Feeds:
Posts
Comments

Archive for the ‘debugger’ Category

Gnu Debugger not only can debug a program file but it can also do debugging with a running program.

Type the codes below and save it to ‘keypress.c’.

1 #include
2 main()
3 {
4 printf("Press any key to continue.\n");
5 getchar();
6 }

Compile and run the program

$ gcc keypress.c -g -o keypress
$ ./keypress
Press any key to continue.

Open another Linux Terminal and type: ps -aux | grep keypress to find the PID number.

$ ps -aux | grep keypress
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
1000 3392 0.0 0.0 1820 244 pts/0 S+ 08:56 0:00 ./keypress
1000 3457 0.0 0.0 4188 788 pts/1 S+ 08:57 0:00 grep --color=auto keypress
$

Debug the program with gdb. In order to do that, you have to be root otherwise you will get the error below.

$ gdb -pid 3392 -silent
Attaching to process 3392
Could not attach to process. If your uid matches the uid of the target
process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try
again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf
ptrace: Operation not permitted.
(gdb)

Now, you can debug the program with gdb.

$ sudo gdb --pid 3392 -silent
[sudo] password for darklinux:
Attaching to process 3392
Reading symbols from /home/darklinux/keypress...done.
Reading symbols from /lib/i386-linux-gnu/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/i386-linux-gnu/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
0x00ba5416 in __kernel_vsyscall ()
(gdb) list
1 #include
2 main()
3 {
4 printf("Press any key to continue.\n");
5 getchar();
6 }
(gdb)

Read Full Post »

The basic idea of using debugger is that you can stop the program and continue the process before it terminates so you examine and identify if there is a problem with program.

In this tutorial, I will show few stepping process after breakpoints.

  1. Continue or c
  2. Next or n
  3. Step or s
  4. Nexti or ni
  5. Stepi or si

To check if the program has already run or not, type: info program.

(gdb) info program
The program being debugged is not being run.

1. Continue
It will resume the program execution until complete or stop at next breakpoint.

Before we start, type the code below and save it to ‘break.asm’.

1 section .text
2 global _start
3 _start:
4
5 mov eax,1111
6 mov ebx,2222
7 call do_nothing1
8 call do_nothing2
9 call do_nothing3
10 mov ecx,3333
11 mov edx,4444
12 call exit
13
14
15 do_nothing1:
16 nop
17 nop
18 ret
19
20 do_nothing2:
21 nop
22 nop
23 ret
24
25 do_nothing3:
26 nop
27 nop
28 ret
29
30 exit:
31 mov eax,1
32 int 0x80

Compile the program without debug function.

$ nasm -f elf32 break.asm -o break.o
$ ld break.o -o break
$ gdb ./break --silent
Reading symbols from /home/darklinux/break...(no debugging symbols found)...done.

(more…)

Read Full Post »

Reverse the program process is very useful when you are debugging and realize that you need to go backward. Instead of re-run the whole process, starting GDB version 7, you can go to the previous process.

There are few reverse that you can do:

  1. reverse-continue or rc
  2. reverse-step or reverse-step count
  3. reverse-stepi
  4. next or reverse-next count
  5. reverse-nexti

Before you use ‘reverse’ command, you need to activate the recording process otherwise you will get an error below:
“Target child does not support this command”.

Let’s try.
Type the code below and save it to ‘break.asm’.

1 section .text
2 global _start
3 _start:
4
5 mov eax,1111
6 mov ebx,2222
7 call do_nothing1
8 call do_nothing2
9 call do_nothing3
10 mov ecx,3333
11 mov edx,4444
12 call exit
13
14
15 do_nothing1:
16 nop
17 nop
18 ret
19
20 do_nothing2:
21 nop
22 nop
23 ret
24
25 do_nothing3:
26 nop
27 nop
28 ret
29
30 exit:
31 mov eax,1
32 int 0x80

reverse01
(more…)

Read Full Post »

In this tutorial, I will show you how to set break point in gnu debugger. Break point is very useful if you want to observe a program flow, find a debug in it or do reverse engineering. Using break point, you can jump the process directly to your pointer and stop the program.

Let’s find out more details about it.
Type the code below and save it to ‘break.asm’.

1 section .text
2 global _start
3 _start:
4
5 mov eax,1111
6 mov ebx,2222
7 mov ecx,3333
8 mov edx,4444
9
10 push eax
11 push ebx
12 push ecx
13 push edx
14
15
16 mov eax,1
17 int 0x80

To activate the debugging function, you have to add option -gstabs when you compile a program.

$ nasm -f elf32 -gstabs break.asm -o break.o && ld break.o -o break
$

Run with program with gdb (gnu debugger).

$ gdb ./break
GNU gdb (Ubuntu/Linaro 7.3-0ubuntu2) 7.3-2011.08
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /home/darklinux/break...done.
(gdb)

Display the source code from line 1 to 20.

