C Index

Debugging

Check if the system have restrictions to attach to other processes or other hardening measures, check sysctl settings such as; kernel.yama.ptrace_scope;

kernel.yama.ptrace_scope=0: All processes can be debugged, they must have same uid.
kernel.yama.ptrace_scope=1: Only a parent process can be debugged.
kernel.yama.ptrace_scope=2: Require user privileges to use ptrace CAP_SYS_PTRACE capability.
kernel.yama.ptrace_scope=3: No processes may be traced with ptrace.

Before debug;

        # echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope
        # sysctl -w kernel.yama.ptrace_scope=0

After debug;

        # echo 1 | sudo tee /proc/sys/kernel/yama/ptrace_scope
        # sysctl -w kernel.yama.ptrace_scope=1

GDB

If the program needs arguments you can set it at start or later;

        (gdb)set args -parameter1 -parameter2

To start gdb in TUI mode press;

Ctrl-x A: Enter or leave TUI.
Ctrl-x 0: TUI with only one window.
Ctrl-x 2: TUI with more than two windows.
Ctrl-x o: Change active window.
Ctrl-x s: TUI single key mode.
Ctrl-L s: Refresh screen.

To attach to a process (pid 5922) and start UI with disassemble;

        $ gdb -p 5922
        (gdb) layout asm
        (gdb) disassemble
        (gdb) set disassembly-flavor intel

Break on memory address and inspect area of the memory;

        (gdb) b *0x400671
        (gdb) x/16gx 0x7ffe5217c03d

        (gdb) info win
        (gdb) fs next
        (gdb) fs SRC

        b - backtrace
        info locals
        display
        print
        catch syscall open

When new thread is created you receive a notification. To get information about threads;

        info threads

To select thread;

        thread 1

        break linespec thread threadno

Strace

        $ strace -c ./program -o ~/program.strace

        $ strace -p 1337 -o ~/program.strace

C program with autotools GDB Quick Start, Learning C with GDB and Memory Layout and the Stack are great sources of introductory information. Stopping and Starting multi-thread programs

C Index