我可以使用 GDB 调试正在运行的进程吗? [英] Can I use GDB to debug a running process?
问题描述
在linux下,可以使用GDB调试当前正在运行的进程吗?
是的.使用 attach 命令.查看此链接了解更多信息.在 GDB 控制台输入 help attach 会得到以下结果:
(gdb) 帮助附件附加到 GDB 之外的进程或文件.此命令附加到另一个目标,与您上次的类型相同target"命令(info files"将显示您的目标堆栈).该命令可以将进程 ID、进程名称作为参数(以可选的 process-id 作为后缀)或设备文件.对于进程 ID,您必须有权向进程发送信号,并且它必须具有与调试器相同的有效 uid.当对现有进程使用attach"时,调试器会发现进程中运行的程序,首先在当前工作中查找目录,或者(如果没有找到)使用源文件搜索路径(参见directory"命令).您也可以使用file"命令指定程序,并加载其符号表.
<小时>
注意:由于 在Linux 内核 - 例如从另一个 shell 附加到一个 shell 的子代.
您可能需要根据您的要求设置 /proc/sys/kernel/yama/ptrace_scope.许多系统现在默认为 1 或更高版本.
sysctl 设置(只能用 CAP_SYS_PTRACE 写入)是:0 - 经典的 ptrace 权限:一个进程可以 PTRACE_ATTACH 到任何其他在相同 uid 下运行的进程,只要它是可转储的(即没有转换 uid、启动特权或调用prctl(PR_SET_DUMPABLE...) 已经).同样,PTRACE_TRACEME 是不变.1 - 受限 ptrace:进程必须具有预定义的关系与它想要调用 PTRACE_ATTACH 的低级.默认情况下,这种关系仅是其后代的关系,当上述经典标准也得到满足.为了改变关系,一个劣质可以调用 prctl(PR_SET_PTRACER, debugger, ...) 来声明允许的调试器 PID 在下级上调用 PTRACE_ATTACH.使用 PTRACE_TRACEME 没有改变.2 - 仅管理员附加:只有具有 CAP_SYS_PTRACE 的进程可以使用 ptrace使用 PTRACE_ATTACH,或通过调用 PTRACE_TRACEME 的子级.3 - 没有附加:没有进程可以使用带有 PTRACE_ATTACH 的 ptrace 或通过PTRACE_TRACEME.一旦设置,此 sysctl 值将无法更改.Under linux, can I use GDB to debug a process that is currently running?
Yes. Use the attach command. Check out this link for more information. Typing help attach at a GDB console gives the following:
(gdb) help attachAttach to a process or file outside of GDB. This command attaches to another target, of the same type as your last "
target" command ("info files" will show your target stack). The command may take as argument a process id, a process name (with an optional process-id as a suffix), or a device file. For a process id, you must have permission to send the process a signal, and it must have the same effective uid as the debugger. When using "attach" to an existing process, the debugger finds the program running in the process, looking first in the current working directory, or (if not found there) using the source file search path (see the "directory" command). You can also use the "file" command to specify the program, and to load its symbol table.
NOTE: You may have difficulty attaching to a process due to improved security in the Linux kernel - for example attaching to the child of one shell from another.
You'll likely need to set /proc/sys/kernel/yama/ptrace_scope depending on your requirements. Many systems now default to 1 or higher.
The sysctl settings (writable only with CAP_SYS_PTRACE) are:
0 - classic ptrace permissions: a process can PTRACE_ATTACH to any other
process running under the same uid, as long as it is dumpable (i.e.
did not transition uids, start privileged, or have called
prctl(PR_SET_DUMPABLE...) already). Similarly, PTRACE_TRACEME is
unchanged.
1 - restricted ptrace: a process must have a predefined relationship
with the inferior it wants to call PTRACE_ATTACH on. By default,
this relationship is that of only its descendants when the above
classic criteria is also met. To change the relationship, an
inferior can call prctl(PR_SET_PTRACER, debugger, ...) to declare
an allowed debugger PID to call PTRACE_ATTACH on the inferior.
Using PTRACE_TRACEME is unchanged.
2 - admin-only attach: only processes with CAP_SYS_PTRACE may use ptrace
with PTRACE_ATTACH, or through children calling PTRACE_TRACEME.
3 - no attach: no processes may use ptrace with PTRACE_ATTACH nor via
PTRACE_TRACEME. Once set, this sysctl value cannot be changed.
这篇关于我可以使用 GDB 调试正在运行的进程吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
