Linux debugger

Linux debugger

aims

• GDB basic commands explain basic commands
• Use advanced plug-ins to enhance the GDB
• Multi-threaded multi-process debugger GDB personal summary
• GDB crack and anti-crack explain summary
• GDB debug embedded in

concept

• Based on the command line debugging method
• All are debugging a script can be written
• All architectures can debug code
• There are three debugging method for your choice
• GDB supports remote debugging, IDA support and the FBI

Installation GDB enhancement tools (gef)

• GDB version greater than 7.7
• wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh
• Network connectivity and ensure a successful update ubuntu (updated source.list using the apt-get update)

Try a small program with gdb debugging

• gcc -g option
• gdb gdb-test
• Some GDB commands

GDB command

Start method

• Local ordinary start gdb
• This error file location to start gdb core
• attch way to start gdb
• Remote Start gdbserver 0.0.0.0:1234 / path / to / file

Startup Options

-se sys-file

Basic Commands

set listsize
set args 10 20 30 40 50
path
show paths
save breakpoint name.bp
gdb elf -x name.bp
print *array@10
print file::variable

X / n-, F, U
n-is a positive integer representing the length of the display memory, the display content that is to say the current address from the address several rearwardly.
f denotes a display format, with the same format as the print parameter
u represents the number of bytes from the next address request, if not specified, GDB default is 4 bytes. u by the following parameters can be used instead of characters, b represents a single byte, h represents a two-byte, w represents four bytes, g represents eight bytes. When we specify the byte length, GDB will start from the memory means specified memory address, read and write the specified byte, and the value thereof is taken out as a.

ps -A view current processes
Strip the Test-1
bt
info about locals

Linux Program publishing process

• Determining whether there is a symbol table program
  readelf -s test-1
• Generating a symbol table
  objcopy --only-keep-debug test- 1 test-1.symbol
• Generating publisher
  objcopy --strip-debug test-1 test -release
• Program using the symbol table Debug
  GDB --symbol = -q = --exec 1.symbol Test-Release-Test
  Strip Release-Test
• symbol-file ./test-1.symbol

GDB install the plugin installation method

git clone https://github.com/gatieme/GdbPlugins.git ~/GdbPlugins

echo "source ~ / GdbPlugins / peda / peda.py"> ~ / .gdbinit -> cracks reverse
echo "source ~ / GdbPlugins / gef / gef.py"> ~ / .gdbinit ----> debug reverse
echo "source ~ / GdbPlugins / gdbinit / gdbinit " > ~ / .gdbinit -> personal customization

GDB pause / resume running

• Breakpoints
  conditional breakpoint
  BREAK IF
  info Breakpoints
  the Delete
  disable
  enable

condition 1 i==90
condition 1

• Viewpoint
  watch the address
  info watchpoints
  rwatch

• Capture Point
  catch Event
  the throw throw a C ++ exception catch the throw
  catch catch a C ++ exception catch catch
  stop catch when calling exev exec system call exec exe
  stop catch fork when calling fork fork system call
  when the load / load libname loaded dynamic link library the Load the catch / libname the catch the Load
  unload

jpeg-> garbled
securt.so
the catch the Load securt.so

x/nfu
p *array@len

Pause command
Commands bnum
.
.
.
.
End

commands bnum
end

xgoogle.top

Multi-process
resource: time slice coprocessor memory file
full replication
fork
multi-threaded
execution units

Multi-process debugging

1. Gdb determined in the process of tracking mode
   Show the Follow-fork-the MODE
   Show the detach-ON-fork

the MODE-fork-the detach the Follow-ON-fork
parent ON debugging only the parent process, the child process running
child on only debug the child process, the parent process uptime
parent off while debugging two processes, sub-processes suspended in the fork position
commissioning child off at the same time two processes, the parent process suspended fork position

2. Switching between processes
   info inferiors
   inferiors NUM

add-inferior [-copies n] [-exec executable]
detach
kill
remove

Multithreaded Debugging

gcc -g thread.c -o thread -lpthread
default number of days with the main thread stops on creat phread program

