I am studying on low-level security.
Of course, GNU Debugger (GDB) is my best friend to help me understand what is going on on the low-level side. Simply, GDB is a powerful debugger ( C and C++). Gdb can use debugging symbols that are generated by GCC ( -g) option.
As usual, this is not a full tutorial. I jotted down what is important to me:)
gdb – args ./main args1 // start gdb with argument
p/x variable // hexadecimal print
x memory_address // read memory address
p/t variable // binary print
b // set a breakpoint. It can be put on a function, or specific line in a file */
watch // set a watchpoint, act on variables
finish // runs until the current function is finished
bt // backtrace
thread apply all bt // print the backtrace of all threads, it is so useful to solve deadlock problem.
info threads // print summarised version of above commands
info registers // print the register value
info all-registers rsp // print the rsp register value
i r rsp // shortage
info all-registers // print all registers
info locals // print the local variable
handle SIGSEGV nostop // don't stop the program in case of SEGFAULT. I needed to handle SIGSEGV functions, but the gdb doesn't allow me.
info breakpoint // print all breakpoint
si // step by machine instructions rather than source lines
set disable-randomization off // ASLR is disabled at default, it can be open with this command
set scheduler-locking // in multithreading application to debug just for one thread.
off == no locking (threads may preempt at any time)
on == full locking (no thread except the current thread may run)
step == scheduler locked during every single-step operation.
In this mode, no other thread may run during a step command.
Other threads may run while stepping over a function call
p $_siginfo // to print the last signal info
If you want to connect your application with GDB while it is deadlock situation, please follow the blog.
gdb --args env LD_PRELOAD=/usr/local/lib/libstderred.so ls -l
set exec-wrapper env 'LD_PRELOAD=../../playground/sud-library-concept/libsud.so'
Quite usefull for understanding the low level stuff
To remote host, target remote localhost:1234
can be used. More target subcommand is here.
List of target subcommands:
target core - Use a core file as a target.
target exec - Use an executable file as a target.
target extended-remote - Use a remote computer via a serial line, using a gdb-specific protocol.
target native - Native process (started by the "run" command).
target record-btrace - Collect control-flow trace and provide the execution history.
target record-core - Log program while executing and replay execution from log.
target record-full - Log program while executing and replay execution from log.
target remote - Use a remote computer via a serial line, using a gdb-specific protocol.
target tfile - Use a trace file as a target.
Have a nice debugging :)