Debugging

From miki
Jump to navigation Jump to search

This is a general page on debugging tools, techniques, tips, etc.

Debuggers environment

OllyDbg

OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®.

IDAPro

SoftIce

Hopper Disassembler

Hopper is a reverse engineering tool for OS X and Linux, that lets you disassemble, decompile and debug your 32/64bits Intel Mac, Linux, Windows and iOS executables.


Linux tools

addr2line

See addr2line page.

GDB and GDB front-ends

See GDB page.

Profiling

ftrace

C/C++ - Debugging with gcc

backtrace, backtrace_symbols, backtrace_symbols_fd

See manual page, or gcc manual.

int     backtrace            (void **      buffer, int size)
char ** backtrace_symbols    (void *const *buffer, int size)
void    backtrace_symbols_fd (void *const *buffer, int size, int fd)

Object and executables need to be built (i.e. compiled and linked) with gcc -g -rdynamic (also -fvisibility must either be default, protected or not set at all)!

gcc -O0 -g -rdynamic main.c -o myprogram

Short example:

#include <stdio.h>
#include <execinfo.h>
#include <signal.h>
#include <stdlib.h>

void handler(int sig) {
  void *array[10];
  int size;

  size = backtrace(array, 10);                  // get void*'s for all entries on the stack

  fprintf(stderr, "Error: signal %d:\n", sig);  // print out all the frames to stderr
  backtrace_symbols_fd(array, size, 2);
  exit(1);
}

void baz() {
  int *foo = (int*)-1;                          // make a bad pointer
  printf("%d\n", *foo);                         // causes segfault
}

void bar() { baz(); }
void foo() { bar(); }

int main(int argc, char **argv) {
  signal(SIGSEGV, handler);                     // install our handler
  foo();                                        // this will call foo, bar, and baz.  baz segfaults.
  return 0;
}

It can also be used to print the symbol name of any function of which we know the address (a bit like SymFromAddr on windows):

#include <stdio.h>
#include <execinfo.h>

void foo(void) {
    printf("foo\n");
}

int main(int argc, char *argv[]) {
    void    *funptr = &foo;

    backtrace_symbols_fd(&funptr, 1, 1);

    return 0;
}


A very extensive answer on StackOverflow:

  • Using backtrace:
  • Demangling symbols in C++ by calling __cxa_demangle (like is done in tool c++filt):

Getting function name from its address

  • TODO: There is maybe an alternate solution using dlopen, which would let an application to browse its own symbols.
  • TODO: Check whether we can force export of (debug) symbols even if declared static.

The following program show how to use the backtrace_symbols function to get the name of a function given its address.

The program must be compiled (and linked) with gcc options -g -rdynamic (also option -fvisibility must either be default, protected or not set at all):

gcc -g -rdynamic -O0 main.c -o symfromaddr

A less efficient but more convenient version:

libunwind (non-gnu)

Debugging pthreads

GDB:

DDD: