GDB Rocks!

6,148 views

Published on

GDB Rocks!
Basic gdb case study, advanced gdb tricks, shared library debugging

Published in: Technology
0 Comments
46 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,148
On SlideShare
0
From Embeds
0
Number of Embeds
30
Actions
Shares
0
Downloads
287
Comments
0
Likes
46
Embeds 0
No embeds

No notes for slide

GDB Rocks!

  1. 1. GDB Rocks! GDB The GNU ProjectKent Chen Debugger
  2. 2. Kent Chen (chenkaie)chenkaie@gmail.comhttp://chenkaie.blogspot.com@chenkaie on GitHub@chenkaie on SlideShare@chenkaie on LinkedIn@chenkaie on Twitter
  3. 3. 為什麼要學 GDBWhy everybody learns GDB?
  4. 4. 非互動式/交談式 Non-Interactive Debugging
  5. 5. strace - system call, signal ltrace - library call
  6. 6. printf / printk “打印”久了也挺煩人的Debugging by Endless Printing
  7. 7. GDBSource-Level Debugger
  8. 8. 互動式/交談式 你叫它幹麻它就幹麻Interactive Debugging
  9. 9. 有了DebuggerCoding是彩色的 - by Jserv/宅色夫大大No Debugger, No Happy Coding
  10. 10. 學會了GDB我有種山頂洞人學會用火的感動 - by 張至張至是誰?! 我也不認識, Google到的,某某鄉民吧!
  11. 11. GDBFront Ends
  12. 12. gdbtui
  13. 13. cgdb
  14. 14. ddd (Joe’s Fav)
  15. 15. insight
  16. 16. clewn / vim + gdb
  17. 17. pyclewn
  18. 18. gdbmgr
  19. 19. 分享小弟 入門經驗Sharing my real-world GDB experience
  20. 20. 牛刀小試幼幼班GDB Beginner’s training
  21. 21. Change memory contents on-the-fly
  22. 22. Change memory contents on-the-fly
  23. 23. stack backtrace
  24. 24. Attach to a process
  25. 25. Jump $pc (program counter)
  26. 26. core dump
  27. 27. core dump (cont.)
  28. 28. core dump (cont.)
  29. 29. Patch binary file
  30. 30. Patch binary file (cont.)$objdump -d -S -l -shrt dump1.out Change “ef01” to “ef00”
  31. 31. 奇技淫巧進階班Advanced GDB Tricks
  32. 32. 奇技淫巧:奇異而眩人耳目の 技能或事物 (from 教育部國語辭典)
  33. 33. SIGSEGV + GDB
  34. 34. C interpreter1. $ gdb `which gdb`2. (gdb) start3. Enjoy your world…• Example: (gdb)  p  1  +  2  +  abs(-­‐3) (gdb)  p  strcmp("VIVOTEK",  "AXIS") (gdb)  x/s  getenv(“HOME”) (gdb)  p  (char*)getenv("HOME") (gdb)  p  (char)*getenv("HOME") (gdb)  p  printf("%dn",  12345678)
  35. 35. Signal HandlerTerminal hang / Reboot PC You have to close terminal (e.g., PuTTY, iTerm,...)Conventional solution (gdb)  handle  SIGHUP GNU Screen / Tmux Signal                Stop            Print      Pass  to  program  Description SIGHUP                Yes              Yes          Yes                          Hangup (gdb)  handle  SIGHUP  nopass Signal                Stop            Print      Pass  to  program  Description nohup SIGHUP                Yes              Yes          No                            Hangup Program  received  signal  SIGHUP,  Hangup.GDB solution 0x0000003ac7a954e0  in  __nanosleep_nocancel  ()  from  /lib64/libc.so.6 (gdb) Continuing. $ gdb [program] [pid] (gdb) handle SIGHUP nopass (gdb) continue
  36. 36. 經典案例實戰探討A real-world case study
  37. 37. 案例一、 Case 1
  38. 38. GNU C Library (glibc) debugging / 除錯
  39. 39. Why?
  40. 40. 追求 卓越Pursuit of excellence :)
  41. 41. DieLink呆吝蚵
  42. 42. 江湖中流傳已久A well-know issue
  43. 43. 某某Daemon 之死Process crash issue
  44. 44. dmesg
  45. 45. cat /proc/`pidof configer`/maps
  46. 46. SIGSEGV@libc-2.5.90.so
  47. 47. WTF!!不會吧(驚)
  48. 48. ㄎㄎ 我有學過Core dump
  49. 49. 無敵の gdb core dump
  50. 50. backtrace (bt)
  51. 51. _IO_strn_overflow () vfprintf ()C language !?
  52. 52. WTF!!不會吧(驚驚)
  53. 53. 欲窮千里目更上一層樓
  54. 54. ㄎㄎ我有學過gdb frame UP
  55. 55. frame [index] / up / down
  56. 56. WTF!!ARM assembly
  57. 57. 組合語言 什麼鬼呀大學修完課後就通通還給老師了
  58. 58. C Code & ARM assembly
  59. 59. 看似專業 Pro Looks “GEEK”
  60. 60. In fact實際上
  61. 61. 發現 gcc -O3 TMD 實在太難看了It’s god damn hard to read after gcc -O3
  62. 62. 我們需要Source Level Debugging
  63. 63. Use theSourceLoser... Orz
  64. 64. MayThe Source Be With You
  65. 65. How?
  66. 66. RTFM Read TheFucking Manual
  67. 67. load by symbol-file cmd
  68. 68. Re-builddebug versionshared library with "-g"
  69. 69. set solib-absolute-prefix
  70. 70. Source be with You
  71. 71. 發現傳入 snprintf()の資料都正確
  72. 72. OMFG!
  73. 73. 電梯繼續向下gdb frame down
  74. 74. 到了 /lib/libc.so.6-> libc-2.5.90.so
  75. 75. Shit! 若仿照上面作法
  76. 76. 難不成要自己 build debug版のlibc-2.5.90
  77. 77. Oh No !
  78. 78. 使用大廠の偷偷Solution
  79. 79. 你有權利Say NO
  80. 80. MontaVista已經幫我們 Build 好了
  81. 81. lib*.*.so.*.debug
  82. 82. glibc source level debug
  83. 83. DEMO
  84. 84. Null pointer access issue
  85. 85. 多虧了神器 GDB
  86. 86. 我們終於學會Shared Library Debugging
  87. 87. 某Daemon之死至今仍是個謎 (驚)
  88. 88. 案例二、 Case 2
  89. 89. 劫持 FDsFile Descriptors Hijacking
  90. 90. 時間有限 下回揭曉File Descriptor Hijacking / 劫持 FDs 之奇技淫巧
  91. 91. Reference快快樂樂學 GNU Debugger (gdb) Part I + II (Jserv) http://jserv.sayya.org/debugger/http://pyclewn.sourceforge.net/http://clewn.sourceforge.net/http://reverse.put.as/GDB的妙用 (vgod)[GDB Tricks] File Descriptor Hijacking / 劫持 FDs 之奇技淫巧

×