flat assembler
Message board for the users of flat assembler.
Index
> Linux > GDB Goto page 1, 2 Next |
Author |
|
Feryno 30 Nov 2024, 15:37
try incompile the instruction int3 at the entrypoint and rerun again
i wrote a small debugger for linux which analyzes the executable and puts temporary breakpoint at the entrypoint, there are also samples how to include symbols in the executable, maybe gdb will recognize the symbols too? |
|||
30 Nov 2024, 15:37 |
|
revolution 30 Nov 2024, 15:58
Yeah, GDB doesn't "just work", it has to be tricked into doing anything useful.
If I have the source code to the target then I could add int3 and things, but for other programs where source code isn't available such tricks are not so readily doable. Last edited by revolution on 30 Nov 2024, 23:16; edited 1 time in total |
|||
30 Nov 2024, 15:58 |
|
macomics 30 Nov 2024, 19:16
try
Code: x /25i $pc Code: $ gdb -q ./fasm Reading symbols from ./fasm... (No debugging symbols found in ./fasm) (gdb) shell readelf -h ./fasm Заголовок ELF: Magic: 7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00 Класс: ELF32 Данные: дополнение до 2, от младшего к старшему Version: 1 (current) OS/ABI: UNIX - GNU Версия ABI: 0 Тип: EXEC (Исполняемый файл) Машина: Intel 80386 Версия: 0x1 Адрес точки входа: 0x8048074 Начало заголовков программы: 52 (байт в файле) Начало заголовков раздела: 0 (байт в файле) Флаги: 0x0 Size of this header: 52 (bytes) Size of program headers: 32 (bytes) Number of program headers: 2 Size of section headers: 40 (bytes) Number of section headers: 0 Section header string table index: 0 (gdb) break *0x8048074 Breakpoint 1 at 0x8048074 (gdb) run Starting program: /home/macomics/PRJ/fasm1/fasml17332/source/Linux/fasm Breakpoint 1, 0x08048074 in ?? () (gdb) x /25i $pc => 0x8048074: mov DWORD PTR ds:0x80637a3,0x1 0x804807e: mov esi,0x804885b 0x8048083: call 0x804853b 0x8048088: mov DWORD PTR ds:0x8063787,esp 0x804808e: mov ecx,DWORD PTR [esp] 0x8048091: lea ebx,[esp+ecx*4+0x8] 0x8048095: mov DWORD PTR ds:0x8063793,ebx 0x804809b: call 0x80481d7 0x80480a0: jb 0x80481c6 0x80480a6: call 0x80483a4 0x80480ab: mov esi,0x804899c 0x80480b0: call 0x804853b 0x80480b5: mov eax,ds:0x8063270 0x80480ba: sub eax,DWORD PTR ds:0x806326c 0x80480c0: add eax,DWORD PTR ds:0x8063278 0x80480c6: sub eax,DWORD PTR ds:0x8063274 0x80480cc: shr eax,0xa 0x80480cf: call 0x804857d 0x80480d4: mov esi,0x80489a0 0x80480d9: call 0x804853b 0x80480de: mov eax,0x4e 0x80480e3: mov ebx,0x80647ae 0x80480e8: xor ecx,ecx 0x80480ea: int 0x80 0x80480ec: mov eax,ds:0x80647ae (gdb) info registers eax 0x0 0 ecx 0x0 0 edx 0x0 0 ebx 0x0 0 esp 0xffffc7d0 0xffffc7d0 ebp 0x0 0x0 esi 0x0 0 edi 0x0 0 eip 0x8048074 0x8048074 eflags 0x202 [ IF ] cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x0 0 k0 0x0 0 k1 0x0 0 k2 0x0 0 k3 0x0 0 k4 0x0 0 k5 0x0 0 k6 0x0 0 k7 0x0 0 (gdb) c Continuing. flat assembler version 1.73.32 usage: fasm <source> [output] optional settings: -m <limit> set the limit in kilobytes for the available memory -p <limit> set the maximum allowed number of passes -d <name>=<value> define symbolic variable -s <file> dump symbolic information for debugging [Inferior 1 (process 4759) exited with code 01] Add to '~/.gdbinit' Code: define showpc x /25i $pc end define vstep step showpc end define vstepi stepi showpc end define vnext next showpc end define vnexti nexti showpc end |
|||
30 Nov 2024, 19:16 |
|
AsmGuru62 30 Nov 2024, 19:48
In 2022 I coded a program for Linux, maybe 600 lines or so.
