I would like to catch a system call (more specifically access) and set a condition on it based on string comparison (obviously for arguments that are strings).

我希望捕获一个系统调用(更具体地说是访问),并基于字符串比较(显然是针对字符串的参数)在其上设置一个条件。

Specific example: when debugging ls I would like to catch access syscalls for specific pathnames (the 1st argument)

具体示例:调试ls时,我希望捕获特定路径名的访问syscalls(第一个参数)

int access(const char *pathname, int mode);

内部访问(const char *pathname, int模式);

So far, I have succeeded in manually inspecting the pathname argument of access (see [1]).

到目前为止,我已经成功地手动检查了访问的路径名参数(参见[1])。

I tried to use this blog post:

我试着使用这篇博文:

catch syscall access
condition 1 strcmp((char*)($rdi), "/etc/ld.so.preload") == 0

but failed (see [2]), as gdb informed me of a segfault and that Evaluation of the expression containing the function (strcmp@plt) will be abandoned.. However gdb suggested set unwindonsignal on.

但是失败了(参见[2]),因为gdb通知我有一个segfault,并且包含函数(strcmp@plt)的表达式的计算将被放弃。但是gdb建议设置unwindonsignal on。

Which I tried:

我试着:

set unwindonsignal on
catch syscall access
condition 1 strcmp((char*)($rdi), "/etc/ld.so.preload") == 0

but failed again (see [3]) with a similar error and the suggestion set unwindonsignal off...

但是再次失败(参见[3]),错误相似,建议设置unwindonsignal off…

I searched for the The program being debugged was signaled while in a function called from GDB. error message, but (I think) I didn't find something relevant.

我在GDB调用的函数中查找正在调试的程序的信号。错误信息,但是(我认为)我没有发现相关的东西。

Any help or ideas?

任何帮助或想法吗?

[1]

$ gdb ls
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
...
Reading symbols from ls...(no debugging symbols found)...done.
(gdb) catch syscall access
Catchpoint 1 (syscall 'access' [21])
(gdb) r
Starting program: /bin/ls 

Catchpoint 1 (call to syscall access), 0x00007ffff7df3537 in access () at ../sysdeps/unix/syscall-template.S:81
81  ../sysdeps/unix/syscall-template.S: No such file or directory.
(gdb) x /s $rdi
0x7ffff7df6911: "/etc/ld.so.nohwcap"
(gdb) c
Continuing.

Catchpoint 1 (returned from syscall access), 0x00007ffff7df3537 in access () at ../sysdeps/unix/syscall-template.S:81
81  in ../sysdeps/unix/syscall-template.S
(gdb) x /s $rdi
0x7ffff7df6911: "/etc/ld.so.nohwcap"
(gdb) c
Continuing.

Catchpoint 1 (call to syscall access), 0x00007ffff7df3537 in access () at ../sysdeps/unix/syscall-template.S:81
81  in ../sysdeps/unix/syscall-template.S
(gdb) x /s $rdi
0x7ffff7df9420 <preload_file.9747>: "/etc/ld.so.preload"

[2]

$ gdb ls
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
...
Reading symbols from ls...(no debugging symbols found)...done.
(gdb) catch syscall access
Catchpoint 1 (syscall 'access' [21])
(gdb) condition 1 strcmp((char*)($rdi), "/etc/ld.so.preload") == 0
(gdb) info breakpoints
Num     Type           Disp Enb Address            What
1       catchpoint     keep y                      syscall "access" 
    stop only if strcmp((char*)($rdi), "/etc/ld.so.preload") == 0
(gdb) r
Starting program: /bin/ls 

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
Error in testing breakpoint condition:
The program being debugged was signaled while in a function called from GDB.
GDB remains in the frame where the signal was received.
To change this behavior use "set unwindonsignal on".
Evaluation of the expression containing the function
(strcmp@plt) will be abandoned.
When the function is done executing, GDB will silently stop.

Catchpoint 1 (returned from syscall munmap), 0x0000000000000000 in ?? ()

[3]

$ gdb ls
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
...
Reading symbols from ls...(no debugging symbols found)...done.
(gdb) set unwindonsignal on
(gdb) catch syscall access
Catchpoint 1 (syscall 'access' [21])
(gdb) condition 1 strcmp((char*)($rdi), "/etc/ld.so.preload") == 0
(gdb) r
Starting program: /bin/ls 

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
Error in testing breakpoint condition:
The program being debugged was signaled while in a function called from GDB.
GDB has restored the context to what it was before the call.
To change this behavior use "set unwindonsignal off".
Evaluation of the expression containing the function
(strcmp@plt) will be abandoned.

Catchpoint 1 (returned from syscall munmap), 0x00007ffff7df3537 in access () at ../sysdeps/unix/syscall-template.S:81
81  ../sysdeps/unix/syscall-template.S: No such file or directory.
(gdb) x /s $rdi
0x7ffff7df6911: "/etc/ld.so.nohwcap"

1 个解决方案

#1

3

You can use the gdb internal function $_streq like this:

您可以使用gdb内部函数$_streq如下:

(gdb) catch syscall access
Catchpoint 1 (syscall 'access' [21])
(gdb) condition 1 $_streq((char *)$rdi, "/etc/ld.so.preload")
(gdb) ru
Starting program: /bin/ls 

Catchpoint 1 (call to syscall access), 0x00007ffff7df3537 in access ()
    at ../sysdeps/unix/syscall-template.S:81
81      ../sysdeps/unix/syscall-template.S: No such file or directory.
(gdb) p (char *)$rdi
$1 = 0x7ffff7df9420 <preload_file> "/etc/ld.so.preload"

更多相关文章

  1. Linux协议栈(3)——接收流程及函数
  2. 如何查看linux命令源代码和函数源代码
  3. Linux C 字符串输入函数 gets()、fgets()、scanf() 详解
  4. Linux中mprotect()函数的用法
  5. 在PreparedStatement中重用参数?
  6. LINUX下用SHELL脚本执行带输入输出参数的ORACLE存储过程并得到结
  7. C#中操作Oracle时的SQL语句参数的用法
  8. 使用带有派生列的SQL排名函数
  9. 数据库截取字符串SUBSTR函数的使用

随机推荐

  1. Layout布局
  2. android ImageButton 左中右分段排列
  3. Android(安卓)xUtils框架(一) DbUtils
  4. Android 配置环境
  5. 根据百度地图API得到坐标和地址并在地图
  6. android 4.2 修改默锁屏为无
  7. android实现猜扑克牌小游戏(改进:每次只可
  8. Android trouble shooting 整理
  9. Android(安卓)GPS架构分析-preview
  10. Glide使用方法汇总