flat assembler
Message board for the users of flat assembler.

Index > Linux > GDB

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 30 Nov 2024, 13:19
I tried to use GDB.
Code:
~ gdb ./helloworld
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./helloworld...(no debugging symbols found)...done.    
Not sure if the complaint about no symbols is a problem or not. But let's keep going anyway.
Code:
(gdb) start
No symbol table loaded.  Use the "file" command.    
I guess the symbol thing is a problem after all. Let's try the suggestion.
Code:
(gdb) file ./helloworld
Reading symbols from ./helloworld...(no debugging symbols found)...done.    
That didn't help. But let's look at what we have.
Code:
(gdb) disassemble
No frame selected.    
No luck there. What is our frame?
Code:
(gdb) frame
No stack.    
Let's try the registers
Code:
(gdb) info registers
The program has no registers now.    
No help there either. Can it run?
Code:
(gdb) run
Starting program: /home/revolution/helloworld
Hello, world!
[Inferior 1 (process 1276) exited normally]    
At least it can run. But we have no way to debug it, examine it, or know anything about it. It just runs blind. So I gave up.
Code:
(gdb) quit

~    
Not very intuitive. If GDB can actually debug a program then it doesn't make it obvious how to do it.
Post 30 Nov 2024, 13:19
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 514
Location: Czech republic, Slovak republic
Feryno 30 Nov 2024, 15:37
try incompile the instruction int3 at the entrypoint and rerun again
i wrote a small debugger for linux which analyzes the executable and puts temporary breakpoint at the entrypoint, there are also samples how to include symbols in the executable, maybe gdb will recognize the symbols too?
Post 30 Nov 2024, 15:37
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 30 Nov 2024, 15:58
Yeah, GDB doesn't "just work", it has to be tricked into doing anything useful.

If I have the source code to the target then I could add int3 and things, but for other programs where source code isn't available such tricks are not so readily doable.


Last edited by revolution on 30 Nov 2024, 23:16; edited 1 time in total
Post 30 Nov 2024, 15:58
View user's profile Send private message Visit poster's website Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 1041
Location: Russia
macomics 30 Nov 2024, 19:16
try
Code:
x /25i $pc    


Code:
$ gdb -q ./fasm
Reading symbols from ./fasm...
(No debugging symbols found in ./fasm)
(gdb) shell readelf -h ./fasm
Заголовок ELF:
  Magic:   7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00 
  Класс:                             ELF32
  Данные:                            дополнение до 2, от младшего к старшему
  Version:                           1 (current)
  OS/ABI:                            UNIX - GNU
  Версия ABI:                        0
  Тип:                               EXEC (Исполняемый файл)
  Машина:                            Intel 80386
  Версия:                            0x1
  Адрес точки входа:                 0x8048074
  Начало заголовков программы:       52 (байт в файле)
  Начало заголовков раздела:         0 (байт в файле)
  Флаги:                             0x0
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         2
  Size of section headers:           40 (bytes)
  Number of section headers:         0
  Section header string table index: 0
(gdb) break *0x8048074
Breakpoint 1 at 0x8048074
(gdb) run
Starting program: /home/macomics/PRJ/fasm1/fasml17332/source/Linux/fasm 

