ZemyBlue 사는 얘기

출처 : http://natural.chonnam.ac.kr/asm/lecture/gdb-1.txt 

GNU DeBugger(gdb) 사용법(1)

1 gdb에서 프로그램 실행

- 디버깅할 프로그램을 매개변수로 주고 gdb 실행

[1 gdb]# gdb ./toycat
GNU gdb Red Hat Linux (5.2.1-4)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...(no debugging symbols found)...

- 프로그램 매개변수를 주고 프로그램 시작

(gdb) run /etc/resolv.conf
Starting program: /home/jhyou/asm/work/gdb/toycat /etc/resolv.conf
search chonnam.ac.kr
nameserver 168.131.33.5
nameserver 168.131.33.6

Program exited normally.

- gdb 종료

(gdb) quit
[1 gdb]#


2 프로그램 코드 보기

2.1 디스어셈블

- disassemble 주소
  disas 주소

(gdb) disassemble _start
Dump of assembler code for function _start:
0x8048080 <_start>:     cmpl   $0x2,(%esp,1)
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>
0x8048089 <_start+9>:   mov    $0x4,%eax
0x804808e <_start+14>:  mov    $0x2,%ebx
0x8048093 <_start+19>:  mov    $0x8049130,%ecx
0x8048098 <_start+24>:  mov    $0x17,%edx
0x804809d <_start+29>:  int    $0x80
0x804809f <_start+31>:  mov    $0x1,%eax
0x80480a4 <_start+36>:  mov    $0x1,%ebx
0x80480a9 <_start+41>:  int    $0x80
End of assembler dump.

- x/<명령수>i

(gdb) x/5i _start
0x8048080 <_start>:     cmpl   $0x2,(%esp,1)
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>
0x8048089 <_start+9>:   mov    $0x4,%eax
0x804808e <_start+14>:  mov    $0x2,%ebx
0x8048093 <_start+19>:  mov    $0x8049130,%ecx

(gdb) x/5i 0x8048080
0x8048080 <_start>:     cmpl   $0x2,(%esp,1)
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>
0x8048089 <_start+9>:   mov    $0x4,%eax
0x804808e <_start+14>:  mov    $0x2,%ebx
0x8048093 <_start+19>:  mov    $0x8049130,%ecx

(gdb) x (_start + 2)
0x8048082 <_start+2>:   and    $0x2,%al


2.2 AT&T 문법과 Intel 문법 선택

* 명령 형식: set disassembly-flavor <att|intel>

(gdb) set disassembly-flavor intel

(gdb) show disassembly-flavor
The disassembly flavor is "intel".

(gdb) disassemble _start
Dump of assembler code for function _start:
0x8048080 <_start>:     cmp    DWORD PTR [esp],0x2
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>
0x8048089 <_start+9>:   mov    eax,0x4
0x804808e <_start+14>:  mov    ebx,0x2
0x8048093 <_start+19>:  mov    ecx,0x8049130
0x8048098 <_start+24>:  mov    edx,0x17
0x804809d <_start+29>:  int    0x80
0x804809f <_start+31>:  mov    eax,0x1
0x80480a4 <_start+36>:  mov    ebx,0x1
0x80480a9 <_start+41>:  int    0x80
End of assembler dump.

(gdb) x/5i _start
0x8048080 <_start>:     cmp    DWORD PTR [esp],0x2
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>
0x8048089 <_start+9>:   mov    eax,0x4
0x804808e <_start+14>:  mov    ebx,0x2
0x8048093 <_start+19>:  mov    ecx,0x8049130


3 프로그램 실행 추적하기

3.1 프로그램 추적 시작

프로그램을 추적하기 위해서는 먼저 추적을 시작할 코드 위치에 breakpoint를 설정한
후 run 명령을 실행한다.

[1 gdb]# gdb toycat
GNU gdb Red Hat Linux (5.2.1-4)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...(no debugging symbols found)...

(gdb) set disassembly-flavor intel

(gdb) x/2i _start
0x8048080 <_start>:     cmp    DWORD PTR [esp],0x2
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>

- _start 코드의 두번째 명령어의 위치인 _start + 7 주소에 breakpoint를
  설정한다.
  ***주의***: gdb의 버그때문인지 프로그램 시작위치인 _start 주소에 대한
              breakpoint는 작동하지 않는다.

