Best IT Recipes

Using gdb for a one-stage build code outside the specified executable leads to the error "cannot find the boundaries of the current function"

I'm outside the gdb executable, and I don’t even have a stack that fits this purpose. I still want to take a one-step step so that I can check what happens in my assembler because I'm not an expert in x86 assembly. Unfortunately, gdb refuses to do this simple assembly-level debugging. This allows me to set and stop the appropriate breakpoint, but as soon as I try to take a single step forward, gdb reports the error "Unable to find the restrictions of the current function", and EIP does not change.

Additional Information:

The machine code was generated by the gcc asm statements, and I copied it to the kernel memory cell where it runs from the output of objdump -d. I would not mind using an easy way to use the loader to load my object code to a moved address, but remember that loading should be done in the kernel module.

I believe that another alternative would be to create a fake kernel module or debug info file to give gdb to make it believe that this area is in the program code. gdb works fine on the executable kernel itself.

(For those who really want to know, I paste the code at runtime into the Linux kernel data space inside VMware VM and debug it from remote gdb debugging using the gdb stub built into VMware Workstation. Do not write kernel exploits, I'm a security graduate student writing a prototype .)

(I can set a breakpoint for each command inside my assembly. This works, but will be quite laborious after a while, since the size of the x86 assembly instructions changes and the assembly location changes every time I reboot.)

+68
assembly x86 linux linux-kernel gdb
Mar 10 '10 at 21:36
source share
3 answers

You can use stepi or nexti (which can be shortened to si or ni ) to go through your machine code.

+89
Mar 10
source share

Instead of gdb run gdbtui . Or start gdb using the -tui switch. Or press Cx Ca after entering gdb . You are now in GDB TUI mode.

Enter layout asm to build the top window - this will automatically follow your command pointer, although you can also change frames or scroll through them while debugging. Press Cx s to enter SingleKey mode, where run continue up down finish , etc. Reduced to one key, which allows you to quickly go through your program.

    + ------------------------------------------------- -------------------------- +
 B +> | 0x402670 <main> push% r15 |
    | 0x402672 <main + 2> mov% edi,% r15d |
    | 0x402675 <main + 5> push% r14 |
    | 0x402677 <main + 7> push% r13 |
    | 0x402679 <main + 9> mov% rsi,% r13 |
    | 0x40267c <main + 12> push% r12 |
    | 0x40267e <main + 14> push% rbp |
    | 0x40267f <main + 15> push% rbx |
    | 0x402680 <main + 16> sub $ 0x438,% rsp |
    | 0x402687 <main + 23> mov (% rsi),% rdi |
    | 0x40268a <main + 26> movq $ 0x402a10,0x400 (% rsp) |
    | 0x402696 <main + 38> movq $ 0x0,0x408 (% rsp) |
    | 0x4026a2 <main + 50> movq $ 0x402510,0x410 (% rsp) |
    + ------------------------------------------------- -------------------------- +
 child process 21518 In: main Line: ??  PC: 0x402670
 (gdb) file / opt / j64-602 / bin / jconsole
 Reading symbols from /opt/j64-602/bin/jconsole...done.
 (no debugging symbols found) ... done.
 (gdb) layout asm
 (gdb) start
 (gdb)
+125
Mar 11 2018-10-11T00:
source share

The most useful thing you can do here is display/i $pc before using stepi , as R Samuel Klatchko already said. This tells gdb to parse the current statement just before printing the request each time; then you can just press Enter to repeat the stepi command.

(see my answer to another question in more detail - the context of this question was different, but the principle is the same.)

+22
Mar 11 '10 at 1:29
source share


More articles:


All Articles