Breakpoint 1, 0x08048074 in ?? ()
(gdb) x /25i $pc
=> 0x8048074:   mov    DWORD PTR ds:0x80637a3,0x1
   0x804807e:   mov    esi,0x804885b
   0x8048083:   call   0x804853b
   0x8048088:   mov    DWORD PTR ds:0x8063787,esp
   0x804808e:   mov    ecx,DWORD PTR [esp]
   0x8048091:   lea    ebx,[esp+ecx*4+0x8]
   0x8048095:   mov    DWORD PTR ds:0x8063793,ebx
   0x804809b:   call   0x80481d7
   0x80480a0:   jb     0x80481c6
   0x80480a6:   call   0x80483a4
   0x80480ab:   mov    esi,0x804899c
   0x80480b0:   call   0x804853b
   0x80480b5:   mov    eax,ds:0x8063270
   0x80480ba:   sub    eax,DWORD PTR ds:0x806326c
   0x80480c0:   add    eax,DWORD PTR ds:0x8063278
   0x80480c6:   sub    eax,DWORD PTR ds:0x8063274
   0x80480cc:   shr    eax,0xa
   0x80480cf:   call   0x804857d
   0x80480d4:   mov    esi,0x80489a0
   0x80480d9:   call   0x804853b
   0x80480de:   mov    eax,0x4e
   0x80480e3:   mov    ebx,0x80647ae
   0x80480e8:   xor    ecx,ecx
   0x80480ea:   int    0x80
   0x80480ec:   mov    eax,ds:0x80647ae
(gdb) info registers
eax            0x0                 0
ecx            0x0                 0
edx            0x0                 0
ebx            0x0                 0
esp            0xffffc7d0          0xffffc7d0
ebp            0x0                 0x0
esi            0x0                 0
edi            0x0                 0
eip            0x8048074           0x8048074
eflags         0x202               [ IF ]
cs             0x23                35
ss             0x2b                43
ds             0x2b                43
es             0x2b                43
fs             0x0                 0
gs             0x0                 0
k0             0x0                 0
k1             0x0                 0
k2             0x0                 0
k3             0x0                 0
k4             0x0                 0
k5             0x0                 0
k6             0x0                 0
k7             0x0                 0
(gdb) c
Continuing.
flat assembler  version 1.73.32
usage: fasm <source> [output]
optional settings:
 -m <limit>         set the limit in kilobytes for the available memory
 -p <limit>         set the maximum allowed number of passes
 -d <name>=<value>  define symbolic variable
 -s <file>          dump symbolic information for debugging
[Inferior 1 (process 4759) exited with code 01]    

Add to '~/.gdbinit'
Code:
define showpc
x /25i $pc
end
define vstep
step
showpc
end
define vstepi
stepi
showpc
end
define vnext
next
showpc
end
define vnexti
nexti
showpc
end    
Post 30 Nov 2024, 19:16
View user's profile Send private message Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1671
Location: Toronto, Canada
AsmGuru62 30 Nov 2024, 19:48
In 2022 I coded a program for Linux, maybe 600 lines or so.
I had to use printf() for debugging. Good times. Like the 1950s.
It worked -- my printouts located few bugs.
Post 30 Nov 2024, 19:48
View user's profile Send private message Send e-mail Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2564
Furs 30 Nov 2024, 21:20
AsmGuru62 wrote:
In 2022 I coded a program for Linux, maybe 600 lines or so.
I had to use printf() for debugging. Good times. Like the 1950s.
It worked -- my printouts located few bugs.
printf/logging is the first thing I do when debugging anything other than a crash (for a crash it's the stack dump, and if that's not available, then logging the stacktrace with printf...). What's wrong with it?
Post 30 Nov 2024, 21:20
View user's profile Send private message Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1671
Location: Toronto, Canada
AsmGuru62 30 Nov 2024, 22:57
Nothing is wrong with printf logs. Worked well for me.
It is just the debuggers, like OllyDbg are not on stage in Linux.
It is OK. No problem, I would code for Linux again.
Post 30 Nov 2024, 22:57
View user's profile Send private message Send e-mail Reply with quote
MatQuasar3



Joined: 04 Nov 2024
Posts: 44
MatQuasar3 01 Dec 2024, 12:22
So the point here is use "break" command.


Description:
Filesize: 64.89 KB
Viewed: 1310 Time(s)

1.PNG


Description:
Filesize: 125.98 KB
Viewed: 1310 Time(s)

2.PNG


Post 01 Dec 2024, 12:22
View user's profile Send private message Reply with quote
MatQuasar3



Joined: 04 Nov 2024
Posts: 44
MatQuasar3 01 Dec 2024, 12:24
[quote="macomics"]try
Code:
x /25i $pc    


Thanks.


