在调试堆栈溢出的时候,用gdb加载文件运行的时候的地址会和直接运行的地址有出入,这个时候我们需要先在没有gdb的情况下运行程序,程序崩溃会生成core文件
然后我们用gdb filename core进行调试
我在ubuntu上测试的时候会发现当前目录里面并没有生成core文件,在研究一番后发现需要修改/proc/sys/kernel/core_pattern 文件
然后我们用root来执行下面命令:
$> mkdir -p /tmp/cores
$> chmod a+rwx /tmp/cores
$> echo “/tmp/cores/core.%e.%p.%h.%t” > /proc/sys/kernel/core_pattern
然后在运行文件,然后会在/tmp/cores目录下面生成core文件:
➜ challenge11 git:(master) ✗ ll /tmp/cores
total 100K
-rw——- 1 kow kow 516K Jan 15 00:07 core.challenge11.25425.ubuntu.1516003636
然后就可以调试了:
➜ challenge11 git:(master) ✗ gdb challenge11 /tmp/cores/core.challenge11.25425.ubuntu.1516003636
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type “show copying”
and “show warranty” for details.
This GDB was configured as “x86_64-linux-gnu”.
Type “show configuration” for configuration details.
For bug reporting instructions, please see:
Find the GDB manual and other documentation resources online at:
For help, type “help”.
Type “apropos word” to search for commands related to “word”…
Reading symbols from challenge11…(no debugging symbols found)…done.
[New LWP 25425]
Core was generated by `./challenge11 �����������������������������������������1�Ph//shh/bin��PS���
A’.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0xffffd67a in ?? ()
在调试的时候需要注意ASLR是否关闭,不然调试core文件的时候会遇到cannot access memory的错误:
通过修改 /proc/sys/kernel/randomize_va_space 来开关ASLR功能
值为2的时候开启,0的时候关闭
感谢我昊的帮助,他还推荐了sysdig,回头我再研究研究
参考文章:
The Core Pattern (core_pattern), or how to specify filename and path for core dumps
http://blog.csdn.net/white_eyes/article/details/7169199