I had to use printf() for debugging. Good times. Like the 1950s. It worked -- my printouts located few bugs. |
|||
30 Nov 2024, 19:48 |
|
Furs 30 Nov 2024, 21:20
AsmGuru62 wrote: In 2022 I coded a program for Linux, maybe 600 lines or so. |
|||
30 Nov 2024, 21:20 |
|
AsmGuru62 30 Nov 2024, 22:57
Nothing is wrong with printf logs. Worked well for me.
It is just the debuggers, like OllyDbg are not on stage in Linux. It is OK. No problem, I would code for Linux again. |
|||
30 Nov 2024, 22:57 |
|
MatQuasar3 01 Dec 2024, 12:22
So the point here is use "break" command.
|
|||||||||||||||||||
01 Dec 2024, 12:22 |
|
MatQuasar3 01 Dec 2024, 12:24
[quote="macomics"]try
Code: x /25i $pc Thanks.
|
||||||||||
01 Dec 2024, 12:24 |
|
revolution 01 Dec 2024, 12:36
The output from macomics shows Intel syntax.
The output from MatQuasar3 shows AT&T syntax. Why the difference? |
|||
01 Dec 2024, 12:36 |
|
macomics 01 Dec 2024, 13:05
revolution wrote: Why the difference? Code: set disassembly-flavor intel |
|||
01 Dec 2024, 13:05 |
|
MatQuasar3 01 Dec 2024, 13:20
Thanks macomics, and thanks revolution for your good eyes.
The .gdbinit looks like a configuration file, which is permanent setting.
|
||||||||||
01 Dec 2024, 13:20 |
|
macomics 01 Dec 2024, 13:49
Code: $ gdb -q ./fasm Reading symbols from ./fasm... (No debugging symbols found in ./fasm) (gdb) shell readelf -h ./fasm Заголовок ELF: Magic: 7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00 Класс: ELF32 Данные: дополнение до 2, от младшего к старшему Version: 1 (current) OS/ABI: UNIX - GNU Версия ABI: 0 Тип: EXEC (Исполняемый файл) Машина: Intel 80386 Версия: 0x1 Адрес точки входа: 0x8048074 Начало заголовков программы: 52 (байт в файле) Начало заголовков раздела: 0 (байт в файле) Флаги: 0x0 Size of this header: 52 (bytes) Size of program headers: 32 (bytes) Number of program headers: 2 Size of section headers: 40 (bytes) Number of section headers: 0 Section header string table index: 0 (gdb) info registers The program has no registers now. (gdb) frame No stack. (gdb) disassemble No frame selected. (gdb) x /25i $pc No registers. (gdb) break *0x8048074 Breakpoint 1 at 0x8048074 (gdb) run Starting program: /home/macomics/PRJ/fasm1/fasml17332/source/Linux/fasm Breakpoint 1, 0x08048074 in ?? () (gdb) info registers eax 0x0 0 ecx 0x0 0 edx 0x0 0 ebx 0x0 0 esp 0xffffc7d0 0xffffc7d0 ebp 0x0 0x0 esi 0x0 0 edi 0x0 0 eip 0x8048074 0x8048074 eflags 0x202 [ IF ] cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x0 0 k0 0x0 0 k1 0x0 0 k2 0x0 0 k3 0x0 0 k4 0x0 0 k5 0x0 0 k6 0x0 0 k7 0x0 0 (gdb) disassemble No function contains program counter for selected frame. (gdb) frame #0 0x08048074 in ?? () (gdb) x /25i $pc => 0x8048074: mov DWORD PTR ds:0x80637a3,0x1 0x804807e: mov esi,0x804885b 