Description:
Filesize: 98.8 KB
Viewed: 1309 Time(s)

3.PNG


Post 01 Dec 2024, 12:24
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 01 Dec 2024, 12:36
The output from macomics shows Intel syntax.

The output from MatQuasar3 shows AT&T syntax.

Why the difference?
Post 01 Dec 2024, 12:36
View user's profile Send private message Visit poster's website Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 1041
Location: Russia
macomics 01 Dec 2024, 13:05
revolution wrote:
Why the difference?

Code:
set disassembly-flavor intel    
in my ~/.gdbinit
Post 01 Dec 2024, 13:05
View user's profile Send private message Reply with quote
MatQuasar3



Joined: 04 Nov 2024
Posts: 44
MatQuasar3 01 Dec 2024, 13:20
Thanks macomics, and thanks revolution for your good eyes.

The .gdbinit looks like a configuration file, which is permanent setting.


Description:
Filesize: 77.18 KB
Viewed: 1283 Time(s)

5.PNG


Post 01 Dec 2024, 13:20
View user's profile Send private message Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 1041
Location: Russia
macomics 01 Dec 2024, 13:49
Code:
$ gdb -q ./fasm
Reading symbols from ./fasm...
(No debugging symbols found in ./fasm)
(gdb) shell readelf -h ./fasm
Заголовок ELF:
  Magic:   7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00 
  Класс:                             ELF32
  Данные:                            дополнение до 2, от младшего к старшему
  Version:                           1 (current)
  OS/ABI:                            UNIX - GNU
  Версия ABI:                        0
  Тип:                               EXEC (Исполняемый файл)
  Машина:                            Intel 80386
  Версия:                            0x1
  Адрес точки входа:                 0x8048074
  Начало заголовков программы:       52 (байт в файле)
  Начало заголовков раздела:         0 (байт в файле)
  Флаги:                             0x0
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         2
  Size of section headers:           40 (bytes)
  Number of section headers:         0
  Section header string table index: 0
(gdb) info registers
The program has no registers now.
(gdb) frame
No stack.
(gdb) disassemble 
No frame selected.
(gdb) x /25i $pc
No registers.
(gdb) break *0x8048074
Breakpoint 1 at 0x8048074
(gdb) run
Starting program: /home/macomics/PRJ/fasm1/fasml17332/source/Linux/fasm 

Breakpoint 1, 0x08048074 in ?? ()
(gdb) info registers 
eax            0x0                 0
ecx            0x0                 0
edx            0x0                 0
ebx            0x0                 0
esp            0xffffc7d0          0xffffc7d0
ebp            0x0                 0x0
esi            0x0                 0
edi            0x0                 0
eip            0x8048074           0x8048074
eflags         0x202               [ IF ]
cs             0x23                35
ss             0x2b                43
ds             0x2b                43
es             0x2b                43
fs             0x0                 0
gs             0x0                 0
k0             0x0                 0
k1             0x0                 0
k2             0x0                 0
k3             0x0                 0
k4             0x0                 0
k5             0x0                 0
k6             0x0                 0
k7             0x0                 0
(gdb) disassemble 
No function contains program counter for selected frame.
(gdb) frame
#0  0x08048074 in ?? ()
(gdb) x /25i $pc
=> 0x8048074:   mov    DWORD PTR ds:0x80637a3,0x1
   0x804807e:   mov    esi,0x804885b
   0x8048083:   call   0x804853b
   0x8048088:   mov    DWORD PTR ds:0x8063787,esp
   0x804808e:   mov    ecx,DWORD PTR [esp]
   0x8048091:   lea    ebx,[esp+ecx*4+0x8]
   0x8048095:   mov    DWORD PTR ds:0x8063793,ebx
   0x804809b:   call   0x80481d7
   0x80480a0:   jb     0x80481c6
   0x80480a6:   call   0x80483a4
   0x80480ab:   mov    esi,0x804899c
   0x80480b0:   call   0x804853b
   0x80480b5:   mov    eax,ds:0x8063270
   0x80480ba:   sub    eax,DWORD PTR ds:0x806326c
   0x80480c0:   add    eax,DWORD PTR ds:0x8063278
   0x80480c6:   sub    eax,DWORD PTR ds:0x8063274
   0x80480cc:   shr    eax,0xa
   0x80480cf:   call   0x804857d
   0x80480d4:   mov    esi,0x80489a0
   0x80480d9:   call   0x804853b
   0x80480de:   mov    eax,0x4e
   0x80480e3:   mov    ebx,0x80647ae
   0x80480e8:   xor    ecx,ecx
   0x80480ea:   int    0x80
   0x80480ec:   mov    eax,ds:0x80647ae
(gdb) continue
Continuing.
flat assembler  version 1.73.32
usage: fasm <source> [output]
optional settings:
 -m <limit>         set the limit in kilobytes for the available memory
 -p <limit>         set the maximum allowed number of passes
 -d <name>=<value>  define symbolic variable
 -s <file>          dump symbolic information for debugging
[Inferior 1 (process 20803) exited with code 01]    
Post 01 Dec 2024, 13:49
View user's profile Send private message Reply with quote
MatQuasar3



