I am faced with a situation wherein I have process X executing a
a command ( say /bin/ls ). as soon as the process X executes the command ls
I want to put a breakpoint in a function in ls.
Is there any way to do this ?
An easy solution may be to wrap the binary in question (that is called by process X) in a small shell script that starts the process in a debug session and applies pre-configured breakpoints as well.
I can think of two ways to do it.
Simplest is to set follow-fork-mode child whenever new new client process is created GDB will debug the child. However with this mode you will not be able to debug the parent process any more.
In the child process (ls mentioned above) add some code to wait for a signal say SIGCONT at the very beginning. Whenever child process is created attach GDB (new GDB instance) to it with its PID of child process, issue the singnal SIGCONT to continue.
You can use catch exec [1] to stop on exec calls:
(gdb) catch exec
Catchpoint 1 (exec)
(gdb) r
Starting program: /tmp/a.out
process 7544 is executing new program: /bin/ls
Catchpoint 1 (exec'd /bin/ls), 0x00007ffff7ddfaf0 in _start () from /lib64/ld-linux-x86-64.so.2
Then you can do whatever you want with the new process. See also the link in the comment by dbrank0 for various fork-related options.
Related
Currently debugging a tcsh like remake, I used :
set follow-fork-mode child
to follow a child program after fork but reaching the execve system call GDB exit and I got the following message :
process 11217 is executing new program: /usr/bin/cat
zsh: suspended (tty output) gdb ./mysh
How can I prevent that ?
Thanks you in advance !
Looks like the child got suspended?
You can let the child run with:
set detach-on-fork on
This is the default. You can check with show detach-on-fork whether it's been turned off (perhaps via .gdbinit?).
To follow the exec'ed process, you can use:
set follow-exec-mode new
You can also switch between multiple processes using inferior. First get inferior numbers via:
info inferiors
Then to switch:
inferior <num>
I am newbie to UNIX programs. I have encountered a situation wherein I have to issue commands to gdb from my C program. I have a C program which invokes another C program by forking a new child process. I need to debug this child C program and hence, I used system command to call gdb process on this C program. But I get a gdb prompt which I do not want. I want to issue commands to the gdb from my parent C program. Is there a way to issue commands to gdb from a C program ?
Please reply.
Thanks a lot.
Esash
If you need to debug the child process, you don't necessarily need to invoke the child with GDB when you fork+exec. As long as you have the PID of the child process, you can use the "attach" command in GDB to attach to the running child process. Basically, you would start GDB like:
$ gdb
(gdb) attach pid-of-child
In the above, replace pid-of-child with the PID of the child process, and there you go, you can debug the child process from interactive GDB, without the parent process needing to deal with GDB at all.
There are several ways to "drive" GDB programmatically.
If you just want to issue one command, e.g. to find out why the child crashed, you can do something like this:
gdb --batch -ex where /path/to/child <pid-of-child>
If there are more commands then you are willing to put on command line, you could write them to a temporary file, and ask gdb to execute them:
gdb --batch -x /path/to/commandfile /path/to/child <pid-of-child>
Neither of the above allows you to perform programmatic (if ... then do-something-in-gdb else do-something-else-in-gdb) control.
For that you may want to either exercise GDB's machine interface (MI), or use the embedded Python interpreter.
Theres also the follow on fork gdb option. This will attach to the child process immediately.
set follow-fork-mode mode
so,
set follow-fork-mode child
when I use linux console to develop, I use gdb to trace the program's behavior, Always the console print "Detaching after fork from child process 15***." can any body help to explain the sentence in quotation mark? How and Who will do What jobs after Detaching from child process? Thanks first:)
When GDB is debugging a particular process, and the process forks off a child process, GDB can only follow one of the two processes, so it must detach (stop following) the other. This line informs you of this selective detachment. The child process will run without being debugged by GDB.
You can select which process to follow using the set follow-fork-mode command. Use set follow-fork-mode child to follow child processes, and set follow-fork-mode parent to return to the default behavior. For more details, see this page on the Apple development website.
I have to retrieve process status(whether process is running or stopped) whose procees id is given from my c program(i am using linux). i planned to use exec command
and written below statement
execv("ps -el|grep |awk '{print $2}'",NULL);
But it is not giving me desired output.
Please let me know where i am wrong.
The third field in /proc/<pid>/stat contains the process status: R if it's Running, S if it's Sleeping (there's a few others too, like D for Disk Wait and Z for Zombie).
The exec call returns the error code corresponding to whether the execution of the program was successful or not.
If you fork a child process and then exec the command in the child process, you can read the its exit status in the parent process using the waitpid call.
I doubt exec is the family of calls you require here. system(3) might be more ideal.
In general i see the process's pid which is running in the background and start dbx on that process using the command dbx -a <pid>
similarly how could i do it using gdb?
In addition to the previous you can directly use
gdb -p <pid>
There are two ways.
From the command line, include the pid as an argument after the executable name:
gdb /path/to/prog PID
From within gdb, you can use the attach command:
gdb /path/to/prog
gdb> attach PID
While the specifying on the command line is more concise, there is a slight risk that if you have a core file that has a name that is the same as the pid (i.e. for pid 2345, the core file would have to be named "2345") then gdb will open the core file. Admittedly, the chance of this happening is minuscule.
From the gdb man page:
You can, instead, specify a process ID as a second argument, if you want to debug a running process:
gdb program 1234