Tweet
Tweet

Slide 1

Slide 1 text

GDB Rocks! Kent Chen GDB The GNU Project Debugger

Slide 2

Slide 2 text

Kent Chen (chenkaie) [email protected] http://chenkaie.blogspot.com @chenkaie on GitHub @chenkaie on SlideShare @chenkaie on LinkedIn @chenkaie on Twitter

Slide 3

Slide 3 text

為什麼要學 GDB Why everybody learns GDB?

Slide 4

Slide 4 text

非互動式/交談式 Non-Interactive Debugging

Slide 5

Slide 5 text

strace - system call, signal ltrace - library call

Slide 6

Slide 6 text

printf / printk “打印”久了 也挺煩人的 Debugging by Endless Printing

Slide 7

Slide 7 text

GDB Source-Level Debugger

Slide 8

Slide 8 text

互動式/交談式 你叫它幹麻它就幹麻 Interactive Debugging

Slide 9

Slide 9 text

有了Debugger Coding是彩色的 - by Jserv/宅色夫大大 No Debugger, No Happy Coding

Slide 10

Slide 10 text

學會了GDB 我有種山頂洞人 學會用火的感動 - by 張至 張至是誰?! 我也不認識, Google到的,某某鄉民吧!

Slide 11

Slide 11 text

GDB Front Ends

Slide 12

Slide 12 text

gdbtui

Slide 13

Slide 13 text

cgdb

Slide 14

Slide 14 text

ddd (Joe’s Fav)

Slide 15

Slide 15 text

insight

Slide 16

Slide 16 text

clewn / vim + gdb

Slide 17

Slide 17 text

pyclewn

Slide 18

Slide 18 text

gdbmgr

Slide 19

Slide 19 text

分享小弟 入門經驗 Sharing my real-world GDB experience

Slide 20

Slide 20 text

牛刀小試 幼幼班 GDB Beginner’s training

Slide 21

Slide 21 text

Change memory contents on-the-fly

Slide 22

Slide 22 text

Change memory contents on-the-fly

Slide 23

Slide 23 text

stack backtrace

Slide 24

Slide 24 text

Attach to a process

Slide 25

Slide 25 text

Jump $pc (program counter)

Slide 26

Slide 26 text

core dump

Slide 27

Slide 27 text

core dump (cont.)

Slide 28

Slide 28 text

core dump (cont.)

Slide 29

Slide 29 text

Patch binary file

Slide 30

Slide 30 text

Patch binary file (cont.) $objdump -d -S -l -shrt dump1.out Change “ef01” to “ef00”

Slide 31

Slide 31 text

奇技淫巧 進階班 Advanced GDB Tricks

Slide 32

Slide 32 text

奇技淫巧: 奇異而眩人耳目の 技能或事物 (from 教育部國語辭典)

Slide 33

Slide 33 text

SIGSEGV + GDB

Slide 34

Slide 34 text

C interpreter 1. $ gdb `which gdb` 2. (gdb) start 3. Enjoy your world… • Example: (gdb)  p  1  +  2  +  abs(-­‐3) (gdb)  p  strcmp("VIVOTEK",  "AXIS") (gdb)  x/s  getenv(“HOME”) (gdb)  p  (char*)getenv("HOME") (gdb)  p  (char)*getenv("HOME") (gdb)  p  printf("%d\n",  12345678)

Slide 35

Slide 35 text

Signal Handler Terminal hang / Reboot PC You have to close terminal (e.g., PuTTY, iTerm,...) Conventional solution GNU Screen / Tmux nohup GDB solution $ gdb [program] [pid] (gdb) handle SIGHUP nopass (gdb) continue (gdb)  handle  SIGHUP Signal                Stop            Print      Pass  to  program  Description SIGHUP                Yes              Yes          Yes                          Hangup (gdb)  handle  SIGHUP  nopass Signal                Stop            Print      Pass  to  program  Description SIGHUP                Yes              Yes          No                            Hangup Program  received  signal  SIGHUP,  Hangup. 0x0000003ac7a954e0  in  __nanosleep_nocancel  ()  from  /lib64/libc.so.6 (gdb) Continuing.

Slide 36

Slide 36 text

經典案例 實戰探討 A real-world case study

Slide 37

Slide 37 text

案例一、 Case 1

Slide 38

Slide 38 text

GNU C Library (glibc) debugging / 除錯

Slide 39

Slide 39 text

Why?

