我正在尝试使用lldb,我编写了一个简单的C应用程序。我想使用lldb在终端中调试它。当我想看到堆栈帧时,我得到一个内存读取错误:
(lldb) target create "./auth_overflow"
Current executable set to './auth_overflow' (x86_64).
(lldb) br s -l 25
Breakpoint 1: where = auth_overflow`main + 69 at auth_overflow.c:25, address = 0x0000000100000e25
(lldb) br s -l 9
Breakpoint 2: where = auth_overflow`check_authentication + 47 at auth_overflow.c:9, address = 0x0000000100000d5f
(lldb) br s -l 16
Breakpoint 3: where = auth_overflow`check_authentication + 138 at auth_overflow.c:16, address = 0x0000000100000dba
(lldb) run AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Process 413 launched: './auth_overflow' (x86_64)
Process 413 stopped
* thread #1: tid = 0x33d2, 0x0000000100000e25 auth_overflow`main(argc=2, argv=0x00007fff5fbffcc0) + 69 at auth_overflow.c:25, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
frame #0: 0x0000000100000e25 auth_overflow`main(argc=2, argv=0x00007fff5fbffcc0) + 69 at auth_overflow.c:25
22 exit(0);
23 }
24
-> 25 if(check_authentication(argv[1])) {
26 printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
27 printf(" Access Granted.\n");
28 printf("-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
(lldb) re r esp
esp = 0x5fbffc70
(lldb) x/16xw $esp
error: memory read failed for 0x5fbffc00
(lldb)
你有什么建议,我应该做什么?
编辑:实际上我并不想调试应用程序,只是为了了解它在较低级别上的工作原理。因此,我希望看到当前堆栈帧的内容,如下所示:
(lldb) x/16xw $esp
0xbffff7e0: 0xb8000ce0 0x00000002 0x00000000 0xb7fd6ff4
0xbffff7f0: 0x40f5f7f0 0x00000000 0x00000002 0x08048474
0xbffff800: 0x08048510 0xbffff874 0x00000001 0x00000001
0xbffff810: 0xbffff848 0x00000000 0xb8000ff4 0x08048371
(lldb)
答案 0 :(得分:3)
此:
Current executable set to './auth_overflow' (x86_64).
显示您使用的是64位计算机。在这种情况下,您需要64位rsp寄存器,而不是32位esp寄存器。 esp将为rsp提供最不重要的32位内容,在这种情况下显然不会为您生成有效地址。
x/16xw $rsp
是您正在寻找的。
LLDB会话示例:
paul@horus:~/Documents/src/sandbox$ lldb ./testldb
(lldb) target create "./testldb"
Current executable set to './testldb' (x86_64).
(lldb) list testldb.c
1 #include <stdio.h>
2
3 void func(int i) {
4 printf("In func() with value %d\n", i);
5 }
6
7 int main(void) {
8 func(3);
9 return 0;
10 }
11
(lldb) b testldb.c:4
Breakpoint 1: where = testldb`func + 18 at testldb.c:4, address = 0x0000000100000f22
(lldb) run
Process 48270 launched: './testldb' (x86_64)
Process 48270 stopped
* thread #1: tid = 0xb8dbca, 0x0000000100000f22 testldb`func(i=3) + 18 at testldb.c:4, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
frame #0: 0x0000000100000f22 testldb`func(i=3) + 18 at testldb.c:4
1 #include <stdio.h>
2
3 void func(int i) {
-> 4 printf("In func() with value %d\n", i);
5 }
6
7 int main(void) {
(lldb) frame variable
(int) i = 3
(lldb) print &i
(int *) $0 = 0x00007fff5fbff9dc
(lldb) register read $rsp
rsp = 0x00007fff5fbff9d0
(lldb) x/16xw $rsp
0x7fff5fbff9d0: 0x00000000 0x00000000 0x00000000 0x00000003
0x7fff5fbff9e0: 0x5fbffa00 0x00007fff 0x00000f59 0x00000001
0x7fff5fbff9f0: 0x5fbffa18 0x00007fff 0x5fc0105e 0x00000000
0x7fff5fbffa00: 0x5fbffa18 0x00007fff 0x8fdc25fd 0x00007fff
(lldb)