如何在GDB中调试fork-exec进程的入口点？

Question

I have a C linux application (A) that spawns another process (P) when it is started. When I want to debug PI start A as usual and I connect with ddd/gdb to P.

Problems appear when I want to debug the entry-point (start of main) of P. If I follow the usual approach when I connect the debugger to P is already to late. The solution I've found was to insert a sleep at the begining of the main of P so I have time to connect with gdb but this is not a very elegant solution.

I've also tried using asm("int $3") but it doesn't seems to work.

Do you have any idea how I could solve this problem? (preferably without altering the code of A or P)

Answer 1

You should use this option:

set follow-fork-mode mode

Where mode is one of parent , child or ask .

To follow the parent (this is the default) use:

set follow-fork-mode parent

To follow the child:

set follow-fork-mode child

To have the debugger ask you each time:

set follow-fork-mode ask

So basically you'd start out connecting gdb to A, then set gdb to follow the child, and then when A spawns P, gdb will connect to P and detach from A.

Answer 2

In addition to the Nathan Fellman's answer , catchpoints come in handy, ig:

catch exec

Catchpoint works as a breakpoint. Every time a call to exec() syscall is detected, GDB stops. This allows you to set any breakpoint (ig break main ) in any newly loaded executable before continuing. Another catchpoint catch fork works similarly for fork() syscall detection.

It is especially convenient:

• when both parent and child has to be followed ( set detach-on-fork off );
• when parent processes forks often loading various executables.

Answer 3

You should be able to do this by making use of gdb's remote debugging features, specifically gdbserver . In effect, launch (P) using gdbserver . These links have more detailed info:

• Using gdbserver
• GDB Remote Debugging

Answer 4

exec part with file + break main

The fork was part was explained at: https://stackoverflow.com/a/377295/895245

Now for the exec :

ac:

#include <unistd.h>

int main(void) {
    execl("./b", "./b", "ab", "cd", (char*)NULL);
    return 1;
}

bc:

#include <stdio.h>

int main(int argc, char **argv ) {
    printf("%s\n", argv[0]);
    printf("%s\n", argv[1]);
}

Then:

gcc -g a.c -o a
gcc -g b.c -o b
gdb -nh -q a

Now on the interactive session:

Reading symbols from a...done.
(gdb) start
Temporary breakpoint 1 at 0x4004ea: file a.c, line 4.
Starting program: /home/ciro/test/gdb-exec/a 

Temporary breakpoint 1, main () at a.c:4
4           execl("./b", "./b", "ab", "cd", (char*)NULL);
(gdb) file b
A program is being debugged already.
Are you sure you want to change the file? (y or n) y
Load new symbol table from "b"? (y or n) y
Reading symbols from b...done.
(gdb) b main
Breakpoint 2 at 0x4004f5: file b.c, line 4.
(gdb) n

Breakpoint 2, main (argc=0, argv=0x7fffffffa570) at b.c:4
4               printf("%s\n", argv[1]);
(gdb) n
process 4877 is executing new program: /home/ciro/test/gdb-exec/b

Breakpoint 2, main (argc=3, argv=0x7fffffffa598) at b.c:4
4               printf("%s\n", argv[1]);
(gdb) n
ab
5               printf("%s\n", argv[2]);
(gdb) n
cd
6       }
(gdb) 

You just have to make sure that you go up to the exec before running file, possibly with a b execl , since after that you will be using symbols from the new file.

Tested in Ubuntu 14.04, gdb 7.7.1.

Answer 5

在main（）处设置一个断点，它也会在执行程序的main（）处断开。