(gdb) break *(_start + 7)
Breakpoint 1 at 0x8048087

- 프로그램 실행을 시작하면, breakpoint에서 멈춘다.
  (breakpoint를 만나지 않으면 프로그램이 종료될 때까지 멈추지 않는다.)

(gdb) run /etc/resolv.conf
Starting program: /home/jhyou/asm/work/gdb/toycat /etc/resolv.conf

Breakpoint 1, 0x08048087 in _start ()


- 현재 명령코드 위치(eip 레지스터)의 코드 보기

(gdb) x $eip
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>
(gdb)


3.2 명령 코드 따라가기

- 준비 작업

[1 gdb]# gdb toycat
GNU gdb Red Hat Linux (5.2.1-4)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...(no debugging symbols found)...
(gdb) set disassembly-flavor intel
(gdb) x/2i _start
0x8048080 <_start>:     cmp    DWORD PTR [esp],0x2
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>
(gdb) break *(_start+7)
Breakpoint 1 at 0x8048087

(gdb) run /etc/resolv.conf
Starting program: /home/jhyou/asm/work/gdb/toycat /etc/resolv.conf

Breakpoint 1, 0x08048087 in _start ()


3.2.1 nexti, stepi

nexti(단축명령: ni), stepi(단축명령: si)

(gdb) x $eip
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>

(gdb) stepi
0x080480ab in _start.argc_ok ()
(gdb) x $eip
0x80480ab <_start.argc_ok>:     mov    eax,0x5

(gdb) si
0x080480b0 in _start.argc_ok ()
(gdb) x $eip
0x80480b0 <_start.argc_ok+5>:   mov    ebx,DWORD PTR [esp+8]

(gdb) nexti
0x080480b4 in _start.argc_ok ()
(gdb) x $eip
0x80480b4 <_start.argc_ok+9>:   mov    ecx,0x0

(gdb) ni
0x080480b9 in _start.argc_ok ()
(gdb) x $eip
0x80480b9 <_start.argc_ok+14>:  int    0x80

(gdb) ni
0x080480c0 in _start.argc_ok ()
(gdb) x $eip
0x80480c0 <_start.argc_ok+21>:  cmp    eax,0x0
(gdb)

- stepi와 nexti의 차이점

  stepi는 "call <주소>" 명령(서브프로그램, 함수 호출 명령)을 실행하면,
  <주소>위치 위치에서 멈춘다. 즉, stepi는 서브프로그램 코드를 추적하는데 사용한다.

  nexti는 call 명령과 관계없이 현재 명령의 다음 명령코드에서 멈춘다.

  그외, 명령 코드에 대해서는 stepi와 nexti는 동일한 기능을 한다.

- 참고: nexti 명령 후 x $eip 명령이 실행되도록 하는 설정 방법을
        4.4절 display와 @.1 사용자 정의 명령 설정 참고


3.2 추적 도중 프로그램 멈추기: kill(k)

(gdb) run
The program being debugged has been started already.
Start it from the beginning? (y or n) y

Starting program: /home/jhyou/asm/work/gdb/toycat /etc/resolv.conf

Breakpoint 1, 0x08048087 in _start ()

(gdb) kill
Kill the program being debugged? (y or n) y

(gdb) run
Starting program: /home/jhyou/asm/work/gdb/toycat /etc/resolv.conf

Breakpoint 1, 0x08048087 in _start ()

(gdb) k
Kill the program being debugged? (y or n) y
(gdb)


3.3 다음 breakpoint까지 연속 실행: continue(c)

breakpoint를 프로그램 실행 경로 중 군데군데에 breakpoint를 설정해두고
각 breakpoint 위치에서 nexti 등 명령으로 상세히 추적을 하다가
다음 breakpoint 위치로 이동할 때 쓰는 명령이다.

반복문 또는 특정 함수의 디버깅 때에도 break/continue를 조합하여 사용한다.

[1 gdb]# gdb toycat
GNU gdb Red Hat Linux (5.2.1-4)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...(no debugging symbols found)...

