Develop Reference

GDB attach problems with /sysdeps/unix/sysv/linux/

Hi I had a little question.
I've been trying for hours to find a solution but I just do not get on.
I would like to use the gdb.attach function via pwntools.
But whenever I call this function also opens the gdb with the executable and also waits pwntools then on the gdb gives a feedback.
But in the GDB window goes then below only:
0x00007fbf014828be in __GI___libc_read (fd=0x0, buf=0x56139a7ee370, nbytes=0x1) at ../sysdeps/unix/sysv/linux/read.c:26
26 ../sysdeps/unix/sysv/linux/read.c: File or directory not found.
Breakpoint 1 at 0x7fbf0145f140: file ../sysdeps/unix/syscall-template.S, line 120.
When I use the gdb.debug function I have no problems but unfortunately I also need the gdb.attach function.
This is the test code I use:
from pwn import*
p = process('bash')
gdb.attach(p,
'''
directory /home/pentester/Downloads/glibc-2.32/
set follow-fork-mode child
break execve
continue
''')
p.interactiv()
I have already downloaded the glibc sources but I don't know where to put them exactly.
I had them in the sources in the gdbinit reingepackt but unfortunately the problem is still there :(
Does one of you maybe have an idea how I can get the whole thing running?
Edit:
What I forgot to say is that the debugger seems to hang and pwntools searches in vain for the gdb.

Invocation message while running gdb

Why does it give me this when i try to run in gdb ?
(gdb) run
Starting program: /home//Cfile/./ginr
Invocation: /home/Cfile/./ginr <test case file> <results file> [-repeat]
[Inferior 1 (process 3615) exited with code 01]
Missing separate debuginfos, use: debuginfo-install glibc-2.17-222.el7.x86_64

That looks like a message from the program itself. If you try to run /home/Cfile/./ginr in a terminal without arguments you probably get the same results.
You need to provide arguments when running the program, which is done almost the same inside gdb:
(gdb) run test_case_file result_File

You need to install the debuginfo package. How you do that depends on your OS, which you haven't listed here, which would have made your question much clearer and much easier to answer.
Furthermore - this would be easily discovered with a simple google search, so you should try that before putting a question up here. The key was to search for the error message at the bottom "Missing separate debuginfos" which, incidentally, isn't really an 'invocation error'. If you searched for that and didn't actually find an answer, it would probably have made sense to include some portion of that error in your question title. Welcome to SO!

How to stop GDB stepping in to system calls? [duplicate]

I have some C++ code like this that I'm stepping through with GDB:
void foo(int num) { ... }
void main() {
Baz baz;
foo (baz.get());
}
When I'm in main(), I want to step into foo(), but I want to step over baz.get().
The GDB docs say that "the step command only enters a function if there is line number information for the function", so I'd be happy if I could remove the line number information for baz.get() from my executable. But ideally, I'd be able to tell GDB "never step into any function in the Baz class".
Does anyone know how to do this?

Starting with GDB 7.4, skip can be used.
Run info skip, or check out the manual for details: https://sourceware.org/gdb/onlinedocs/gdb/Skipping-Over-Functions-and-Files.html

Instead of choosing to "step", you can use the "until" command to usually behave in the way that you desire:
(gdb) until foo
I don't know of any way to permanently configure gdb to skip certain symbols (aside from eliding their debugging information).
Edit: actually, the GDB documentation states that you can't use until to jump to locations that aren't in the same frame. I don't think this is true, but in the event that it is, you can use advance for the same purpose:
(gdb) advance foo
Page 85 of the GDB manual defines what can be used as "location" arguments for commands that take them. Just putting "foo" will make it look for a function named foo, so as long as it can find it, you should be fine. Alternatively you're stuck typing things like the filename:linenum for foo, in which case you might just be better off setting a breakpoint on foo and using continue to advance to it.

(I think this might be better suited as a comment rather than an answer, but I don't have enough reputation to add a comment yet.)
So I've also been wanting to ignore STL, Boost, et al (collectively '3rd Party') files when debugging for a while. Yesterday I finally decided to look for a solution and it seems the nearest capability is the 'skip' command in GDB.
I found the 'skip' ability in GDB to be helpful, but it's still a nuisance for me because my program uses a lot of STL and other "3rd Party" template code. In this case I have to mark a bunch of files as skip. After the 2nd time doing so I realized it would be more helpful to be able to skip an entire directory--and most helpful to skip a directory and all subdirectories. That way I can skip, for example, /usr since none of my code lives there and I typically have no interest in debugging through 3rd party code. So I extended the 'skip' command in gdb to support a new type 'dir'. I can now do this in gdb:
skip dir /usr
and then I'm never stopped in any of my 3rd party headers.
Here's a webpage w/ this info + the patch if it helps anyone: info & patch to skip directories in GDB

It appears that this isn't possible in GDB. I've filed a bug.

Meanwhile, gdb has the skip function command. Just execute it when you are inside the uninteresting function and it will not bother you again.
skip file is also very useful to get rid of the STL internals.
As Justin has said, it has been added in gdb 7.4. For more details, take a look at the documentation.

gdb step debugging a C program

Consider a case where a function has 10 lines of code and you are doing a step debugging via GDB and are on line six.
You realize that function call at line 4 did some goof up due to which you are at line 5.
Assuming that line 4 function call does not do anything drastic (mem free, etc) you wish to make your SP point # line 4 and step into that func without re-running that test case.
I have been able to do it by doing registry modification.
What I wanted to know, are there some gdb commands which can help me achieve the above without manual registry mod.
Thanks,

Use jump command as described here.

Just set a breakpoint on the line you need (using the break command) and jump to it (using the jump command).

If I understand correctly, you want to "step back". This is supported by GDB since version 7. See manual, tutorial or related Stackoverflow topic.

Compiling real mode asm (rootkit.arsenal)

Im stuck on compiling the tsr.asm code provided in the book rootkit arsenal.
I installed open watcom on a XP maschine and the first asm listing was compiled well.
When compiling, it throws the error: "multiple starting address found" (nothing found on google). Can anyone confirm that this code is compilable, and how?
Im thankful for any suggestions.

When you're writing some code, there is a particular address where the execution is to begin (the main function in C for example), but in your code there are more than one starting address, and it crashes when compiling. But without seeing the code I can't tell you more.

Sorry for the late answer, but I was searching for an answer to this and just figured it out - hopefully it'll help someone else Googling around for an answer.
Since you're using OpenWatcom (I'm using version 1.9), I'll assume that you have tsr.asm in its own OpenWatcom 16-bit DOS COM project. In the IDE, go to Targets -> Target Options -> Linker Switches. In the window that appears, select "2. Import, Export and Library Switches" from the drop-down at the top and remove the cstart_t entry under "Library files(,): [libf]".
Recompile, and your TSR COM file should be generated.