Linux 程序崩溃定位
栈帧信息
(gdb) info frame Stack level 0, frame at 0x7ffc286552a0: rip = 0x55943b2bb8c4 in foo; saved rip = 0x55943b2bb9e9 called by frame at 0x7ffc28655300 Arglist at 0x7ffc28655290, args: Locals at 0x7ffc28655290, Previous frame's sp is 0x7ffc286552a0 Saved registers: rbp at 0x7ffc28655290, rip at 0x7ffc28655298
进程maps 信息
/proc/11742/maps --- 55943b2bb000-55943b2bc000 r-xp 00000000 08:0a 5772372 /home/xxx/tests/c/gdb/a.out 55943b4bb000-55943b4bc000 r--p 00000000 08:0a 5772372 /home/xxx/tests/c/gdb/a.out 55943b4bc000-55943b4bd000 rw-p 00001000 08:0a 5772372 /home/xxx/tests/c/gdb/a.out 55943b9a8000-55943b9c9000 rw-p 00000000 00:00 0 [heap] 7f4e8b87a000-7f4e8ba50000 r-xp 00000000 08:09 523649 /lib/x86_64-linux-gnu/libc-2.26.so 7f4e8ba50000-7f4e8bc50000 ---p 001d6000 08:09 523649 /lib/x86_64-linux-gnu/libc-2.26.so 7f4e8bc50000-7f4e8bc54000 r--p 001d6000 08:09 523649 /lib/x86_64-linux-gnu/libc-2.26.so 7f4e8bc54000-7f4e8bc56000 rw-p 001da000 08:09 523649 /lib/x86_64-linux-gnu/libc-2.26.so 7f4e8bc56000-7f4e8bc5a000 rw-p 00000000 00:00 0 7f4e8bc5a000-7f4e8bc81000 r-xp 00000000 08:09 523292 /lib/x86_64-linux-gnu/ld-2.26.so 7f4e8be51000-7f4e8be54000 rw-p 00000000 00:00 0 7f4e8be7e000-7f4e8be81000 rw-p 00000000 00:00 0 7f4e8be81000-7f4e8be82000 r--p 00027000 08:09 523292 /lib/x86_64-linux-gnu/ld-2.26.so 7f4e8be82000-7f4e8be83000 rw-p 00028000 08:09 523292 /lib/x86_64-linux-gnu/ld-2.26.so 7f4e8be83000-7f4e8be84000 rw-p 00000000 00:00 0 7ffc28637000-7ffc28658000 rw-p 00000000 00:00 0 [stack] 7ffc286aa000-7ffc286ad000 r--p 00000000 00:00 0 [vvar] 7ffc286ad000-7ffc286af000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
计算
- rip 指向a.out 的 .text 段
r-xp
- rip - a.out .text 段基址 = 0x55943b2bb8c4 - 0x55943b2bb000 = 0x8c4
objdump
objdump -ds a.out > a.txt
00000000000008a0 <frame_dummy>: 8a0: 55 push %rbp 8a1: 48 89 e5 mov %rsp,%rbp 8a4: 5d pop %rbp 8a5: e9 66 ff ff ff jmpq 810 <register_tm_clones> 00000000000008aa <foo>: 8aa: 55 push %rbp 8ab: 48 89 e5 mov %rsp,%rbp 8ae: 48 89 7d e8 mov %rdi,-0x18(%rbp) 8b2: c7 45 fc 00 00 00 00 movl $0x0,-0x4(%rbp) 8b9: c7 45 fc 03 00 00 00 movl $0x3,-0x4(%rbp) 8c0: 48 8b 45 e8 mov -0x18(%rbp),%rax 8c4: 8b 00 mov (%rax),%eax 8c6: 89 45 fc mov %eax,-0x4(%rbp) 8c9: 90 nop 8ca: 5d pop %rbp 8cb: c3 retq 00000000000008cc <main>: 8cc: 55 push %rbp 8cd: 48 89 e5 mov %rsp,%rbp 8d0: 48 83 ec 50 sub $0x50,%rsp ...
a.c 的内容:
void foo(int *p) { int a = 0; a = 1 + 2; a = *p; } int main() { ... foo(0); ... }
定位
0x8c4 即foo
函数中 mov (%rax),%eax
对应的a = *p;
一句。
完成!
相关推荐
farwang 2020-11-25
星愿心愿 2020-11-24
tianhuak 2020-11-24
zhjn0 2020-11-24
昭君出塞 2020-11-23
bluecarrot 2020-11-23
linuxwcj 2020-10-21
以梦为马不负韶华 2020-10-20
彼岸随笔 2020-10-20
yutou0 2020-10-17
applecarelte 2020-10-16
ourtimes 2020-10-16
waterhorse 2020-09-19
MRFENGG 2020-11-11
rainandtear 2020-10-30
kyssfanhui 2020-10-20
liuhangtiant 2020-10-20