(gdb) set disassembly-flavor intel
(gdb) x/10i _start
0x8048080 <_start>:     cmp    DWORD PTR [esp],0x2
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>
0x8048089 <_start+9>:   mov    eax,0x4
0x804808e <_start+14>:  mov    ebx,0x2
0x8048093 <_start+19>:  mov    ecx,0x8049130
0x8048098 <_start+24>:  mov    edx,0x17
0x804809d <_start+29>:  int    0x80
0x804809f <_start+31>:  mov    eax,0x1
0x80480a4 <_start+36>:  mov    ebx,0x1
0x80480a9 <_start+41>:  int    0x80

(gdb) break *(_start + 7)
Breakpoint 1 at 0x8048087
(gdb) break *0x8048089
Breakpoint 2 at 0x8048089
(gdb) break *0x804809f
Breakpoint 3 at 0x804809f

(gdb) run
Starting program: /home/jhyou/asm/work/gdb/toycat

Breakpoint 1, 0x08048087 in _start ()

(gdb) continue
Continuing.

Breakpoint 2, 0x08048089 in _start ()

(gdb) c
Continuing.
usage: toycat filename

Breakpoint 3, 0x0804809f in _start ()
(gdb) c
Continuing.

Program exited with code 01.
(gdb)


4 데이터 보기

- 준비작업

[1 gdb]# gdb toycat
GNU gdb Red Hat Linux (5.2.1-4)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...(no debugging symbols found)...

(gdb) x/2i _start
0x8048080 <_start>:     cmpl   $0x2,(%esp,1)
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>

(gdb) break *(_start+7)
Breakpoint 1 at 0x8048087

(gdb) run /etc/resolv.conf
Starting program: /home/jhyou/asm/work/gdb/toycat

Breakpoint 1, 0x08048087 in _start ()
(gdb)


4.1 레지스터 보기

(gdb) info reg
eax            0x0      0
ecx            0x0      0
edx            0x0      0
ebx            0x0      0
esp            0xbffff480       0xbffff480
ebp            0x0      0x0
esi            0x0      0
edi            0x0      0
eip            0x8048087        0x8048087
eflags         0x297    663
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x0      0
fctrl          0x37f    895
fstat          0x0      0
---Type <return> to continue, or q <return> to quit---
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
xmm0           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}
xmm1           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}
xmm2           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}
xmm3           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}
xmm4           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}
xmm5           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}
xmm6           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}
xmm7           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}
mxcsr          0x1f80   8064
orig_eax       0xffffffff       -1

(gdb) info reg esp
esp            0xbffff480       0xbffff480

(gdb) info reg eax ebx ecx
eax            0x0      0
ebx            0x0      0
ecx            0x0      0

(gdb) print $esp
$1 = (void *) 0xbffff480


4.2 메모리 내용 보기: x

- 명령 형식
  (gdb) x/nfu 주소
  n : 반복 갯수
  f : 출력 양식(format)
      i(명령코드)
      x(16진수), o(8진수), t(2진수), d(부호있는 10진수), u(부호없는 10진수)
      s(문자열,string)
   
  u : 단위(unit)
      b(바이트), h(2바이트), w(4바이트)

  * 참고: f와 u 지정없이 x 명령만 실행하면, 앞에서 지정한 f와 u 형식이 적용된다.


- 명령 예

(gdb) x/10xw $esp
0xbffff470:     0x00000002      0xbffff5ad      0xbffff5cd      0x00000000
                                ----(A)---
0xbffff480:     0xbffff5de      0xbffff5fb      0xbffff612      0xbffff64f
0xbffff490:     0xbffff661      0xbffff684

(gdb) x/s 0xbffff5ad   <== 이 값은 바로 위 줄의 밑줄쳐진 부분(A)의 값이다.
0xbffff5ad:      "/home/jhyou/asm/work/gdb/toycat"

  * 참고: $esp + 4의 주소에는 0번째 프로그램 매개변수(argv[0], 프로그램 이름)
         문자열의 주소가 들어있다.

