[AIdrifter CS 浮生筆錄](https://hackmd.io/bKL1LVo8RaCKn02uHJW2BA#) :<br> Debug Hacks <br> Ch2 : Debug前該知道的事

# [AIdrifter CS 浮生筆錄](https://hackmd.io/bKL1LVo8RaCKn02uHJW2BA#) :<br> Debug Hacks <br> Ch2 : Debug前該知道的事 - 介紹debuger(GDB), intel 架構, stack, function argument 運作方式。 ## Process Core Dump ### Get Process core dump - 啟用linux core dump 機制 ```bash # unlimited ulimit -c unlimited # bytes size ulimit -c 1234567 ``` - 故意寫 coredump file code ```C #include <stdio.h> #include <stdlib.h> int main() { int *a = NULL; *a = 0x1; return 0; } ``` - 透過core dump file除錯 ```shell gcc -g main.c gdb -c core ./a.out ``` - gdb show information ```gdb [New LWP 20545] Core was generated by `./a.out'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000055d3dff72670 in main () at main.c:12 12 *a = 0x1; ``` ### 產生目錄專用的coredump file ```shell # case 1 cat /etc/sysctl.conf kernel.core_pattern = /tmp/cores/core.%e.%p.%h.%t kernel.core_user_pid = 0 # case 2 : use pipe to compress core dump file cat /proc/sys/kernel/core_pattern |/usr/share/apport/apport %p %s %c %d %P ## Absolute path mkdir /tmp/cores/ echo "/tmp/cores/core.%e.%p.%h.%t" > /proc/sys/kernel/core_pattern ## relative path echo "core.%e.%p.%t" > /proc/sys/kernel/core_pattern ``` ### 利用Core Dump Masking 跳過共享記憶體範圍 - 在多process情境下 core dump檔案要如何進行設定為佳? ```shell root@aidrifter-VM /p/4900# cat coredump_filter 00000033 ``` ### 利用core dump file debug ``` gdb a.out gdb) set solib-absolute-prefix symbols gdb) core core.xxxxx gdb) bt ``` ## How to use GDB (I) ### 加入 -g 參數去debug - `Werror` : 把warnning 視為錯誤 - `O2` : optimize - inline functino會被自動展開，symbol table不會記載該function - local變數被放到register內，gdb無法顯示該local變數的值 - 作者不建議拿掉`-O`，因為不好mantain，最少要知道怎樣去最佳化的過程。 ```shell # gcc gcc -Wall -O2 -g *.c # makefile CFLAGS = -Wall -O2 -g # confiure ./configure CFLAGS="-Wall -O2 -g" ``` ### b : Break Point - `b` 設定中斷點 ```shell # function b main # file and line number b main.c:123 # file and function b test.c:foo ``` ### r : run program - `r` run program ### info : show information ```shell # sholl all break points info break info b # delete break point or watch point delete 3 # show stack frame info s # show registers info reg ``` ### bt : back trace - `bt` show backtrace ```shell # show 3 frame and their local variable bt full -3 ``` ### p : printf ```shell p argv p *argv p argv[0] # hex p/x local_var # printf register eax p $eax # printf program counter <=> p $eip p $pc ``` ### x : x/NFU ADDR - ADDR : address - N : 重複次數 - F : 前面格式字元 ```shell # disassemble pc's command x/i $pc 0x8048ebd <main+173> cmp $0x6e,%eax # disassemble pc's list 10 command x/i $pc 0x8048ebd <main+173> cmp $0x6e,%eax 0x8048ec0 0x8048ec6 0x8048ecc 0x8048ecf ... ``` ### disassem : 反組譯 ```shell # dissassemble $pc ~ $pc+50 disassem $pc $pc+50 ```` ### n : next 逐步執行 ### c : continue到中斷點 or signal ### wathc : watch point ```shell watch awatch rwatch ``` ### set variable : change bariable ```shell set variable options = 0 print options ``` ### 產生core file - 為正在debug的process產生core file ```shell # generate core dump file generate-core-file # Get core file without terminating process status gcore `pidof emcas` ``` ## How to use GDB (II) ### gdb attach $pid ```shell sleep 1000 ps -aux | grep sleep aidrifter@aidrifter-VM$ ps -aux | grep sleep aidrift+ 30054 0.0 0.0 7580 720 pts/8 S+ 09:33 0:00 sleep 1000 aidrift+ 30131 0.0 0.0 14528 916 pts/9 S+ 09:35 0:00 grep --color sleep # attach process pid sudo su (gdb) attach 30054 Attaching to process 30054 Reading symbols from /bin/sleep...(no debugging symbols found)...done. Reading symbols from /lib/x86_64-linux-gnu/libc.so.6...Reading symbols from /usr/lib/debug//lib/x86_64-linux-gnu/libc-2.24.so...done. done. Reading symbols from /lib64/ld-linux-x86-64.so.2...Reading symbols from /usr/lib/debug//lib/x86_64-linux-gnu/ld-2.24.so...done. done. 0x00007f00c2a892d0 in __nanosleep_nocancel () at ../sysdeps/unix/syscall-template.S:84 84 ../sysdeps/unix/syscall-template.S: No such file or directory. (gdb) bt #0 0x00007f00c2a892d0 in __nanosleep_nocancel () at ../sysdeps/unix/syscall-template.S:84 #1 0x0000555f4a95190f in ?? () #2 0x0000555f4a9516f0 in ?? () #3 0x0000555f4a94e994 in ?? () #4 0x00007f00c29dc3f1 in __libc_start_main (main=0x555f4a94e780, argc=2, argv=0x7ffd175385f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd175385e8) at ../csu/libc-start.c:291 #5 0x0000555f4a94ea6a in ?? () ````