0x8048083: call 0x804853b 0x8048088: mov DWORD PTR ds:0x8063787,esp 0x804808e: mov ecx,DWORD PTR [esp] 0x8048091: lea ebx,[esp+ecx*4+0x8] 0x8048095: mov DWORD PTR ds:0x8063793,ebx 0x804809b: call 0x80481d7 0x80480a0: jb 0x80481c6 0x80480a6: call 0x80483a4 0x80480ab: mov esi,0x804899c 0x80480b0: call 0x804853b 0x80480b5: mov eax,ds:0x8063270 0x80480ba: sub eax,DWORD PTR ds:0x806326c 0x80480c0: add eax,DWORD PTR ds:0x8063278 0x80480c6: sub eax,DWORD PTR ds:0x8063274 0x80480cc: shr eax,0xa 0x80480cf: call 0x804857d 0x80480d4: mov esi,0x80489a0 0x80480d9: call 0x804853b 0x80480de: mov eax,0x4e 0x80480e3: mov ebx,0x80647ae 0x80480e8: xor ecx,ecx 0x80480ea: int 0x80 0x80480ec: mov eax,ds:0x80647ae (gdb) continue Continuing. flat assembler version 1.73.32 usage: fasm <source> [output] optional settings: -m <limit> set the limit in kilobytes for the available memory -p <limit> set the maximum allowed number of passes -d <name>=<value> define symbolic variable -s <file> dump symbolic information for debugging [Inferior 1 (process 20803) exited with code 01] |
|||
01 Dec 2024, 13:49 |
|
MatQuasar3 02 Dec 2024, 12:05
AsmGuru62 wrote: In 2022 I coded a program for Linux, maybe 600 lines or so. 600 lines is quite a lot. My longest Linux FASM program is only about 450 lines. And a Linux hexdump file utility can be just 200 lines. |
|||
02 Dec 2024, 12:05 |
|
revolution 02 Dec 2024, 12:29
So the "best" so far is this long line?
Code: ~ gdb -q -ex "break *$(readelf -h helloworld | grep Entry | awk '{print $4}')" -ex run -ex 'set disassembly-flavor intel' -ex 'x /2i $pc' helloworld Reading symbols from helloworld...(no debugging symbols found)...done. Breakpoint 1 at 0x100000085 Starting program: /home/revolution/helloworld Breakpoint 1, 0x0000000100000085 in ?? () => 0x100000085: mov eax,0x1 0x10000008a: mov edi,0x1 (gdb) nexti 0x000000010000008a in ?? () (gdb) |
|||
02 Dec 2024, 12:29 |
|
macomics 02 Dec 2024, 13:11
revolution wrote: nexti is too much to type to execute a single instruction IMO. Can it be set for F8 and not wait for Enter? |
|||
02 Dec 2024, 13:11 |
|
MatQuasar3 02 Dec 2024, 13:39
revolution wrote:
You can also use "ni" for "nexti" and "si" for "stepi". |
|||
02 Dec 2024, 13:39 |
|
MatQuasar3 02 Dec 2024, 13:51
"b" for break, "r" for run, "i r" for info registers, "c" for continue, those are abbreviation.
|
|||
02 Dec 2024, 13:51 |
|
macomics 02 Dec 2024, 14:33
macomics wrote:
revolution wrote: nexti is too much to type to execute a single instruction IMO. Can it be set for F7 and not wait for Enter? |
|||
02 Dec 2024, 14:33 |
|
revolution 02 Dec 2024, 15:42
Any mapping would be good. Ability to map F1-F12 to anything I choose.
|
|||
02 Dec 2024, 15:42 |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.