Ptrace&Debugger
ptrace is the system call used to trace a program and it's used primarly by debuggers like gdb to do their stuffs.
ptrace_on_segfault
Idea: write a ptrace-based command that take a list of address, set breakpoint
and dump a list of local variables, based with respect to the esp
/ebp
offset; also intercept SEGFAULT
and stop. First POC's code: ptrace.
For test you can use i_crash.c
$ ./ptrace_on_segfault ./i_crash 265
RIP: 41414141 Instruction executed: ffffffff 11
[I] child 17148 received signal 11
- http://blog.0x972.info/?d=2014/11/13/10/40/50-how-does-a-debugger-work
- https://github.com/laertis/ptrace
GDB
Remove annoying stuffs from gdb
(gdb) set confirmation off
(gdb) set pagination off
Exist a curses
interface
(gdb) tui enable
(gdb) layout asm
(gdb) focus cmd
- GDB Peda
- Tips for Productive Debugging with GDB
- GEF Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers
- Automate Debugging with GDB Python API
- dlinject Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace