 5
Breakpoint 1 at 0x400571: file test.c, line 5.
(gdb) r
Starting program: /home/Troskyvs/a.out
Breakpoint 1, fa (c=97) at test.c:5
5 printf("begin\n");
(gdb) j 6
Continuing at 0x40057b.
97 # This line is odd!
[Inferior 1 (process 6583) exited normally]
(gdb) f
No stack. # Why it doesn't print line 6 source code
(gdb) j 14
The program is not being run.
# What happen here?
I also tried "jump +1" and "jump +14". Same result, don't work.
How "jump" could work in my way?
Well, it's doing what you asked it to do. It
jumped to line 6
executed the code printf("%d\n",c);, printed the value (97). See here to know why the value is 97
continued the execution, finished it. Proof
[Inferior 1 (process 6583) exited normally]
So, your program is over already. It's no longer running.
FWIW, if you want to stop/interrupt the normal the execution again, you have to set more that one break point after the jump destination to make it wait.
Related
I'm trying to debug a program with gdb and when I set a breakpoint and continue on the strcpy() function. I get the following response:
frinto#kali:~/Documents/theclang/programs/helloworld$ gcc -fno-builtin -m32 -g -o char_array char_array.c
frinto#kali:~/Documents/theclang/programs/helloworld$ ls
a.out char_array char_array.c firstprog.c helloworld.c
frinto#kali:~/Documents/theclang/programs/helloworld$ ./char_array
Hello, world!
frinto#kali:~/Documents/theclang/programs/helloworld$ gdb -q char_array
Reading symbols from char_array...done.
(gdb) list
1 #include <stdio.h>
2 #include <string.h>
3
4 int main() {
5 char str_a[20];
6
7 strcpy(str_a, "Hello, world!\n");
8 printf(str_a);
9 }
(gdb) break 6
Breakpoint 1 at 0x11c6: file char_array.c, line 6.
(gdb) break strcpy
Breakpoint 2 at 0x1040
(gdb) break 8
Breakpoint 3 at 0x11dc: file char_array.c, line 8.
(gdb) run
Starting program: /home/frinto/Documents/theclang/programs/helloworld/char_array
Breakpoint 1, main () at char_array.c:7
7 strcpy(str_a, "Hello, world!\n");
(gdb) cont
Continuing.
Breakpoint 2, strcpy_ifunc () at ../sysdeps/i386/i686/multiarch/strcpy.c:29
29 ../sysdeps/i386/i686/multiarch/strcpy.c: No such file or directory.
(gdb)
I'm on Kali 2.0 and I've installed:
libc6-dbg and libc6-dbg:i386
If it isn't obvious already, I want to get rid of this error message:
../sysdeps/i386/i686/multiarch/strcpy.c: No such file or directory
Thanks in advance for any help!
I want to get rid of this error message:
This isn't an error. GDB is telling you that you've stopped in strcpy_ifunc function (see this description of what IFUNCs are), which is defined in ../sysdeps/i386/i686/multiarch/strcpy.c source file, and that GDB doesn't know how to find that file on the filesystem (and thus can't show you the source of strcpy_ifunc).
The best way to fix this is to tell GDB where to find this source. See (gdb) help directory.
Of course for this to work, you actually need the GLIBC sources. I don't know whether Kali packages sources into libc6-dbg:i386 or not, you may have to install a separate glibc-source package.
I'm doing a bit of reading about gdb, and I'm having trouble getting gdb (I'm running 7.11.1) to debug a function from a library.
The sample code used to learn about the debugger is quite simple:
#include <stdio.h>
#include <string.h>
int main() {
char str_a[20];
strcpy(str_a, "Hello, world!\n");
printf(str_a);
}
I compiled it with debugging symbols enabled, fired up GDB, and set some breakpoints:
(gdb) list
1 #include <stdio.h>
2 #include <string.h>
3
4 int main() {
5 char str_a[20];
6
7 strcpy(str_a, "Hello, world!\n");
8 printf(str_a);
9 }
(gdb) break 7
Breakpoint 1 at 0x4005ad: file char_array2.c, line 7.
(gdb) break strcpy
Function "strcpy" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 2 (strcpy) pending.
(gdb) break 8
Breakpoint 3 at 0x4005cf: file char_array2.c, line 8.
(gdb) run
Starting program: /home/david/hacking_the_art_of_exploitation/Chapter_2/char_array2
Breakpoint 1, main () at char_array2.c:7
7 strcpy(str_a, "Hello, world!\n");
(gdb) continue
Continuing.
Breakpoint 3, main () at char_array2.c:8
8 printf(str_a);
(gdb) continue
Continuing.
Hello, world!
[Inferior 1 (process 7061) exited normally]
As you can see, the debugger never descends into the strcpy function.
I've tried adding set stop-on-solib-events 1 to my .gdbinit. This leads to different but still undesirable results:
(gdb) run
Starting program: /home/david/hacking_the_art_of_exploitation/Chapter_2/char_array2
Stopped due to shared library event (no libraries added or removed)
I'm at a bit of a loss here. Thanks in advance for any help.
