blob: 90dca1b93ecba94d440eb099a9890112ce70d426 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
<!DOCTYPE html>
<html dir="ltr" lang="en">
<head>
<meta charset='utf-8'>
<title>Debugging</title>
</head>
<body>
<a href="index.html">C Index</a>
<h1>Debugging</h1>
<p>Check if the system have restrictions to attach to other processes or other hardening measures, check <a href=../../core/sysctl.html>sysctl settings</a> such as; kernel.yama.ptrace_scope;</p>
<dl>
<dt>kernel.yama.ptrace_scope=0</dt>
<dd>All processes can be debugged, they must have same uid.</dd>
<dt>kernel.yama.ptrace_scope=1</dt>
<dd>Only a parent process can be debugged.</dd>
<dt>kernel.yama.ptrace_scope=2</dt>
<dd>Require user privileges to use ptrace CAP_SYS_PTRACE capability.</dd>
<dt>kernel.yama.ptrace_scope=3</dt>
<dd>No processes may be traced with ptrace.</dd>
</dl>
<p>Before debug;</p>
<pre>
# echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope
# sysctl -w kernel.yama.ptrace_scope=0
</pre>
<p>After debug;</p>
<pre>
# echo 1 | sudo tee /proc/sys/kernel/yama/ptrace_scope
# sysctl -w kernel.yama.ptrace_scope=1
</pre>
<h2 id="gdb">GDB</h2>
<p>If the program needs arguments you can set it;</p>
<pre>
(gdb)set args -parameter1 -parameter2
</pre>
<p>To start gdb in TUI mode press;</p>
<dl>
<dt>Ctrl-x A</dt>
<dd>Enter or leave TUI.</dd>
<dt>Ctrl-x 0</dt>
<dd>TUI with only one window.</dd>
<dt>Ctrl-x 2</dt>
<dd>TUI with more than two windows.</dd>
<dt>Ctrl-x o</dt>
<dd>Change active window.</dd>
<dt>Ctrl-x s</dt>
<dd>TUI single key mode.</dd>
<dt>Ctrl-L s</dt>
<dd>Refresh screen.</dd>
<dt>Up</dt>
<dd>Scroll</dd>
<dt>Down</dt>
<dd>Scroll</dd>
<dt>Left</dt>
<dd>Scroll</dd>
<dt>Right</dt>
<dd>Scroll</dd>
</dl>
<pre>
(gdb) info win
(gdb) fs next
(gdb) fs SRC
</pre>
<pre>
b - backtrace
info locals
display
print
x
catch syscall open
</pre>
<p>When new thread is created you receive
a notification. To get information about
threads;</p>
<pre>
info threads
</pre>
<p>To select thread;</p>
<pre>
thread 1
</pre>
<pre>
break linespec thread threadno
</pre>
<h2 id="strace">Strace</h2>
<pre>
$ strace -c ./program -o ~/program.strace
</pre>
<pre>
$ strace -p 1337 -o ~/program.strace
</pre>
<p><a href="http://blog.fourthbit.com/2013/06/18/creating-an-open-source-program-in-c-with-autotools-part-1-of-2/">C program with autotools</a>
<a href="http://web.eecs.umich.edu/~sugih/pointers/gdbQS.html">GDB Quick Start</a>,
<a href="https://www.hackerschool.com/blog/5-learning-c-with-gdb">Learning C with GDB</a>
and <a href="http://www.dirac.org/linux/gdb/02a-Memory_Layout_And_The_Stack.php">Memory Layout and the Stack</a>
are great sources of introductory information.
<a href="http://ftp.gnu.org/old-gnu/Manuals/gdb/html_node/gdb_39.html#SEC40">Stopping and Starting</a>
multi-thread programs</p>
<a href="index.html">C Index</a>
<p>
This is part of the Hive System Documentation.
Copyright (C) 2019
Hive Team.
See the file <a href="../../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
for copying conditions.</p>
</body>
</html>
|