(gdb) x/40xb 0xbffff5ad
0xbffff5ad:     0x2f    0x68    0x6f    0x6d    0x65    0x2f    0x6a    0x68
0xbffff5b5:     0x79    0x6f    0x75    0x2f    0x61    0x73    0x6d    0x2f
0xbffff5bd:     0x77    0x6f    0x72    0x6b    0x2f    0x67    0x64    0x62
0xbffff5c5:     0x2f    0x74    0x6f    0x79    0x63    0x61    0x74    0x00
0xbffff5cd:     0x2f    0x65    0x74    0x63    0x2f    0x72    0x65    0x73

(gdb) x/5i _start
0x8048080 <_start>:     cmp    DWORD PTR [esp],0x2
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>
0x8048089 <_start+9>:   mov    eax,0x4
0x804808e <_start+14>:  mov    ebx,0x2
0x8048093 <_start+19>:  mov    ecx,0x8049130

(gdb) x/24xb _start
0x8048080 <_start>:     0x81    0x3c    0x24    0x02    0x00    0x00    0x00 0x74
0x8048088 <_start+8>:   0x22    0xb8    0x04    0x00    0x00    0x00    0xbb 0x02
0x8048090 <_start+16>:  0x00    0x00    0x00    0xb9    0x30    0x91    0x04 0x08
(gdb)

- C언어 문법에 따른 수식으로 주소를 표현할 수 있다.

* 예: 프로그램 매개변수 보기

(gdb) x/s ((char**)((int)$esp + 4))[0]
0xbffff5ad:      "/home/jhyou/asm/work/gdb/toycat"

(gdb) x/s ((char**)((int)$esp + 4))[1]
0xbffff5cd:      "/etc/resolv.conf"

* 참고: 변수를 이용하여 프로그램 매개변수 포인터를 간략하게 나타내기

(gdb) set $argv = ((char**)((int)$esp + 4))

(gdb) x/s $argv[0]
0xbffff5ad:      "/home/jhyou/asm/work/gdb/toycat"

(gdb) x/s $argv[1]
0xbffff5cd:      "/etc/resolv.conf"


4.3 데이터 보기: print

- 명령형식
  print   수식
  print/f 수식
          f : 출력양식
              x(16진수), o(8진수), t(이진수),
              d(부호있는 10진수), u(부호없는 10진수),
              c(문자)
              a(주소)
              f(실수)

- 예

(gdb) print/t 37
$12 = 100101

(gdb) print 1 + 2 * 3
$13 = 7

(gdb) print/a (int)$esp + 4
$14 = 0xbffff474  <== (B)

(gdb) print/a *0xbffff474    <== 이 값은 (B)에 표시된 값
$15 = 0xbffff5ad  <== (C)

(gdb) print (char*)0xbffff5ad    <== 이 값은 (C)에 표시된 값
$16 = 0xbffff5ad "/home/jhyou/asm/work/gdb/toycat"

(gdb) print *(char*)0xbffff5ad
$17 = 47 '/'

* 배열주소@갯수 형식의 지정으로 배열의 원소 갯수를 지정할 수 있다.

(gdb) print *(char*)0xbffff5ad@10
$18 = "/home/jhyo"

(gdb) print/c *(char*)0xbffff5ad@10
$19 = {47 '/', 104 'h', 111 'o', 109 'm', 101 'e', 47 '/', 106 'j', 104 'h',
121 'y', 111 'o'}

(gdb) print *(char**)((int)$esp+4)@5
$29 = {0xbffff5ad "/home/jhyou/asm/work/gdb/toycat", 0xbffff5cd "/etc/resolv.conf", 0x0,
  0xbffff5de "PWD=/home/jhyou/asm/work/gdb", 0xbffff5fb "STY=8051.pts-5.loafers"}
(gdb)


4.4 자동 데이터 출력 설정하기

디버깅시 프로그램 실행이 멈출 때(stepi, nexti, breakpoint)마다 보고 싶은
데이터를 등록한다.

- 준비 작업

[1 gdb]# gdb toycat
GNU gdb Red Hat Linux (5.2.1-4)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...(no debugging symbols
found)...
(gdb) set disassembly-flavor intel
(gdb) break *(_start+7)
Breakpoint 1 at 0x8048087
(gdb) run /etc/resolv.conf
Starting program: /home/jhyou/asm/work/gdb/toycat /etc/resolv.conf

Breakpoint 1, 0x08048087 in _start ()


- 프로그램 실행을 멈출 때마다 다음 명령코드 보기

(gdb) display/i $eip
1: x/i $eip  0x8048087 <_start+7>:      je     0x80480ab <_start.argc_ok>

(gdb) stepi
0x080480ab in _start.argc_ok ()
1: x/i $eip  0x80480ab <_start.argc_ok>:        mov    eax,0x5

