stackoom
  简体   繁体   中英

Can GDB change the assembly code of a running program?

 原文  2011-06-24 21:23:40       linux/ debugging/ gdb/ x86

Question

I want to add some extra funcionality to /bin/ls.
So I started it on gdb and added a breakpoint at the beginning.

Now question is: how can I change the code of a running program in memory? I can see the assembly code, but I'm not able to modify. How can I do it?

On Windows I can easily do this with olldbg for example. How about on Linux?

(I know that doing this I will only change the code of the process in memory. So then I can dump memory to a file, and then I'll have my changes saved in a binary file).

Thank you.

5 answers

solution1
 15 ACCPTED  2011-06-24 21:34:51

You can write binary to memory directly but GDB doesn't have an assembler build in by default you can however do something like set *(unsigned char*)0x80FFDDEE = 0x90 to change the mnemonic at that address to a NOP for example. You could however use NASM to write a shellcode and use perl or python to inject it into the program :)

You might also like this little .gdbinit file to make debugging allot easier: https://gist.github.com/985474

solution2
 7  2011-06-24 21:34:41

I would recommend a different approach: Download the coreutils package and modify the source code for ls . If possible, you should get the package from your distro's source repositories and apply any patches.

solution3
 3  2012-01-06 09:51:45

这是一篇博客文章 ,解释了如何在运行时为gdb和Visual Studio更改代码。

solution4
 2  2015-07-29 21:27:43

compile code command

Introduced around 7.9, it allows code compilation and injection. Documentation: https://sourceware.org/gdb/onlinedocs/gdb/Compiling-and-Injecting-Code.html

I have given a minimal example in this answer .

While it is not actual code modification, it does allow you to compile some code on the fly and run it once immediately, which might be enough.

And the GNU cauldron presentation suggests that actual code modification may be added later on as an extension to this feature, see slide 30 "Fix and continue".

There are a few constructs that did not work as I expected like return , so I've asked why at: In the GDB compile code command, what language constructs behave exactly as if they were present in the original source?

solution5
 0  2019-05-06 17:03:23

You can use gcc-plugin to write an extension to modify your coed and add any additional functionality in easy way during compilation process. if you work on machine level code, you should use binary instrumentation tools like Pin and Dyninst to instrument your binary file on the disk. however, if the overhead is important issue, you should work carefully with such tools.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question List command is not loading source code of assembly program in gdb GDB - Assembly program returns /bin/sh: 0: Can't open � Assembly program no debugging symbols found in GDB Program wont run after modification in Assembly with GDB How can I tell gdb to show assembly lines instead of source code lines? is there a way change a member variable in release code on linux while the program is running? gdb Program exited code 01 for program using CMake Can I use GDB to debug a running process? Need help in running an assembly program in linux mint Are function locations altered when running a program through GDB?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM