Geek Answers Handbook

Can GDB change the build code of a running program?

I want to add additional functionality to / bin / ls.
So I started it on gdb and added a breakpoint at the beginning.

Now the question is: how can I change the code of a running program in memory? I see the assembly code, but I can not change. How can i do this?

On Windows, I can easily do this with olldbg, for example. What about Linux?

(I know that by doing this I would only change the process code in memory. Therefore, I can write the memory to a file and then save my changes to the binary).

Thanks.

+9
source share
5 answers

You can write the binary to memory directly, but GDB does not have a default assembler assembly, you can do something like set *(unsigned char*)0x80FFDDEE = 0x90 to change the mnemonics at this address to NOP, for example. However, you can use NASM to write shell code and use perl or python to enter it into the program :)

You may also like this small .gdbinit file to facilitate debugging: https://gist.github.com/985474

+15
source

I would recommend a different approach: Download the coreutils package and change the source code for ls . If possible, you should get the package from the distribution source repositories and apply any fixes.

+6
source

Here is a blog post explaining how to change the code at runtime for both gdb and Visual Studio.

+3
source

compile code command

Introduced around 7.9, it allows you to compile and embed code. Documentation: https://sourceware.org/gdb/onlinedocs/gdb/Compiling-and-Injecting-Code.html

I gave a minimal example in this answer .

Although this is not a valid code modification, it allows you to compile some code on the fly and run it once right away, which may be enough.

And the GNU boiler presentation suggests that the actual code modification can be added later as an extension of this function, see Slide 30 “Fix and Continue”.

There are several constructs that did not work as I expected, such as return , so I asked why: In the GDB compilation code command, which language constructs behave exactly as if they were present in the source code?

+2
source

You can use gcc-plugin to write an extension to modify your code and add any additional features during compilation. if you work with machine-level code, you should use binary tools like Pin and Dyninst to write your binary to disk. However, if overhead is an important issue, you should carefully work with such tools.

0
source

More articles:


All Articles