DDD interface to GDB debugger

Document Sample
DDD interface to GDB debugger Powered By Docstoc
					                    Nasm preprocessor –single-line macros
NASM contains a powerful macro processor, which supports conditional
assembly, multi-level file inclusion, two forms of macro (single-line and multi-
line), and a `context stack' mechanism for extra macro power.
Preprocessor directives all begin with a % sign.
1. %define – defines single-line macro
%define param (a, b) ((a)+(a)*(b))
mov byte [param (2, ebx)], 1                             mov byte [(2)+(2)*(ebx)], 1
                                  which will expand to
2. %undef – undefines defined single-line macro
%define foo goo
%undef foo
1. You can redefine the same macro – the latest definition will be the right.
2. Use %idefine to make a definition not case sensitive (by default it is case sensitive)
3. Use %xdefine => macro would be expanded only when it is called (it can be useful for
macros redefinition).
                 Nasm preprocessor –multiple-line macros
%macro    … %endmacro mechanism
%macro prologue 1             this macro gets only one parameter
   push ebp
   mov ebp,esp                      means: the first parameter of the macro
   sub esp,%1
my_func: prologue 12                                    push ebp
                       which will expand to             mov ebp,esp
                                                        sub esp,12
%macro silly 2           silly 'a', letter_a ;         letter_a: db 'a'
   %2: db %1             silly 'ab', string_ab ;       string_ab: db 'ab'
%endmacro                silly {13,10}, crlf ;         crlf: db 13,10

 Task: define a macro that gets 3 parameters (integers) and calls to printf with
 these parameters.
                     DDD interface to GDB debugger

GDB – GNU Source-Level Debugger.
GDB can do four main kinds of things:
start your program, specifying anything that might affect its behavior-
- make your program stop on specified conditions
- examine what has happened, when your program has stopped
- change things in your program, so you can experiment with correcting the effects
of one bug and go on to learn about another
DDD – Data Display Debugger.
DDD is a graphic interface for DGB.
1. Richard Stallman was the original author of GDB.
You can see more information about GDB in its homepage:
2. DDD can be also used with different debuggers, like DBX, Ladebug, XDB, JDB, PYDB,
Perl and so on.
                             DDD installation

You can install DDD (and GDB) in your computer (you must run Linux or Unix of
course) – this software is free .
Go to DDD homepage to download it: .
You should download GDB as well.
                                        run DDD
We will use sample executable file.
We can get it by compiling the following two files: asm.s and main.c.
To run DDD simply type
> ddd
you should get the following window 

          argument field

          source window

          command tool

    Note: if you don’t see any
    window , use
    View  <window name>
    menu option.

            machine code
            debugger console

            status line
                             open program (execution file)
To open your executable file (in our case it is sample):
- File  Open Program
- choose sample file
you should get the following window 

You file would appear in the
machine code window (since
there is no source file, source
file window displays nothing.
 Note: you can resize windows
 with resize buttons

To get help on any DDD option:
Move mouse cursor on any field,
button or menu option. After a few
seconds you will get a short
explanation about an object you
If you want to get more help with
the object, press F1.
             move between functions (labels) of the program

You can move between different functions (labels) of the program:
- print function (label) name in Argument field
- press Enter button
Task: see code for main, my_func, LC0.
                                 Define breakpoints
The first thing to do now is to place a Breakpoint , making sample stop at a
location you are interested in:
- click on the blank space left to the first code line
- the Argument field (): now contains the location (0x080484d0 in the example)
- now, click on Break to create a breakpoint at the location in (). You see a little red
stop sign appear in line 0x080484d0.

This is reported in the
debugger console:
(gdb) break * 0x080484d0
Breakpoint 1 at 0x080484d0

                                   program execution
- Program  Run
(Run Program dialog box appears)
In Run with Arguments, you can enter arguments for the program.

- press “Run” button
(Now GDB starts executing sample)
Execution stops after the breakpoint
is reached. This is reported in the
debugger console:
(gdb) run
Starting program:
Breakpoint 1, 0x080484d0
                             Examine registers values
You can examine register value by simply move the mouse pointer on its name and
leave it there.
To see values of all registers:
- Status  Registers
(Registers window pops up)
Print register value:
- choose register (on registers window)
- press “Print” button

This is reported in the
debugger console:
(gdb) print /x $ebx
$13 = 0x42130a14
                          Examine registers values (2)
Display register value:
- choose register (on registers window)
- press “Display” button

Data Window will pop up.
On this window, a value of ebx
register will be displayed.

Task: display value of esp
register; then make two step
(press twice on “Stepi” button)
– its value should be changed,
because we executed
 “mov esp, ebp” instruction !

Note: you can remove displayed register by pressing “Undisplay” button
                            examine registers values (3)
You can change a basis of the display:
- click on the display of esp (to mark it)
- press on “Display” button and don’t release
(menu should appear with all display options)
- choose “Convert to bin”
(display of esp value in binary basis should appear)
- choose “Convert to dec”
(display of esp value in decimal
 basis should appear)
                            execute program step by step
To execute next step you should press:
- “Stepi” (executes one machine code instruction)
- “Step” (executes one source code instruction)
- “Nexti” (as Stepi, but proceed through subroutine calls)
- “Next” (as Nexti, but for source code)
You can undo the last step by using “Undo” button.
It would restore registers (and variables) values.
BUT, it’s almost always just for a view – i.e. IP value isn’t changed !
Note: if you stepped into a function (for example, into call to printf) you can undo
this step – it would really take you back to the previous instruction.
Then you can press Nexti button to skip a function call.
It doesn’t work in inverse case.
- step into printf function;
- then press “Undo” and return to “call printf” instruction;
- skip the call to printf.
                        execute program step by step (2)
Task: run (step by step) the program till reach a call to printf. Step into it.
You can see back trace of calls
 (to subroutines):
- Status  Backtrace
(Backtrace window should pop up)

You can see that there was one call
(from main) to printf.
- click on “… main () “
(you should return to the main function
on Machine code window)
- click on “…printf ()”
- close Backtrace window
- press “Finish” button (of
Command tool)
                                          => What happened?
                   execute program step by step (3)

The answer is that Finish button caused the program to run until
selected stack frame (printf function frame) returns.
So we just continued execution of the program and stopped because
returned to the frame of main.
                             press “Finish” button
                         examine stack and memory
We can see memory content:
- Data  Memory
(Examine Memory window should pop up)
- from: my_func (label) / 0x080484d0 (numerical address)
- examine: 4 (4 bites, from the given address)
- choose basis: hex / dec / …
or instruction ( 4 instructions, from the given address)
- press “Print” (to print)
  / Display (to display)

- examine stack
content, starting from
the current esp value.
                              DDD - summary
1. Each action that you do graphically, you can do using (gdb)
command line.
2. You can continue an execution of the program by pressing “Cont”
3. You can kill an execution of the program by pressing “Kill” button.
4. DDD is unstable, so if you don’t succeed doing something, you
should try to reload DDD.
5. Read “DDD Manual” (it’s very good) for more explanations;
DDD has lots of options and abilities that weren’t covered in this slides.
                                       listing file
2.1.3. The -l Option: Generating a Listing File
Listing file is the file that contains:
- source code (assembly)
- address of each instruction in the file (relatively to the closest label)
- opcode (hex machine code) of each instruction
To get a listing file of asm.s we should execute:
> nasm –f elf asm.s –l asm.lst

- get a listing file of asm.s file (the file of task).
- What is the address of “mov ebp, esp” instruction?
                                    listing file (2)
  Here is a listing file of asm.s (task file):

                              instruction opcode       source code
instruction address

Shared By: