每当使用外部程序触发scanf时,如何向GDB发送输入?
c file:
#include<stdio.h>
void main()
{
int x;
int y;
printf("input x: ");
scanf("%d",&x);
printf("input y: ");
scanf("%d",&y);
}
Java外部程序:
public class Debugger extends Thread{
public void run(){
Process p = null;
try {
p = Runtime.getRuntime().exec("gdb a.out --interpreter=console");
new Thread(new SyncPipe(p.getErrorStream(), System.err)).start();
new Thread(new SyncPipe(p.getInputStream(), System.out)).start();
PrintWriter stdin = new PrintWriter(p.getOutputStream());
stdin.flush();
stdin.println("break main");
stdin.flush();
stdin.println("run");
stdin.flush();
stdin.println("s");
stdin.flush();
stdin.println("45");
stdin.flush();
// stdin.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
class SyncPipe implements Runnable
{
public SyncPipe(InputStream istrm, OutputStream ostrm) {
istrm_ = istrm;
ostrm_ = ostrm;
}
public void run() {
try
{
int length;
byte[] buffer = new byte[1024];
for ( length = 0; (length = istrm_.read(buffer)) != -1; ){
ostrm_.write(buffer, 0, length);
}
}
catch (Exception e)
{
e.printStackTrace();
}
}
private final OutputStream ostrm_;
private final InputStream istrm_;
}
外部程序的GDB输出:
GNU gdb (Ubuntu/Linaro 7.3-0ubuntu2) 7.3-2011.08
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /home/charmae/workspace/AVT/a.out...done.
(gdb) Breakpoint 1 at 0x804843d: file file4.c, line 7.
(gdb) Starting program: /home/charmae/workspace/AVT/a.out
Breakpoint 1, main () at file4.c:7
7 printf("input of x: ");
(gdb) 8 scanf("%d",&x);
(gdb) Undefined command: "45". Try "help".
(gdb)
答案 0 :(得分:3)
您可以像在shell中一样重定向输入
(gdb) run < input.txt
或者,您可以在另一个终端中运行程序并通过PID连接到它:
gdb --pid $(pgrep myprogram.name)
最后,您可以使用直接调用dup2/dup3
来执行类似的黑客攻击(但我认为您不需要这样做,它不会对用户友好)