Slide 40

Slide 40 text

追求 卓越 Pursuit of excellence :)

Slide 41

Slide 41 text

DieLink 呆吝蚵

Slide 42

Slide 42 text

江湖中 流傳已久 A well-know issue

Slide 43

Slide 43 text

某某 Daemon 之死 Process crash issue

Slide 44

Slide 44 text

dmesg

Slide 45

Slide 45 text

cat /proc/`pidof configer`/maps

Slide 46

Slide 46 text

SIGSEGV @libc-2.5.90.so

Slide 47

Slide 47 text

WTF!! 不會吧(驚)

Slide 48

Slide 48 text

ㄎㄎ 我有學過 Core dump

Slide 49

Slide 49 text

無敵の gdb core dump

Slide 50

Slide 50 text

backtrace (bt)

Slide 51

Slide 51 text

_IO_strn_overflow () vfprintf () C language !?

Slide 52

Slide 52 text

WTF!! 不會吧(驚驚)

Slide 53

Slide 53 text

欲窮千里目 更上一層樓

Slide 54

Slide 54 text

ㄎㄎ我有學過 gdb frame UP

Slide 55

Slide 55 text

frame [index] / up / down

Slide 56

Slide 56 text

WTF!! ARM assembly

Slide 57

Slide 57 text

組合語言 什麼鬼呀 大學修完課後就通通還給老師了

Slide 58

Slide 58 text

C Code & ARM assembly

Slide 59

Slide 59 text

看似 專業 Pro Looks “GEEK”

Slide 60

Slide 60 text

In fact 實際上

Slide 61

Slide 61 text

發現 gcc -O3 TMD 實在太難看了 It’s god damn hard to read after gcc -O3

Slide 62

Slide 62 text

我們需要 Source Level Debugging

Slide 63

Slide 63 text

Use the Source Loser... Orz

Slide 64

Slide 64 text

May The Source Be With You

Slide 65

Slide 65 text

How?

Slide 66

Slide 66 text

RTFM Read The Fucking Manual

Slide 67

Slide 67 text

load by symbol-file cmd

Slide 68

Slide 68 text

Re-build debug version shared library with "-g"

Slide 69

Slide 69 text

set solib-absolute-prefix

Slide 70

Slide 70 text

Source be with You

Slide 71

Slide 71 text

發現傳入 snprintf() の資料都正確

Slide 72

Slide 72 text

OMFG!

Slide 73

Slide 73 text

電梯繼續向下 gdb frame down

Slide 74

Slide 74 text

到了 /lib/libc.so.6 -> libc-2.5.90.so

Slide 75

Slide 75 text

Shit! 若仿照 上面作法

Slide 76

Slide 76 text

難不成要自己 build debug 版のlibc-2.5.90

Slide 77

Slide 77 text

Oh No !

Slide 78

Slide 78 text

使用大廠の 偷偷Solution

Slide 79

Slide 79 text

你有權利 Say NO

Slide 80

Slide 80 text

MontaVista 已經幫我們 Build 好了

Slide 81

Slide 81 text

lib*.*.so.*.debug

Slide 82

Slide 82 text

glibc source level debug

Slide 83

Slide 83 text

DEMO

Slide 84

Slide 84 text

Null pointer access issue

Slide 85

Slide 85 text

多虧了 神器 GDB

Slide 86

Slide 86 text

我們終於學會 Shared Library Debugging

Slide 87

Slide 87 text

某Daemon之死 至今仍是個謎 (驚)

Slide 88

Slide 88 text

案例二、 Case 2

Slide 89

Slide 89 text

劫持 FDs File Descriptors Hijacking

Slide 90

Slide 90 text

時間有限 下回揭曉 File Descriptor Hijacking / 劫持 FDs 之奇技淫巧

Slide 91

Slide 91 text

Reference 快快樂樂學 GNU Debugger (gdb) Part I + II (Jserv) http://jserv.sayya.org/debugger/ http://pyclewn.sourceforge.net/ http://clewn.sourceforge.net/ http://reverse.put.as/ GDB的妙用 (vgod) [GDB Tricks] File Descriptor Hijacking / 劫持 FDs 之奇技淫巧