Joined: 04 Nov 2024
Posts: 44
MatQuasar3 02 Dec 2024, 12:05
AsmGuru62 wrote:
In 2022 I coded a program for Linux, maybe 600 lines or so.


600 lines is quite a lot. My longest Linux FASM program is only about 450 lines. And a Linux hexdump file utility can be just 200 lines.
Post 02 Dec 2024, 12:05
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 02 Dec 2024, 12:29
So the "best" so far is this long line?
Code:
~ gdb -q -ex "break *$(readelf -h helloworld | grep Entry | awk '{print $4}')" -ex run -ex 'set disassembly-flavor intel' -ex 'x /2i $pc' helloworld
Reading symbols from helloworld...(no debugging symbols found)...done.
Breakpoint 1 at 0x100000085
Starting program: /home/revolution/helloworld 

Breakpoint 1, 0x0000000100000085 in ?? ()
=> 0x100000085: mov    eax,0x1
   0x10000008a: mov    edi,0x1
(gdb) nexti
0x000000010000008a in ?? ()
(gdb)    
nexti is too much to type to execute a single instruction IMO. Can it be set for F7 and not wait for Enter?
Post 02 Dec 2024, 12:29
View user's profile Send private message Visit poster's website Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 1041
Location: Russia
macomics 02 Dec 2024, 13:11
revolution wrote:
nexti is too much to type to execute a single instruction IMO. Can it be set for F8 and not wait for Enter?
It's a regular bash. Maybe use bind?
Post 02 Dec 2024, 13:11
View user's profile Send private message Reply with quote
MatQuasar3



Joined: 04 Nov 2024
Posts: 44
MatQuasar3 02 Dec 2024, 13:39
revolution wrote:

nexti is too much to type to execute a single instruction IMO. Can it be set for F7 and not wait for Enter?


You can also use "ni" for "nexti" and "si" for "stepi".
Post 02 Dec 2024, 13:39
View user's profile Send private message Reply with quote
MatQuasar3



Joined: 04 Nov 2024
Posts: 44
MatQuasar3 02 Dec 2024, 13:51
"b" for break, "r" for run, "i r" for info registers, "c" for continue, those are abbreviation.
Post 02 Dec 2024, 13:51
View user's profile Send private message Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 1041
Location: Russia
macomics 02 Dec 2024, 14:33
macomics wrote:
revolution wrote:
nexti is too much to type to execute a single instruction IMO. Can it be set for F8 and not wait for Enter?
revolution wrote:
nexti is too much to type to execute a single instruction IMO. Can it be set for F7 and not wait for Enter?
next/nexti=F8;step/stepi=F7
Post 02 Dec 2024, 14:33
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 02 Dec 2024, 15:42
Any mapping would be good. Ability to map F1-F12 to anything I choose.
Post 02 Dec 2024, 15:42
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.