(gdb) stepi
0x080480b0 in _start.argc_ok ()
1: x/i $eip  0x80480b0 <_start.argc_ok+5>:      mov    ebx,DWORD PTR [esp+8]

- $eip, $eax 레지스터, 변수 fd 값 보기

(gdb) display $eip
2: $eip = (void *) 0x80480b0
(gdb) display $eax
3: $eax = 5
(gdb) display fd
4: {<data variable, no debug info>} 134517116 = 0

(gdb) stepi
0x080480b4 in _start.argc_ok ()
4: /x {<data variable, no debug info>} 134517116 = 0x0
3: $eax = 5
2: $eip = (void *) 0x80480b4
1: x/i $eip  0x80480b4 <_start.argc_ok+9>:      mov    ecx,0x0

(gdb) stepi
0x080480b9 in _start.argc_ok ()
4: /x {<data variable, no debug info>} 134517116 = 0x0
3: $eax = 5
2: $eip = (void *) 0x80480b9
1: x/i $eip  0x80480b9 <_start.argc_ok+14>:     int    0x80

- display 항목 제거하기: undisplay <display 번호>

(gdb) undisplay 4
(gdb) undisplay 3

(gdb) stepi
0x080480c0 in _start.argc_ok ()
2: $eip = (void *) 0x80480c0
1: x/i $eip  0x80480c0 <_start.argc_ok+21>:     cmp    eax,0x0
(gdb)


4.5 symbol에 대한 정보 보기

- 함수 이름

(gdb) info functions
All defined functions:

Non-debugging symbols:
0x08048080  _start
0x080480ab  _start.argc_ok
0x080480e9  _start.open_success
0x080480e9  _start.read_loop
0x08048117  _start.read_end

- 변수 이름

(gdb) info variables
All defined variables:

Non-debugging symbols:
0x08049130  usage_msg
0x08049147  open_err_msg
0x0804915c  buffer
0x0804917c  fd


5 기타

5.1 도움말 보기

- 전체 도움말 목록 보기

(gdb) help
List of classes of commands:

aliases -- Aliases of other commands
breakpoints -- Making program stop at certain points
data -- Examining data
files -- Specifying and examining files
internals -- Maintenance commands
obscure -- Obscure features
running -- Running the program
stack -- Examining the stack
status -- Status inquiries
support -- Support facilities
tracepoints -- Tracing of program execution without stopping the program
user-defined -- User-defined commands

Type "help" followed by a class name for a list of commands in that class.
Type "help" followed by command name for full documentation.
Command name abbreviations are allowed if unambiguous.

- break 항목에 대한 도움말 보기

(gdb) help break
Set breakpoint at specified line or function.
Argument may be line number, function name, or "*" and an address.
If line number is specified, break at start of code for that line.
If function is specified, break at start of code for that function.
If an address is specified, break at that exact address.
With no arg, uses current execution address of selected stack frame.
This is useful for breaking on return to a stack frame.

Multiple breakpoints at one place are permitted, and useful if conditional.

Do "help breakpoints" for info on other commands dealing with breakpoints.
(gdb)


5.2 사용자 정의 명령 설정

- x/i $eip 명령을 ci로 축약 설정

(gdb) define ci
Type commands for definition of "ci".
End with a line saying just "end".
>x/i $eip
>end 

(gdb) ci
0x80483da <main+38>:    pushl  0x8049674
(gdb) ci
0x80483da <main+38>:    pushl  0x8049674

- nexti 명령 후 x $eip 명령이 자동 실행되도록 설정

(gdb) define hookpost-nexti  
Type commands for definition of "hookpost-nexti".
End with a line saying just "end".
>x/i $eip
>end

(gdb) nexti
0x080483ca in main ()
0x80483ca <main+22>:    push   $0x8048510
(gdb) nexti
0x080483cf in main ()
0x80483cf <main+27>:    call   0x80482f4 <printf>
(gdb) ni
0x080483d4 in main ()
0x80483d4 <main+32>:    add    $0x10,%esp

- 사용자 명령 정의 보기
   
(gdb) show user ci           
User command ci:
  x/i $eip

(gdb) show user hookpost-nexti
User command hookpost-nexti:
  x/i $eip


5.3 gdb 사용자 기본 설정 파일: ~/.gdbinit

~/.gdbinit 파일에 gdb 설정 명령들을 저장해두면 gdb가 실행될 때마다
~/.gdbinit 파일의 명령들을 읽어 각종 설정을 자동으로 초기화한다.

