I’ve been recently interested in reading books and articles about hacking and I found out that Hacking:The art of exploitation is just a must read title. I am following the basic tutorials on how to work with standard Linux tools and analyze your code (Programming chapter). I am not a beginner in programming but working with Linux terminal is quite new for me. I am using the latest release of Kali Linux.
Right now my simple program below should be used to analyze how stack segment works.
int main(){ void stack_func(int a,int b, int c, int d){ char first; int second; first = 'c'; second = 220; } stack_func(1,2,3,4); return 0;}The first problem is I cannot add any breakpoints for internal functions. Neither mine functions like stack_func() nor functions from libraries like strcpy etc. According to the book the pending breakpoint should resolve. Mine is just ignored and program finishes.
root@root:~/Folder# gdb -q ./stackReading symbols from ./stackdone.(gdb) b stack_funcFunction "stack_func" not defined.Make breakpoint pending on future shared library load? (y or [n]) yBreakpoint 1 (stack_func) pending.(gdb) runStarting program: /root/Folder/stack [Inferior 1 (process 20421) exited normally](gdb) The second problem is that disassemble also doesn’t work for my function. Again according to the book I should be able to see assembler code for my function stack_func() but the result is below.
(gdb) disass stack_func()No symbol "stack_func" in current context.(gdb) I appologize for any grammatical errors in text. 🙂
Advertisement
Answer
The problem is that you defined stack_func inside another function. This is called nested function and it is gcc extension in GNU C. This function has a bit other symbol name than you expect. To find out it’s exact symbol name you can use nm tool:
[ tmp]$ nm a.out |grep stack_func00000000004004a6 t stack_func.1761And set breakpoint and disassemble in gdb:
[ tmp]$ gdb -q ./a.out Reading symbols from ./a.outdone.(gdb) b 'stack_func.1761'Breakpoint 1 at 0x4004ba: file 111.c, line 6.(gdb) disassemble 'stack_func.1761'Dump of assembler code for function stack_func: 0x00000000004004a6 <+0>: push %rbp 0x00000000004004a7 <+1>: mov %rsp,%rbp 0x00000000004004aa <+4>: mov %edi,-0x14(%rbp) 0x00000000004004ad <+7>: mov %esi,-0x18(%rbp) 0x00000000004004b0 <+10>: mov %edx,-0x1c(%rbp) 0x00000000004004b3 <+13>: mov %ecx,-0x20(%rbp) 0x00000000004004b6 <+16>: mov %r10,-0x28(%rbp) 0x00000000004004ba <+20>: movb $0x63,-0x1(%rbp) 0x00000000004004be <+24>: movl $0xdc,-0x8(%rbp) 0x00000000004004c5 <+31>: nop 0x00000000004004c6 <+32>: pop %rbp 0x00000000004004c7 <+33>: retq End of assembler dump.(gdb)