(gdb) list 1,20
1 section .text
2 global _start
3 _start:
4
5 mov eax,1111
6 mov ebx,2222
7 mov ecx,3333
8 mov edx,4444
9
10 push eax
11 push ebx
12 push ecx
13 push edx
14
15
16 mov eax,1
17 int 0x80
(gdb)

(more…)

Read Full Post »

What is a debugger?
Debugger is a program that used to test, explore or find a bug (error) in other program. Using debugger you can run the program step by step. You can analyze why a program crash. You can stop a program with a specific conditions. If you’ve ever worked with Debug, on old MS-DOS program, you can even create a simply new program.

There are few debugger available for Linux:
-GDB (gnu debugger)
-Radare (reverse engineering and analyzing binaries)
-DDD (data display debugger)
-Nemiver (debugger for GNOME)
-Valgrind (memory debugger)
-Electric Fence (Malloc debugger)

What is Gnu Debugger?
GDB is a free software, protected by GPL (General Public License). GPL is a software license, globally used, which guarantees end users the freedom to run, study, share and modify the software.

GDB is part of Gnu Project, first annouched on 27 September 1983 by Richard Stallman at MIT to develop a complete Unix-Like operating system which is free software. Gnu Debugger (GDB), Gnu Assembler (GAS) and Gnu C Compiler (GCC) are part of it.

GDB can be used to debug programs written C, C++, Assembly, ADA, D, Fortran, Go, Objective-C, OpenCL, Modula-2, Rust and Pascal (some still not work with pascal syntax). Richard Stallman was the original author of GDB.
(more…)

Read Full Post »

In this article, I will show you assembly command for arithmetic function.

INC
It’s increase ‘operand’ by 1 (one).
Syntax

INC destination

Type the codes below and save it to ‘inc.asm’. It’s a very simple program. It will increase the value in variable num by 1 from 2 to 3.

1 section .text
2 global _start
3 _start:
4
5 ;put number in num
6 mov eax,2
7 mov [num],eax
8 inc byte [num]
9
10 ;exit
11 mov eax,1
12 mov ebx,[num]
13 int 0x80
14
15 section .data
16 num db 0
17

Compile and run the program.

$ nasm -f elf32 inc.asm -o inc.o
$ ld inc.o -o inc
$ echo $?
0
$ ./inc
$ echo $?
3
$


(more…)

Read Full Post »

In assembly, register only know ASCII (American Standard Code for Information Interchange) characters. It mean, If you are working with number and need to display the result by calling syscall number 4 (32 bit x86), you can’t just put the result address into ecx register. Because, the ecx register will assume that your result in Hex number.
For example, your result is 7. ecx will assume that it’s 7hexadesimal not 7decimal meanwhile 7 is 37hexadesimal in ASCII table.

Let’s try in coding to see how it works.
It’s very simple program. I just do simple math, 4+2=6. I add 4 into eax register and 2 into ebx register. Then add ebx register to eax register, so the result will be:
eax = eax + ebx.
= 4 + 2
= 6

1 section .text
2 global _start
3 _start:
4
5 mov eax,4
6 mov ebx,2
7
8 add eax,ebx
9 mov [result],eax
10
11 mov eax,4
12 mov ebx,1
13 mov ecx,result
14 mov edx,1
15 int 0x80
16
17 mov eax,4
18 mov ebx,1
19 mov ecx,newline
20 mov edx,1
21 int 0x80
22
23 mov eax,1
24 int 0x80
25
26 section .data
27 newline db 0xA
28
29 section .bss
30 result resb 1

$ nasm -f elf32 add.asm -o add.o
$ ld add.o -o add
$ ./add
?
$

(more…)

Read Full Post »

What is stack register?
Stack is a group of memory which is use for storage informations during the execution of program. It’s temporary area in CPU.
How it work?
The First data that goes into the stack is the Last data that come out from the stack.

In this article I will show you how it works using gdb (gnu debugger).
First, I create a program named stack in assembly language. I name the file stack.asm.

section .text
 global _start
 _start:

push 0xAAAAAAAA
 push 0xBBBBBBBB
 push 0xCCCCCCCC
 push 0xDDDDDDDD

pop eax
 pop ebx
 pop ecx
 pop edx

exit:
 mov eax,1
 mov ebx,0
 int 0x80

stack01
Then I compile with “nasm” and link with “ld”. I add option -gstabs+ to tell nasm to save debugging information that I will use in gdb to print the line of assembler code that correspond to each assembler instruction. Since my processor is 32 bit, the format will be elf32.

$ nasm -f elf32 -gstabs+ stack.asm -o stack.o
$ ld stack.o - stack

stack02
Now, let start using gdb.
Type “gdb” followed by the program “stack”.

$ gdb stack
GNU gdb (Ubuntu/Linaro 7.3-0ubuntu2) 7.3-2011.08 
Copyright (C) 2011 Free Software Foundation, Inc. 
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it. 
There is NO WARRANTY, to the extent permitted by law. Type "show copying" 
and "show warranty" for details. 
This GDB was configured as "i686-linux-gnu". 
For bug reporting instructions, please see: 
... 
Reading symbols from /home/darklinux/assembly/stack...done. 
(gdb)

(more…)

Read Full Post »

« Newer Posts