- 실습

* 아래와 같이 출력되도록 ~/.gdbinit 파일을 작성한다.

[1 gdb]# cat ~/.gdbinit
set disassembly-flavor intel

define ci
x/i $eip
end

* gdb toycat을 실행한다.

[1 gdb]# gdb toycat
GNU gdb Red Hat Linux (5.2.1-4)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...(no debugging symbols found)...

(gdb) break *(_start+7)
Breakpoint 1 at 0x8048087
(gdb) run
Starting program: /home/jhyou/asm/work/gdb/toycat

Breakpoint 1, 0x08048087 in _start ()

* disassembly-flavor 설정이 intel로 설정되어있다.

(gdb) show disassembly-flavor
The disassembly flavor is "intel".

(gdb) x/5i _start
0x8048080 <_start>:     cmp    DWORD PTR [esp],0x2
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>
0x8048089 <_start+9>:   mov    eax,0x4
0x804808e <_start+14>:  mov    ebx,0x2
0x8048093 <_start+19>:  mov    ecx,0x8049130

* ci 명령이 등록되어 있다.

(gdb) show user
User command ci:
  x/i $eip

(gdb) ci
0x8048087 <_start+7>:   je     0x80480ab <_start.argc_ok>



6 부록: 예제 프로그램: toycat.asm

6.1 toycat.asm 프로그램 소스

;; toycat.asm
;;
;; To build:
;; nasm -f elf toycat.asm
;; ld -o toycat toycat.o
;; To execute:
;; ./toycat /etc/passwd
;;

BITS 32

segment .text
global _start

_start:
                ; if (argc != 2) {
                ;    write(STDERR, usage_msg, usage_msg_len);
                ;    exit(1);
                ; }
                cmp dword [esp], 2
                je .argc_ok

                mov eax, 4                   
                mov ebx, 2
                mov ecx, usage_msg
                mov edx, usage_len
                int 0x80

                mov eax, 1                   
                mov ebx, 1
                int 0x80

.argc_ok:
                ; fd = open(argv[1], O_RDONLY);
                mov eax, 5
                mov ebx, [esp + 8]
                mov ecx, 00q
                int 0x80
                mov [fd], eax

                ; if (fd < 0) {
                ;     write(STDERR, open_err_msg, open_err_len);
                ;     exit(2);
                ; }
                cmp eax, 0
                jge .open_success

                mov eax, 4
                mov ebx, 2
                mov ecx, open_err_msg
                mov edx, open_err_len
                int 0x80

                mov eax, 1
                mov ebx, 2
                int 0x80
.open_success: 

                ; while ((nread = read(fd, buffer, buffer_len) > 0) {
                ;    write(STDOUT, buffer, nread);
                ; }
.read_loop:     mov eax, 3
                mov ebx, [fd]
                mov ecx, buffer
                mov edx, buffer_len
                int 0x80

                cmp eax, 0         ; eax == nread
                jng .read_end

                mov edx, eax       ; write(STDOUT, buffer, nread);
                mov eax, 4        
                mov ebx, 1
                int 0x80

                jmp .read_loop
.read_end:

                ; close(fd);
                mov eax, 6
                mov ebx, [fd]
                int 0x80

                ; exit(0);
                mov eax, 1
                mov ebx, 0
                int 0x80

segment .data
usage_msg       db  "usage: toycat filename", 10
usage_len       equ $ - usage_msg

open_err_msg    db  "cannot open file!", 10
open_err_len    equ $ - open_err_msg

segment         .bss
buffer          resb 32
buffer_len      equ  $ - buffer

fd              resd 1

@.2 toycat.asm의 실행 예

- 컴파일

[1 gdb]# nasm -f elf toycat.asm
[1 gdb]# ld -o toycat toycat.o

- 실행 1

[1 gdb]# ./toycat
usage: toycat filename

- 실행 2

[1 gdb]# ./toycat /etc/resolv.conf
search chonnam.ac.kr
nameserver 168.131.33.5
nameserver 168.131.33.6

(0) (0)