是否可以调试由没有 gdb 标志编译的可执行文件生成的核心文件? [英] Is it possible to debug core file generated by a executable compiled without gdb flag?

问题描述

是否可以调试由没有 gdb 标志编译的可执行文件生成的核心文件?

Is it possible to debug core file generated by a executable compiled without gdb flag ?

如果是的话，有没有关于它的指示或教程?

If yes, any pointers or tutorials on it ?

推荐答案

是的，你可以.但这并不容易.我给你举个例子.

Yes you can. It will not be easy though. I will give you an example.

假设我有一个名为 foo.c 的程序:

Lets say that I have the following program called foo.c:

main()
{
    *((char *) 0) = '\0';
}

我会编译它并确保没有符号:

I'll compile it and make sure that there is no symbols:

$ cc foo.c
$ strip a.out
$ file a.out
a.out: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped

好的，是时候运行它了:

Ok, time to run it:

$ ./a.out
Segmentation fault (core dumped)

糟糕.似乎有一个错误.让我们启动一个调试器:

Oops. There seems to be a bug. Let's start a debugger:

$ gdb ./a.out core
[..]
Reading symbols from /tmp/a.out...(no debugging symbols found)...done.
[..]
Core was generated by `./a.out'.
Program terminated with signal 11, Segmentation fault.
#0  0x0804839c in ?? ()
(gdb) bt
#0  0x0804839c in ?? ()
#1  0xb7724e37 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
#2  0x08048301 in ?? ()

嗯，看起来很糟糕.没有符号.我们能弄清楚发生了什么吗?

Hmm, looks bad. No symbols. Can we figure out what happened?

(gdb) x/i $eip
=> 0x804839c:   movb   $0x0,(%eax)

看起来它试图将一个值为 0 的字节存储到 EAX 寄存器指向的内存位置.为什么失败了?

Looks like it tried to store a byte with a value of zero to the memory location pointed by the EAX register. Why did it fail?

(gdb) p $eax
$1 = 0
(gdb)

它失败了，因为 EAX 寄存器指向一个内存地址 0，它试图在该地址存储一个字节.糟糕！

It failed because the EAX register is pointing to a memory address zero and it tried to store a byte at that address. Oops!

不幸的是，我没有指向任何好的教程的指针.搜索gdb 逆向工程"会提供一些可能有用的链接.

Unfortunately I do not have pointers to any good tutorials. Searching for "gdb reverse engineering" gives some links which have potentially helpful bits and pieces.

更新:

我注意到评论是关于在客户处调试核心转储.当您将剥离的二进制文件发送给客户时，您应该始终保留该二进制文件的调试版本.

I noticed the comment that this is about debugging a core dump at a customer. When you ship stripped binaries to a customer, you should always keep a debug version of that binary.

我建议不要剥离甚至提供源代码.我编写的所有代码都与源代码一起发送给客户.我多次站在客户一边，面对一个不称职的供应商，该供应商运送了一个损坏的软件，但不知道如何修复它.糟透了.

I would recommend not stripping and even giving the source code though. All code that I write goes to a customer with the source code. I have been on the customer side too many times facing an incompetent vendor which has shipped a broken piece of software but does not know how to fix it. It sucks.

这似乎是这个问题的重复:

This seems to be actually a duplicate of this question:

调试没有符号的核心文件

那里有一些额外的信息.

There is some additional info there.

这篇关于是否可以调试由没有 gdb 标志编译的可执行文件生成的核心文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！