Linux 在指定的可执行文件之外使用 gdb 执行单步汇编代码会导致错误“找不到当前函数的边界”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2420813/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using gdb to single-step assembly code outside specified executable causes error "cannot find bounds of current function"
提问by Paul
I'm outside gdb's target executable and I don't even have a stack that corresponds to that target. I want to single-step anyway, so that I can verify what's going on in my assembly code, because I'm not an expert at x86 assembly. Unfortunately, gdb refuses to do this simple assembly-level debugging. It allows me to set and stop on appropriate breakpoint, but as soon as I try to single-step onwards, gdb reports the error "Cannot find bounds of current function" and the EIP doesn't change.
我在 gdb 的目标可执行文件之外,我什至没有对应于该目标的堆栈。无论如何,我想单步执行,以便我可以验证我的汇编代码中发生了什么,因为我不是 x86 汇编方面的专家。不幸的是,gdb 拒绝进行这种简单的汇编级调试。它允许我在适当的断点上设置和停止,但是一旦我尝试单步前进,gdb 就会报告错误“找不到当前函数的边界”并且 EIP 不会改变。
Additional details:
额外细节:
The machine code was generated by gcc asm statements and I copied it to the kernel memory location where it's executing, from the output of objdump -d. I wouldn't mind a simple way to use a loader to load my object code to a relocated address, but bear in mind the loading has to be done in a kernel module.
机器代码是由 gcc asm 语句生成的,我将它从 objdump -d 的输出复制到它正在执行的内核内存位置。我不介意使用加载器将目标代码加载到重定位地址的简单方法,但请记住加载必须在内核模块中完成。
I suppose another alternative would be to produce a fake kernel module or debug info file to give to gdb, to cause it to believe this area is within the program code. gdb works fine on the kernel executable itself.
我想另一种选择是生成一个虚假的内核模块或调试信息文件来提供给 gdb,使其相信这个区域在程序代码中。gdb 在内核可执行文件本身上运行良好。
(For those who really want to know, I'm inserting code at runtime into Linux kernel data space inside a VMware VM and debugging it from gdb remote debugging the kernel via VMware Workstation's built-in gdb stub. Note I'm not writing kernel exploits; I'm a security graduate student writing a prototype.)
(对于那些真正想知道的人,我在运行时将代码插入 VMware VM 内的 Linux 内核数据空间,并通过 VMware Workstation 的内置 gdb 存根从 gdb 远程调试内核进行调试。注意我不是在编写内核漏洞利用;我是一名安全研究生,正在编写原型。)
(I can set a breakpoint on each instruction inside my assembly. This works but would get quite laborious after a while, since the size of x86 assembly instructions varies and the location of the assembly will change every time I reboot.)
(我可以在我的程序集中的每条指令上设置一个断点。这行得通,但一段时间后会变得非常费力,因为 x86 程序集指令的大小各不相同,每次重新启动时程序集的位置都会改变。)
采纳答案by R Samuel Klatchko
You can use stepior nexti(which can be abbreviated to sior ni) to step through your machine code.
您可以使用stepi或nexti(可以缩写为si或ni)来逐步执行您的机器代码。
回答by Matthew Slattery
The most useful thing you can do here is display/i $pc, before using stepias already suggested in R Samuel Klatchko's answer. This tells gdb to disassemble the current instruction just before printing the prompt each time; then you can just keep hitting Enter to repeat the stepicommand.
display/i $pc在使用stepiR Samuel Klatchko 的回答中已经建议的那样之前,您可以在这里做的最有用的事情是。这告诉 gdb 在每次打印提示之前反汇编当前指令;然后您可以继续按 Enter 重复该stepi命令。
(See my answer to another questionfor more detail - the context of that question was different, but the principle is the same.)
(有关更多详细信息,请参阅我对另一个问题的回答- 该问题的上下文不同,但原理是相同的。)
回答by ephemient
Instead of gdb, run gdbtui. Or run gdbwith the -tuiswitch. Or press C-x C-aafter entering gdb. Now you're in GDB's TUImode.
而不是gdb,运行gdbtui。或者gdb用-tui开关运行。或C-x C-a输入后按gdb。现在您处于 GDB 的TUI模式。
Enter layout asmto make the upper window display assembly -- this will automatically follow your instruction pointer, although you can also change frames or scroll around while debugging. Press C-x sto enter SingleKey mode, where run continue up down finishetc. are abbreviated to a single key, allowing you to walk through your program very quickly.
Enterlayout asm使上部窗口显示程序集 - 这将自动跟随您的指令指针,尽管您也可以在调试时更改框架或滚动。按下C-x s可进入 SingleKey 模式,其中run continue up down finishetc. 缩写为单个键,让您可以非常快速地浏览您的程序。
+---------------------------------------------------------------------------+ B+>|0x402670 <main> push %r15 | |0x402672 <main+2> mov %edi,%r15d | |0x402675 <main+5> push %r14 | |0x402677 <main+7> push %r13 | |0x402679 <main+9> mov %rsi,%r13 | |0x40267c <main+12> push %r12 | |0x40267e <main+14> push %rbp | |0x40267f <main+15> push %rbx | |0x402680 <main+16> sub ##代码##x438,%rsp | |0x402687 <main+23> mov (%rsi),%rdi | |0x40268a <main+26> movq ##代码##x402a10,0x400(%rsp) | |0x402696 <main+38> movq ##代码##x0,0x408(%rsp) | |0x4026a2 <main+50> movq ##代码##x402510,0x410(%rsp) | +---------------------------------------------------------------------------+ child process 21518 In: main Line: ?? PC: 0x402670 (gdb) file /opt/j64-602/bin/jconsole Reading symbols from /opt/j64-602/bin/jconsole...done. (no debugging symbols found)...done. (gdb) layout asm (gdb) start (gdb)
