Debugging C code with GDB: The GNU Project Debugger

-


GDB (The GNU Project Debugger) is a debugging tool that I admittedly have a love/hate relationship with. On the one hand it is extremely good at what it does, while on the other hand it has a terribly frustrating learning curve. After getting through the initial 'none of this is making sense' barrier, however, using GDB is a fantastic way to learn about C, assembly, and debugging.



GDB is started from the terminal with the following syntax:

gdb (options) (filename) 

To 'quietly' open a C file named 'Talisman' would require the following syntax: 

gdb -q Talisman 

The location of the file matters and will need to be specified if it isn't in the current working directory. 



Note: if the original source code was compiled without debugging options specified, a 'no symbols' error will be presented. This means the source code is not available for viewing inside GDB, however, we can still view the assembly code. 



When working with GDB there are a huge amount of commands that can be issued. GDB's complexity and sheer depth make it both terrifying and infinitely useful, depending on what you're trying to achieve. The following commands are a good step towards a basic proficiency with GDB.

Start

The start command will start the program and put a break point on the first instruction to be executed by the program. 

stepi

The stepi command steps through the program by a single instruction. Entering the command once and then pressing the return key will continue to step through the program instruction by instruction, until a new command is entered.



step

The step command steps through the code until it steps into a function. Using this command after 'start' will take you straight to the first function called by the code. 

info registers

The info registers command displays the register contents for the selected stack frame. Using this command after a Segmentation Fault will show the memory address of the Instruction Pointer at that moment in time - invaluable for memory buffer overflows!

 


info frame | frame

The info frame command will output information regarding the current stack frame, including the eip memory address and saved registers. The 'frame' command will display only the eip memory address. 

continue

The continue command will continue executing the program until reaching the next break or watch point. Break and watch points must be manually set before running the continue command.

x | x/20x | x/20i main 

The 'x' command is short for 'examine'. There are a couple of good ways to use this command. The first is 'x/20x' which will examine 20 spaces of memory addresses displayed in hexadecimal format. The second is 'x/20i' which will again display 20 spaces of memory addresses, only this time the output format will be in machine code. In both instances the number of addresses to display (20) can be changed as needed.



disassemble (function)

The disassemble command will show the machine code of the function that is given as an argument to the command. For instance, 'disassemble main' will display the machine code for the program's main function. 

kill

The kill command stops execution of the current program.

quit

When you're ready to return to life outside of GDB...



In the near future I will be writing about memory buffer overflows, for which GDB will prove to be a very useful tool. 

Comments

Post a Comment

Popular posts from this blog

Exploiting OpenSSH 4.7 / OpenSSL 0.9.8 (Metasploitable 2)

-
Image
Metasploitable 2 is a deliberately vulnerable machine designed by Rapid 7, the company behind the immensely powerful and popular Metasploit Project. The machine is intended to be used for general security training and target practice; a perfect way to spend a lazy Sunday! The focus for this particular post will be the OpenSSH 4.7 protocol used by the vulnerable machine. This version of OpenSSH is several years old now, but the lessons learned here are still transferable to other services and newer versions. Before diving into the exploit it is necessary to understand the protocol being attacked and why it was vulnerable in the first place. OpenSSH is the freely available, open-source version of the SSH protocol. SSH itself is a cryptographic network protocol used to connect with network services securely over an un-trusted network. In plain English this means SSH is a secure way to login to servers and embedded devices that support the SSH protocol. While SSH has other uses...
Read more

Reverse engineering a simple C program part 1: Strings, ltrace, hexdump

-
Image
Reverse engineering is something I find quite interesting, and a topic I am endeavoring to spend more time studying. There's nothing better than hands on practice, so lets take a look at a very simple 'license check' program written in C. Here's the code: This program will simply check for user input and then compare that input to a stored string. If the user input matches the string "ABCD-Z34K-42-OK" than the program will print "License confirmed" to the user. If the string does not match than the program will print "License incorrect" to the user. If no input is detected at all than the program simply prints "Usage: <key>" and exits. When this program is compiled none of the source code will be available. The process of compiling will result in the source code being translated (it can also be thought of as transforming) into the machine language that is read by computer hardware. Our challenge is to compile...
Read more

501 million 'Pwned Passwords'

-
Image
'Password strength' is a phrase that almost everyone will be familiar with to some degree. There is no universally agreed upon way to measure the strength of a password (this is somewhat part of a wider problem), which leads to every online service having a different system for gauging whether or not a given password is secure enough to be used. Normally, when discussing password security, the conversation will look something like this: "Make all of your passwords at least 16 characters long and never use them more than once" . I am going to take a different approach: I'm going to show you how not to protect yourself online, how to crack weak passwords with little to no effort, and how to check whether a password is already compromised before you use it online. With any luck, you'll be a little wiser about password security by the end of this post. To achieve all of this I'm going to use data from the recently released "Pwned Passwords" l...
Read more