GDB Rocks!
Upcoming SlideShare
Loading in...5
×
 

GDB Rocks!

on

  • 1,113 views

GDB Rocks!

GDB Rocks!
Basic gdb case study, advanced gdb tricks, shared library debugging

Statistics

Views

Total Views
1,113
Views on SlideShare
1,107
Embed Views
6

Actions

Likes
3
Downloads
41
Comments
0

3 Embeds 6

http://www.linkedin.com 4
https://twitter.com 1
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-ShareAlike LicenseCC Attribution-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

GDB Rocks! GDB Rocks! Presentation Transcript

  • GDB Rocks! GDB The GNU ProjectKent Chen Debugger
  • Kent Chen (chenkaie)chenkaie@gmail.comhttp://chenkaie.blogspot.com@chenkaie on GitHub@chenkaie on SlideShare@chenkaie on LinkedIn@chenkaie on Twitter
  • 為什麼要學 GDBWhy everybody learns GDB?
  • 非互動式/交談式 Non-Interactive Debugging
  • strace - system call, signal ltrace - library call
  • printf / printk “打印”久了也挺煩人的Debugging by Endless Printing
  • GDBSource-Level Debugger
  • 互動式/交談式 你叫它幹麻它就幹麻Interactive Debugging
  • 有了DebuggerCoding是彩色的 - by Jserv/宅色夫大大No Debugger, No Happy Coding
  • 學會了GDB我有種山頂洞人學會用火的感動 - by 張至張至是誰?! 我也不認識, Google到的,某某鄉民吧!
  • GDBFront Ends
  • gdbtui
  • cgdb
  • ddd (Joe’s Fav)
  • insight
  • clewn / vim + gdb
  • pyclewn
  • gdbmgr
  • 分享小弟 入門經驗Sharing my real-world GDB experience
  • 牛刀小試幼幼班GDB Beginner’s training
  • Change memory contents on-the-fly
  • Change memory contents on-the-fly
  • stack backtrace
  • Attach to a process
  • Jump $pc (program counter)
  • core dump
  • core dump (cont.)
  • core dump (cont.)
  • Patch binary file
  • Patch binary file (cont.)$objdump -d -S -l -shrt dump1.out Change “ef01” to “ef00”
  • 奇技淫巧進階班Advanced GDB Tricks
  • 奇技淫巧:奇異而眩人耳目の 技能或事物 (from 教育部國語辭典)
  • SIGSEGV + GDB
  • C interpreter1. $ gdb `which gdb`2. (gdb) start3. Enjoy your world…• Example: (gdb)  p  1  +  2  +  abs(-­‐3) (gdb)  p  strcmp("VIVOTEK",  "AXIS") (gdb)  x/s  getenv(“HOME”) (gdb)  p  (char*)getenv("HOME") (gdb)  p  (char)*getenv("HOME") (gdb)  p  printf("%dn",  12345678)
  • Signal HandlerTerminal hang / Reboot PC You have to close terminal (e.g., PuTTY, iTerm,...)Conventional solution (gdb)  handle  SIGHUP GNU Screen / Tmux Signal                Stop            Print      Pass  to  program  Description SIGHUP                Yes              Yes          Yes                          Hangup (gdb)  handle  SIGHUP  nopass Signal                Stop            Print      Pass  to  program  Description nohup SIGHUP                Yes              Yes          No                            Hangup Program  received  signal  SIGHUP,  Hangup.GDB solution 0x0000003ac7a954e0  in  __nanosleep_nocancel  ()  from  /lib64/libc.so.6 (gdb) Continuing. $ gdb [program] [pid] (gdb) handle SIGHUP nopass (gdb) continue
  • 經典案例實戰探討A real-world case study
  • 案例一、 Case 1
  • GNU C Library (glibc) debugging / 除錯
  • Why?
  • 追求 卓越Pursuit of excellence :)
  • DieLink呆吝蚵
  • 江湖中流傳已久A well-know issue
  • 某某Daemon 之死Process crash issue
  • dmesg
  • cat /proc/`pidof configer`/maps
  • SIGSEGV@libc-2.5.90.so
  • WTF!!不會吧(驚)
  • ㄎㄎ 我有學過Core dump
  • 無敵の gdb core dump
  • backtrace (bt)
  • _IO_strn_overflow () vfprintf ()C language !?
  • WTF!!不會吧(驚驚)
  • 欲窮千里目更上一層樓
  • ㄎㄎ我有學過gdb frame UP
  • frame [index] / up / down
  • WTF!!ARM assembly
  • 組合語言 什麼鬼呀大學修完課後就通通還給老師了
  • C Code & ARM assembly
  • 看似專業 Pro Looks “GEEK”
  • In fact實際上
  • 發現 gcc -O3 TMD 實在太難看了It’s god damn hard to read after gcc -O3
  • 我們需要Source Level Debugging
  • Use theSourceLoser... Orz
  • MayThe Source Be With You
  • How?
  • RTFM Read TheFucking Manual
  • load by symbol-file cmd
  • Re-builddebug versionshared library with "-g"
  • set solib-absolute-prefix
  • Source be with You
  • 發現傳入 snprintf()の資料都正確
  • OMFG!
  • 電梯繼續向下gdb frame down
  • 到了 /lib/libc.so.6-> libc-2.5.90.so
  • Shit! 若仿照上面作法
  • 難不成要自己 build debug版のlibc-2.5.90
  • Oh No !
  • 使用大廠の偷偷Solution
  • 你有權利Say NO
  • MontaVista已經幫我們 Build 好了
  • lib*.*.so.*.debug
  • glibc source level debug
  • DEMO
  • Null pointer access issue
  • 多虧了神器 GDB
  • 我們終於學會Shared Library Debugging
  • 某Daemon之死至今仍是個謎 (驚)
  • 案例二、 Case 2
  • 劫持 FDsFile Descriptors Hijacking
  • 時間有限 下回揭曉File Descriptor Hijacking / 劫持 FDs 之奇技淫巧
  • Reference快快樂樂學 GNU Debugger (gdb) Part I + II (Jserv) http://jserv.sayya.org/debugger/http://pyclewn.sourceforge.net/http://clewn.sourceforge.net/http://reverse.put.as/GDB的妙用 (vgod)[GDB Tricks] File Descriptor Hijacking / 劫持 FDs 之奇技淫巧