I'm debugging a vulnerable app on a remote host. I've set up gbserver on the host with:
我正在远程主机上调试易受攻击的应用程序。我在主机上设置了gbserver:
gdbserver host:1234 /my/target/app
On my local host I've connected with:
在我连接的本地主机上:
$ gdb /same/target/app
gdb$ target extended-remote 192.168.0.100:1234
I connect successfully and can proceed to set a breakpoint on a target instruction, ie:
我成功连接并可以继续在目标指令上设置断点,即:
$gdb disas vuln_function
....
0x08048e6b <+116>: ret
End of assembler dump.
gdb$ b *0x08048e6b
Breakpoint 1 at 0x8048e6b
Looking at the disassembled function code and having tested this on the host itself, I'm 100% sure I'm breaking on the right address and in any case I'm triggering a buffer overflow which should make gdb break by itself.
看看反汇编的功能代码,并在主机上测试了这个,我100%肯定我打破了正确的地址,无论如何我都在触发缓冲区溢出,这应该让gdb自行解决。
But instead of getting the usual breakpoint on my gdb client, nothing happens. gdbserver freezes on the BO (so I'm guessing it did break on the ret) without throwing the segfault. gdb doesn't seem to be crashing or behaving abnormally other than not giving me a prompt on the breakpoint.
但是没有在我的gdb客户端上获得通常的断点,没有任何反应。 gdbserver在BO上冻结(所以我猜它确实在ret上中断了)而没有抛出段错误。除了没有在断点上给出提示之外,gdb似乎没有崩溃或表现异常。
Is there a special way to set breakpoints when debugging with gdbserver?
在使用gdbserver进行调试时是否有一种特殊的方法来设置断点?
2 个解决方案
#1
1
Is there a special way to set breakpoints when debugging with gdbserver?
在使用gdbserver进行调试时是否有一种特殊的方法来设置断点?
No, it's supposed to work just as with local debugging.
不,它应该像本地调试一样工作。
You should first convince yourself that your setup is sane by doing remote debugging on a local host (both gdb and gdbserver run on local host).
您应首先通过在本地主机上执行远程调试(在本地主机上运行gdb和gdbserver)来说服您自己的设置是正确的。
If that works, your problem is likely that local gdb and remote target process are using different application binary (or different libc.so).
如果可行,那么您的问题可能是本地gdb和远程目标进程正在使用不同的应用程序二进制文件(或不同的libc.so)。
#2
0
Is there a special way to set breakpoints when debugging with gdbserver?
在使用gdbserver进行调试时是否有一种特殊的方法来设置断点?
Make sure you have compiled executable with debug symbols -g -O0 When debugging remote, gdb client does not know where to load symbols from. You have two options:
确保已使用调试符号编译可执行文件-g -O0调试远程时,gdb客户端不知道从哪里加载符号。你有两个选择:
1. specify executable when starting gdb
gdb <executable>
(gdb) target remote <IP>:<port>
(gdb) load <executable>
gdb should know symbols now
(gdb) b main
(gdb) mon reset
(gdb) contnue
it should break at main
(gdb) bt
2. use file command to tell about the symbols.
gdb
(gdb) target remote <IP>:<port>
(gdb) load <executable>
(gdb) file <executable>
gdb should know symbols now
(gdb) b main
(gdb) mon reset
(gdb) contnue
it should break at main
(gdb) bt
#1
1
Is there a special way to set breakpoints when debugging with gdbserver?
在使用gdbserver进行调试时是否有一种特殊的方法来设置断点?
No, it's supposed to work just as with local debugging.
不,它应该像本地调试一样工作。
You should first convince yourself that your setup is sane by doing remote debugging on a local host (both gdb and gdbserver run on local host).
您应首先通过在本地主机上执行远程调试(在本地主机上运行gdb和gdbserver)来说服您自己的设置是正确的。
If that works, your problem is likely that local gdb and remote target process are using different application binary (or different libc.so).
如果可行,那么您的问题可能是本地gdb和远程目标进程正在使用不同的应用程序二进制文件(或不同的libc.so)。
#2
0
Is there a special way to set breakpoints when debugging with gdbserver?
在使用gdbserver进行调试时是否有一种特殊的方法来设置断点?
Make sure you have compiled executable with debug symbols -g -O0 When debugging remote, gdb client does not know where to load symbols from. You have two options:
确保已使用调试符号编译可执行文件-g -O0调试远程时,gdb客户端不知道从哪里加载符号。你有两个选择:
1. specify executable when starting gdb
gdb <executable>
(gdb) target remote <IP>:<port>
(gdb) load <executable>
gdb should know symbols now
(gdb) b main
(gdb) mon reset
(gdb) contnue
it should break at main
(gdb) bt
2. use file command to tell about the symbols.
gdb
(gdb) target remote <IP>:<port>
(gdb) load <executable>
(gdb) file <executable>
gdb should know symbols now
(gdb) b main
(gdb) mon reset
(gdb) contnue
it should break at main
(gdb) bt