All geek questions in one place

Gdb convenient variable strcat

I want to use convenient variables to collect a list of things. I could not find anything about concatenating strings of convenient variables. So I tried something.

check this:

(gdb) set $foo="foo" (gdb) p $foo $45 = 0x84c7fd8 "foo" (gdb) call strcat($foo,"bar") $46 = 139231192 (gdb) p $foo $47 = 0x84c7fd8 "foobar"

Ok, so I tried crashing:

 (gdb) set $foo="foo" (gdb) set $bar="blue" (gdb) p $foo $48 = 0x85d9100 "foo" (gdb) p $bar $49 = 0x83cd1e8 "blue" (gdb) call memset($foo,' ',100000) $50 = 140349696 (gdb) call strlen($foo) $51 = 100001 (gdb) p $foo $52 = 0x85d9100 ' ' <repeats 200 times>... (gdb) p $bar $53 = 0x83cd1e8 "blue"

I'm lucky.

Yes:

 (gdb) call sprintf($foo, "%d %d %d\n", 1,2,3) *** glibc detected *** /dev_tools/base/LOCAL-4.0.8_RHEL5.4/bin/sicstus: malloc(): memory corruption: 0x085e8790 *** ======= Backtrace: ========= /lib/libc.so.6[0x9da250] /lib/libc.so.6(__libc_malloc+0x67)[0x9dbd87] /lib/libc.so.6(__libc_memalign+0x12b)[0x9dc01b] /lib/ld-linux.so.2(malloc+0x25)[0x966705] /dev_tools/base/LOCAL-4.0.8_RHEL5.4/bin/sicstus[0x80486f0] [0xa] ======= Memory map: ======== 00952000-0096c000 r-xp 00000000 fd:00 34185 /lib/ld-2.5.so 0096c000-0096d000 r--p 00019000 fd:00 34185 /lib/ld-2.5.so 0096d000-0096e000 rw-p 0001a000 fd:00 34185 /lib/ld-2.5.so 00970000-00aaf000 r-xp 00000000 fd:00 34194 /lib/libc-2.5.so 00aaf000-00ab0000 ---p 0013f000 fd:00 34194 /lib/libc-2.5.so

Perhaps this is the best way to do this:

 (gdb) set $foo=(char*)malloc(100000) (gdb) p $foo $83 = 0xf0d18bd0 "" (gdb) call memset($foo,' ',100000) $84 = -254702640 (gdb) set $foo[99999]=0 (gdb) call strlen($foo) $85 = 99999 (gdb) set $foo[0]=0 (gdb) call strcat($foo,"12345") $86 = -254702640 (gdb) call strcat($foo,"12345") $87 = -254702640 (gdb) p $foo $88 = 0xf0d18bd0 "1234512345"

Has anyone got a better idea?

EDIT

Thanks to the busy Russian language, this works:

 2 breakpoint keep y 0xf1b451ee in xxx at yyy.c:230 breakpoint already hit 30 times silent set logging on p szFileName set logging off cont

EDIT 2

Here are some materials that worked with malloc:

 1 breakpoint keep y 0xf1ac915f in xxx at yyy:346 breakpoint already hit 334 times silent call sprintf($foo+strlen($foo),"%.3s %.4s %lf\n", s1, s2, (p->Amts[0].lfAmt > 0.01) ? p->Amts[0].lfAmt : p->Amts[1].lfAmt) cont

before starting, I would do the following:

 (gdb) set $foo=(char*)malloc(100000) (gdb) set $foo[0]=0
+4
source share
1 answer

It:

 (gdb) set $foo="foo"

effectively executes $foo = strdup("foo") in the lower (debugged) process.

It:

 (gdb) call strcat($foo,"bar")

corrupts a bunch in the bottom. This is not a disaster for pure luck.

Has anyone got a better idea?

There is no better idea.

Also, I never had to pack things this way. It seems to me that you can achieve the same result in a much more flexible way, either by running GDB in emacs, or simply by cutting / pasting the values ​​you need into the editor buffer.

+2
source

Source: https://habr.com/ru/post/1414486/

More articles:


All Articles