From e8de8442cecce54fc4f372dc2dacecc7abca23ae Mon Sep 17 00:00:00 2001 From: FreeArtMan Date: Thu, 27 May 2021 08:04:17 +0100 Subject: Moved archived notes from html to md. 5 Articles --- md/writeup/gdb_helper_functions.md | 224 +++++++++++++++++++++++++++++++++++++ 1 file changed, 224 insertions(+) (limited to 'md/writeup/gdb_helper_functions.md') diff --git a/md/writeup/gdb_helper_functions.md b/md/writeup/gdb_helper_functions.md index e69de29..5fc45af 100644 --- a/md/writeup/gdb_helper_functions.md +++ b/md/writeup/gdb_helper_functions.md @@ -0,0 +1,224 @@ +title:Notes on videos +keywords:math,statistics + +# GDB helper functions + +```text +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ GDB helper functions + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ INDEX + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +1. Intro +2. Source +3. First run +4. Breakpoints +5. Registers +6. Helper commands +7. ToDo +8. Links + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ 1.Intro + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +GDB is GNU debugger. It comes as standard tool in gcc toolchain and all distros +have it as package. It work on all arch'es that gcc supports and it also can be +used as remote debugger. To debug it uses Linux kernel debugging functionality +of ptrace. For first moment its quite confusing tool too many command to type +and it doesn't have GUI or TUI. + +What here will be added is command to show XMM registers, general purpose +registers and eflags with one command. This command make gdb more fun tool +to use. + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ 2.Source + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +You can find GDB source here http://ftp.gnu.org/gnu/gdb/ + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ 3.First run + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +For first run we have example of program that just prints some string and +that's all. If you just run program with debugger and you haven't given commands +to debugger it will run program as expected if everything is OK with program. + +SOURCE: main1.c + +#include + +{ + printf("Works fine\n"); +} + + +Firs run is + + gdb ./main1 + +then in gdb command line type + + (gdb) run + +And it will show + + Starting program: main1 + Works fine + [Inferior 1 (process XXX) exit normally] + +String "Works fine" comes from printf's. And as everything was alright with +program its terminated "normally". Lets start to go deeper in debugging things. + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ 4.Breakpoints + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +Now lets use break points first breakpoint when to see whats happens in +program is set at main/_start function of C program as its start point +of program. If program is written in assembler then there could be no +main function like in C but still there entry point to program. And +possible why how to get address of entry point(main/_start) to program is +with readelf utility + + >readelf -h ./main1 | grep Entry + + Entry point address: 0x400410 + +Setting breakpoint to main function first way is just + + >gdb ./main1 + (gdb)break main + Breakpoint 1 at 0x40050a + (gdb)run + Start program: ./main1 + Breakpoint 1, 0x040050a in main() + +Now we called C main function and stopped at needed location. +Entry point is different in C it could be settuped directly with address or + + (gdb) break _start + +breakpoint on address + + (gdb) break *0x400410 + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ 5.Registers + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +Moment when you need debugger is when something "broken" here is example +situation of broken code. + +SOURCE: main2.c + +int main() +{ + int i; + + i = i/0; +} + +Run until it break and see what happened + + gdb ./main2 + (gdb) run + Program received signal SIGFPE + (gdb) display/i $pc + => 0x4004c3 : idiv %ecx + + +when number is divided on zero CPU usually generates exception and stops +program showing that something bad is happened. + + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ 6.Helper commands + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +To improve your experience there could be written macroses that can improve +your experience with gdb. There is example of gdb macroses that could be useful +and if you want to use them you can put gdbalias file at same directory as +debugged file and load from gdb with + + (gdb)source gdbalias + +shr32 - show 32 bit general purpose registers +shr32a - show 32 bit registers with 16, 8 bit registers and system registers +shr64 - show 64 bit general purpose registers +shr64a - show 64 bit registers and 32/16/8 bit equivalents +shsse_float - show xmm registers and its 4 32 bit float values +shsse_double - show xmm registers and its 2 64 bit double values +shsse_i8 - show xmm registers and its 16 8 bit integer values +shsse_i16 - show xmm registers and its 8 16 bit integer values +shsse_i32 - show xmm registers and its 4 32 bit integer values +shsse_i64 - show xmm registers and its 2 64 bit integer values +s - one step in debugger +flags - show eflags +showrchanges - on every step show changes from previous step +sc - one step and show changed registers + +All register could be printed with gdb command + + printf + +registers name that are used is $rax, $eax, $ax, $ah, $al and all others + +shsee commands are showing xmm0 registers and what is inside depends +on you interpretation that why there is 8 registers + + $xmm0,$xmm1,$xmm2,$xmm3,$xmm4,$xmm5,$xmm6,$xmm7 + +and values depended on interpretation can be accessed as + +X - register index, Y - array index + + $xmmX.v4_float[0] + $xmmX.v2_double[0] + $xmmX.v16_int8[0] + $xmmX.v8_int16[0] + $xmmX.v4_int32[0] + $xmmX.v2_int64[0]h + +Changes on each step are made just by saving registers: + + set $oldrax = $rax + +and when changes happens if/else: + + if ($rax != $oldrax) + printf "RAX:0x016lX ", $rax + end + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ 7.ToDo + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +Add more descriptions and more basic topics how to use gdb + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ 8.Links + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +[1] http://ftp.gnu.org/gnu/gdb/ +[2] https://en.wikipedia.org/wiki/GNU_Debugger +[3] https://github.com/gdbinit/Gdbinit/blob/master/gdbinit +[4] https://sourceware.org/gdb/onlinedocs/gdb/Define.html +[5] https://github.com/FreeArtMan/gdbalias +[6] http://www.delorie.com/gnu/docs/gdb/gdb_28.html +[7] http://www.delorie.com/gnu/docs/gdb/gdb_29.html +``` +## Downloads + +http://archive.main.lv/files/writeup/gdb_helper_functions/gdbalias + -- cgit v1.2.3