I believe you need the libc-dbg package and the libc source package for debugging a libc function. On Ubuntu you can install it via
sudo apt-get install libc6-dbg
mkdir ~/libc ; cd ~/libc
apt-get source libc6
I was debugging my program, then the last line happened, how can I fix it? I used the -fno-builtin to have a look at the strcpy() but it shows that the __strcpy_sse2_unaligned is getting called.
root#19:~/booksrc# gcc -fno-builtin -g char_array2.c
root#19:~/booksrc# gdb -q ./a.out
Reading symbols from ./a.out...done.
(gdb) list
1 #include <stdio.h>
2 #include <string.h>
3
4 int main() {
5 char str_a[20];
6
7 strcpy(str_a, "Hello World!\n");
8 printf(str_a);
9 }
(gdb) break 6
Breakpoint 1 at 0x708: file char_array2.c, line 6.
(gdb) break strcpy
Breakpoint 2 at 0x5a0
(gdb) break 8
Breakpoint 3 at 0x71b: file char_array2.c, line 8.
(gdb) run
Starting program: /root/booksrc/a.out
Breakpoint 1, main () at char_array2.c:7
7 strcpy(str_a, "Hello World!\n");
(gdb) cont
Continuing.
Breakpoint 2, __strcpy_sse2_unaligned ()
at ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:47
47 ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S: No such file or directory.
__strcpy_sse2_unaligned is the implementation of strcpy which is used on your machine. glibc automatically chooses an optimized implementation based on CPU characteristics, using an IFUNC resolver.
This does not have to do anything with GCC and GCC built-ins. GCC emits a call to strcpy. It is just that glibc happens to call the function which it __strcpy_sse2_unaligned.
I was tring to use "reverse-step" and "reverse-next" command inside gdb. Stack overflow tells me that I should run "target record-full" in the execution context where I wish to "rn" and "rs". But some weird error happened:
1
2 #include<stdio.h>
3 int i=0;
4 void fa()
5 {
6 ++i;
7 printf("%d\n",i);
8 ++i;
9 }
10 int main(){
11 fa();
12 return 0;
13 }
I compile and run this program:
(gdb) b 4
Breakpoint 1 at 0x40052a: file test02.c, line 4.
(gdb) r
Starting program: /home/Troskyvs/a.out
Breakpoint 1, fa () at test02.c:6
6 ++i;
(gdb) target record-full
(gdb) n
7 printf("%d\n",i);
(gdb) n # Error happens here!
Process record does not support instruction 0xc5 at address 0x7ffff7dee6e7.
Process record: failed to record execution log.
Program stopped.
_dl_runtime_resolve_avx () at ../sysdeps/x86_64/dl-trampoline.h:81
81 ../sysdeps/x86_64/dl-trampoline.h: No such file or directory.
Well if I don't run "target record-full", then the 2nd "n" will be OK and run to next line. I don't quite get the error information here.
Is it related to "target record-full"? How can I conquor it?
I tried another approach:
(gdb) set exec-direction reverse
(gdb) n
No more reverse-execution history.
fa () at test02.c:7
7 printf("%d\n",i);
(gdb) n
No more reverse-execution history.
fa () at test02.c:7
7 printf("%d\n",i);
(gdb) n
Well, it doesn't work
AVX is not supported as of GDB 7.11.1
The underlying problem seems to be that AVX instructions are not currently supported, but glibc uses them on Ubuntu 16.04 64-bit:
gdb reverse debugging avx2
https://sourceware.org/ml/gdb/2016-08/msg00028.html
rr is an awesome working alternative: https://github.com/mozilla/rr Here is a minimal working example: Setting breakpoint in GDB where the function returns
Actually for the simple case you have, a record-full should work if you add the parameter "-static" to your gcc compilation command.
This question already has answers here:
Can't step into string.h function with GDB
(3 answers)
Closed 6 years ago.
Please look at the command line below. I set two breakpoints: one on strcpy and the other on printf. Why did it skip breakpoint 1?
root#ninja:~/Desktop/Programs# gcc -g -o exp exp.c
root#ninja:~/Desktop/Programs# gdb -q exp
Reading symbols from /root/Desktop/Programs/exp...done.
(gdb) list
1 #include <stdio.h>
2 #include <string.h>
3
4 int main() {
5 char str_a[20];
6
7 strcpy(str_a, "Hello world!\n");
8 printf(str_a);
9 }
(gdb) break strcpy
Function "strcpy" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (strcpy) pending.
(gdb) break printf
Breakpoint 2 at 0x8048300
(gdb) run
Starting program: /root/Desktop/Programs/exp
Breakpoint 2, 0xb7eabf54 in printf () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
(gdb) i r eip
eip 0xb7eabf54 0xb7eabf54 <printf+4>
(gdb) cont
Continuing.
Hello world!
[Inferior 1 (process 3726) exited with code 015]
The first breakpoint is pending.
(gdb) break strcpy
Function "strcpy" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (strcpy) pending. <<here
try: (gdb) break 7
7 being the line number.