Debugger Principle Overview & GDB Tricks

Something On GDB And Debugging

[email protected]

TAIRSeptember 26, 2013

Outline

1 Debugger Under the Hood

2 GDB the Basics

3 Bonus

4 A Little Assembly

Outline


2 GDB the Basics

3 Bonus

4 A Little Assembly

Outline


2 GDB the Basics

3 Bonus

4 A Little Assembly

Outline


2 GDB the Basics

3 Bonus

4 A Little Assembly

Debugger Under the Hood Basics Bonus A Little Assembly

What and How

I what debuggers doI how to take control of the targetI how to set up breakpointsI how to map instructions with source code

dutor Something On GDB And Debugging


ptrace

I long ptrace(request, pid, addr, data)I tracer/traceeI signal/waitpidI PTRACE_TRACEMEI PTRACE_ATTACHI PTRACE_CONT/SINGLESTEPI PTRACE_PEEKDATA/POKEDATA



breakpoints

I hardware, the debug registersI software, INT 3



Debug Info

I DWARF, designed for various languages and ABIsI source lines and instructionsI names and adressesI utilities

I readelfI stripI nm/stringsI c++filt



Basic Usage of GDB

I startI runningI breakpointsI print/xI othersI help

$ cc test.cpp -g$ gdb a.out$ gdb a.out core .1234$ gdb --args a.out arg1 arg2

$ gdb(gdb) file a.out(gdb) start arg1 arg2(gdb) run arg1 arg2(gdb) run <if >of



Basic Usage of GDB


(gdb) next(gdb) step(gdb) continue(gdb) nexti(gdb) stepi(gdb) finish(gdb) until LINE



Basic Usage of GDB


(gdb) break(gdb) break test.cpp :32(gdb) break foo if p == NULL(gdb) break 32 thread 0(gdb) info breakpoints(gdb) disable 1(gdb) enable 2(gdb) delete 3(gdb) ignore 4 123(gdb) commands 5set p = malloc (1024)end



Basic Usage of GDB


(gdb) print n(gdb) print/x p(gdb) print object(gdb) x &n



Basic Usage of GDB


(gdb) backtrace(gdb) info locals(gdb) info threads(gdb) thread 16(gdb) list(gdb) list foo(gdb) list -



Basic Usage of GDB


(gdb) help print(gdb) help set(gdb) help set print



Miscs and Bonus

I p $ripI i regI p {tair::StorageManager}0x608048I p *array@10I display/i $ripI x/40a $rspI l *0x608048I watch exprI return 0I enable breakpointsI gcore

I set follow-fork-mode childI set scheduler-locking onI symbol-fileI add-symbol-fileI i sharedlibraryI gcc test.cpp -g -g3I maintenance info sectionsI set logging onI set print pretty onI gdb -p 1234 -ex ‘set n=0’ -batchI Ctrl-X Ctrl-A


Debugger Under the Hood Basics Bonus A Little Assembly Inlined Assembly Examples Disassembling

Syntax

I instruction src, des The first operand is the source, the second is the destinationI %register Register names are prefixed with a %, %% in inlined assemblyI $literal Literal values are prefixed with $I instruction{b,w,l,q} The instruction suffix denotes the operand sizeI seg:off(base, index, scale) Memory access



Common Used Registers

I rax, eax, ax, alI rbx, ebx, bx, blI rcx, ecx, cx, clI rdx, edx, dx, dlI rsi, esi, siI rdi, edi, diI rbp, rspI r8-r15I xmm0-xmm7



Stack Frame

+------+ +-----------------------+ || | | return address | || v +-----------------------+ || %ebp----> | old %ebp | || +-----------------------+ || %esp----> | local variables | || +-----------------------+ stack || | argument 2 | | growing| +-----------------------+ direction || | argument 1 | || +-----------------------+ || | return address | || +-----------------------+ |+--------------+ old %ebp | <-----%ebp |

+-----------------------+ || local variables | <-----%esp |+-----------------------+ || | _|_| Red Zone | \ /| | ’+-----------------------+



Calling Conventions

I Arguments, rdi, rsi, rdx, rcx, r8, r9, xmm0-xmm7I Arguments on stackI Return, rax, xmm0I Stack Frame, rbp, rsp



Data Representatoin

I IntegersI FloatsI StructuresI ClassesI ArraysI PC-relative Reference


That’s All.


Basic Format

1 asm ( <assembler template >2 : ["constraints"(var)] [,"constraints"(var)] /* output operands */3 : ["constraints"(var)] [,"constraints"(var)] /* input operands */4 : ["register"] [,"register"] [,"memory"] /* clobbered registers */5 );

Examplesasm("nop":::) nop

asm("incl %%eax") Access register directlyasm("movl $1, %0":"m"(ret)) Write to C variable

asm("movl %0, %%eax"::"m"(ret)) Read from C variableasm("addl %1, %0":"+"(a):"r"(b)) a = a + b

asm("incl global_var":::"memory") Write to arbitrary memory



Constraints

r register operands, any of the followings.a %rax, etc.b %rbx, etc.c %rcx, etc.d %rdx, etc.S %rsi, etc.D %rdi, etc.

q register operands, any of a, b, c, d.m memory operands.f floating poing register.

[0-9] matching constraints, both for inputand output.



Constraints

r register operands, any of the followings.a %rax, etc.b %rbx, etc.c %rcx, etc.d %rdx, etc.S %rsi, etc.D %rdi, etc.

q register operands, any of a, b, c, d.m memory operands.f floating poing register.

[0-9] matching constraints, both for inputand output.

asm ("int $0x80\n\t": "=a"(ret): "0"(4), "b"(fd), "c"(buf), "d"(n));



Constraints Modifiers

= operand is write-only.+ operand is used as both read and write.

Write-Only Exampleasm ("movl $1, %0" : "=r"(ret));



Constraints Modifiers

= operand is write-only.+ operand is used as both read and write.

Read-Write Exampleasm ("incl %0" : "+r"(ret));



Call C Functions

1 int2 main()3 {4 char *fmt = "Hello , %s\n";5 char *s = "World";6 int ret = 0;7 asm ("callq printf\n\t"8 : "=a"(ret)9 : "D"(fmt), "S"(s));

10 printf("ret: %d\n", ret);11 return 0;12 }



ExamplesDo System Call

1 /* syscall write */2 inline int as_write(int fd , char *buf , size_t n) {3 int ret;4 asm (5 "int $0x80\n\t"6 : "=a"(ret)7 : "0" (1), "D"(fd), "S"(buf), "d"(n)8 );9 return ret;

10 }



DisassemblingUsing GDB


Technology

Debugger Principle Overview & GDB Tricks