• GDB debugger to help you decide now to
  thread information info threads running
  b ... the Thread ...
  b Line the Thread threadno IF ...
• All threads will be interrupted because of a breakpoint

gcc -g thread.c -o thread -lpthread

show non-stop

set scheduler-locking off|on|step

off does not lock any thread
on the other thread locked, only the current thread execution

display is automatically displayed

display
undisplay num
info display

Running change program running

print i = 50
jump address
call func

Open core file

ulimit -c view the current file handle limit
sudo ulimit -c unlimited infinite set can generate Core
https://blog.csdn.net/wkd_007/article/details/79757289

Crack Me

chmod a+x
file pass_guess
strings pass_guess

 find 0x19e0000 ,+0xffff ,"chandler" 

peda

aslr on
aslr
elfheader

Download IDA PRO installed

1. Locate the entry address of the program

0x1acda8
call 0x80484ad
print $eip=0x80484ad

Reverse crack in the relationship:
Static -> resolution process breakpoint function key function of
dynamic -> View Memory modify the memory control program execution flow

NX stack unenforceable
PIE (ALSR)
relro

dumprop
elfheader
elfsymbol

Anti-debugging techniques

Packers / FILL

Fuzzy class method

Crack

./elfa xxxx

8 #include<stdio.h>
8 #include<stdio.h>
9 #include<unistd.h>
10 #include<sys/types.h>
11 #include<sys/wait.h>
12
13 int main()
14 {
15 pid_t pid = fork();//创建子进程
16
17 if(pid == -1)
18 {
19 perror(“fork error”);
20 return -1;
21 }
22 else if(pid == 0)//child
23 {
24 printf(“i am a child:my pid is %d,my father is %d\n”,getpid(),getppid());
25 }
26 else//father
27 {
28 printf(“i am a father:my pid is %d\n”,getpid());
29 wait(NULL);//等待子进程
30 }
31
32 return 0;
33
34 }

8 #include<stdio.h>
9 #include<pthread.h>
10
11 void* thread1(void* arg)
12 {
13 printf(“i am thread1,my tid is %u\n”,pthread_self());
14 return NULL;
15 }
16
17 void* thread2(void* arg)
18 {
19 printf(“i am thread2,my tid is %u\n”,pthread_self());
20 return NULL;
21 }
22
23 int main()
24 {
25 pthread_t tid1,tid2;
26 pthread_create(&tid1,NULL,thread1,NULL);//创建线程1
27 pthread_create(&tid2,NULL,thread2,NULL);//创建线程2
28
29 pthread_join(tid1,NULL);//等待线程1
30 pthread_join(tid2,NULL);//等待线程2
31
32 return 0;
33 }

RELRO

GOT-> Read-only
printf my_address

func my_address hook

void fun(char *s)
{

char buf[0x100];
strcpy(buf,s)

}

Examples of multi-threaded debugging

Start parameters
webd -d -p 8000 -s 4444 -e

rdi rsi rdx rcx r8 r9

netstat -aptn

openssl installed

list

ls -l /root/

rdi

rsi

rdx

rcx

r8

r9

Multi-process debugging

set follow-fork-mode parent/child

set detach-on-fork on/off

Info inferiors inferior information for each of the GDB debugging

id detach lower

Multithreaded Debugging

thread thread-id

info threads

thread apply [thread-id-list] cmd

thread apply [1-5] p/d temp

set print thread-events

set scheduler-locking off/on/step

Reverse break

1. Dynamic debugging and static analysis combined

2. Find validation function

   2.1 dynamic memory debugging feature value

   ​ 60----base1

   ​ 59— base2

   58 ----- base3

   57 ------- base4

   ​ base n

Debugging Extensions explain

1. 基于源码调试 
2. 基于Linux PC 二进制调试 
3. 基于嵌入式的二进制调试 
4. 基于内核模块的系统调试 

• 1. Based on source code debugging method