I’ve been recently interested in reading books and articles about hacking and I found out that Hacking:The art of exploitation is just a must read title. I am following the basic tutorials on how to work with standard Linux tools and analyze your code (Programming chapter). I am not a beginner in programming but working with Linux terminal is quite new for me. I am using the latest release of Kali Linux.
Right now my simple program below should be used to analyze how stack segment works.
int main(){
void stack_func(int a,int b, int c, int d){
char first;
int second;
first = 'c';
second = 220;
}
stack_func(1,2,3,4);
return 0;
}
The first problem is I cannot add any breakpoints for internal functions. Neither mine functions like stack_func() nor functions from libraries like strcpy etc. According to the book the pending breakpoint should resolve. Mine is just ignored and program finishes.
root@root:~/Folder# gdb -q ./stack Reading symbols from ./stack...done. (gdb) b stack_func Function "stack_func" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (stack_func) pending. (gdb) run Starting program: /root/Folder/stack [Inferior 1 (process 20421) exited normally] (gdb)
The second problem is that disassemble also doesn’t work for my function. Again according to the book I should be able to see assembler code for my function stack_func() but the result is below.
(gdb) disass stack_func() No symbol "stack_func" in current context. (gdb)
I appologize for any grammatical errors in text. 🙂
Advertisement
Answer
The problem is that you defined stack_func inside another function. This is called nested function and it is gcc extension in GNU C. This function has a bit other symbol name than you expect. To find out it’s exact symbol name you can use nm tool:
[ tmp]$ nm a.out |grep stack_func 00000000004004a6 t stack_func.1761
And set breakpoint and disassemble in gdb:
[ tmp]$ gdb -q ./a.out Reading symbols from ./a.out...done. (gdb) b 'stack_func.1761' Breakpoint 1 at 0x4004ba: file 111.c, line 6. (gdb) disassemble 'stack_func.1761' Dump of assembler code for function stack_func: 0x00000000004004a6 <+0>: push %rbp 0x00000000004004a7 <+1>: mov %rsp,%rbp 0x00000000004004aa <+4>: mov %edi,-0x14(%rbp) 0x00000000004004ad <+7>: mov %esi,-0x18(%rbp) 0x00000000004004b0 <+10>: mov %edx,-0x1c(%rbp) 0x00000000004004b3 <+13>: mov %ecx,-0x20(%rbp) 0x00000000004004b6 <+16>: mov %r10,-0x28(%rbp) 0x00000000004004ba <+20>: movb $0x63,-0x1(%rbp) 0x00000000004004be <+24>: movl $0xdc,-0x8(%rbp) 0x00000000004004c5 <+31>: nop 0x00000000004004c6 <+32>: pop %rbp 0x00000000004004c7 <+33>: retq End of assembler dump. (gdb)