blob: e721d07e3998ee47093466bcecc91cfc948637b0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
<!DOCTYPE html>
<html dir="ltr" lang="en">
<head>
<meta charset='utf-8'>
<title>Debugging</title>
</head>
<body>
<a href="index.html">C Index</a>
<h1>Debugging</h1>
<p>Check if the system have restrictions to attach to other processes or other hardening measures, check <a href=../../core/sysctl.html>sysctl settings</a> such as; kernel.yama.ptrace_scope;</p>
<dl>
<dt>kernel.yama.ptrace_scope=0</dt>
<dd>All processes can be debugged, they must have same uid.</dd>
<dt>kernel.yama.ptrace_scope=1</dt>
<dd>Only a parent process can be debugged.</dd>
<dt>kernel.yama.ptrace_scope=2</dt>
<dd>Require user privileges to use ptrace CAP_SYS_PTRACE capability.</dd>
<dt>kernel.yama.ptrace_scope=3</dt>
<dd>No processes may be traced with ptrace.</dd>
</dl>
<p>Before debug;</p>
<pre>
# echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope
# sysctl -w kernel.yama.ptrace_scope=0
</pre>
<p>After debug;</p>
<pre>
# echo 1 | sudo tee /proc/sys/kernel/yama/ptrace_scope
# sysctl -w kernel.yama.ptrace_scope=1
</pre>
<h2 id="gdb">GDB</h2>
<p>If the program needs arguments you can set it at start or later;</p>
<pre>
(gdb)set args -parameter1 -parameter2
</pre>
<p>To start gdb in TUI mode press;</p>
<dl>
<dt>Ctrl-x A</dt>
<dd>Enter or leave TUI.</dd>
<dt>Ctrl-x 0</dt>
<dd>TUI with only one window.</dd>
<dt>Ctrl-x 2</dt>
<dd>TUI with more than two windows.</dd>
<dt>Ctrl-x o</dt>
<dd>Change active window.</dd>
<dt>Ctrl-x s</dt>
<dd>TUI single key mode.</dd>
<dt>Ctrl-L s</dt>
<dd>Refresh screen.</dd>
</dl>
<p>To attach to a process (pid 5922) and start UI with disassemble;<p>
<pre>
$ gdb -p 5922
(gdb) layout asm
(gdb) disassemble
(gdb) set disassembly-flavor intel
</pre>
<p>Break on memory address and inspect area of the memory;</p>
<pre>
(gdb) b *0x400671
(gdb) x/16gx 0x7ffe5217c03d
</pre>
<pre>
(gdb) info win
(gdb) fs next
(gdb) fs SRC
</pre>
<pre>
b - backtrace
info locals
display
print
catch syscall open
</pre>
<p>When new thread is created you receive
a notification. To get information about
threads;</p>
<pre>
info threads
</pre>
<p>To select thread;</p>
<pre>
thread 1
</pre>
<pre>
break linespec thread threadno
</pre>
<h2 id="strace">Strace</h2>
<pre>
$ strace -c ./program -o ~/program.strace
</pre>
<pre>
$ strace -p 1337 -o ~/program.strace
</pre>
<p><a href="http://blog.fourthbit.com/2013/06/18/creating-an-open-source-program-in-c-with-autotools-part-1-of-2/">C program with autotools</a>
<a href="http://web.eecs.umich.edu/~sugih/pointers/gdbQS.html">GDB Quick Start</a>,
<a href="https://www.hackerschool.com/blog/5-learning-c-with-gdb">Learning C with GDB</a>
and <a href="http://www.dirac.org/linux/gdb/02a-Memory_Layout_And_The_Stack.php">Memory Layout and the Stack</a>
are great sources of introductory information.
<a href="http://ftp.gnu.org/old-gnu/Manuals/gdb/html_node/gdb_39.html#SEC40">Stopping and Starting</a>
multi-thread programs</p>
<a href="index.html">C Index</a>
<p>
This is part of the Tribu System Documentation.
Copyright (C) 2020
Tribu Team.
See the file <a href="../../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
for copying conditions.</p>
</body>
</html>
|