Linux 程序崩溃定位

栈帧信息

(gdb) info frame
Stack level 0, frame at 0x7ffc286552a0:
 rip = 0x55943b2bb8c4 in foo; saved rip = 0x55943b2bb9e9
 called by frame at 0x7ffc28655300
 Arglist at 0x7ffc28655290, args: 
 Locals at 0x7ffc28655290, Previous frame's sp is 0x7ffc286552a0
 Saved registers:
  rbp at 0x7ffc28655290, rip at 0x7ffc28655298

进程maps 信息

/proc/11742/maps          
---                              
55943b2bb000-55943b2bc000 r-xp 00000000 08:0a 5772372                    /home/xxx/tests/c/gdb/a.out                                  
55943b4bb000-55943b4bc000 r--p 00000000 08:0a 5772372                    /home/xxx/tests/c/gdb/a.out                                  
55943b4bc000-55943b4bd000 rw-p 00001000 08:0a 5772372                    /home/xxx/tests/c/gdb/a.out                                  
55943b9a8000-55943b9c9000 rw-p 00000000 00:00 0                          [heap]                                                        
7f4e8b87a000-7f4e8ba50000 r-xp 00000000 08:09 523649                     /lib/x86_64-linux-gnu/libc-2.26.so                            
7f4e8ba50000-7f4e8bc50000 ---p 001d6000 08:09 523649                     /lib/x86_64-linux-gnu/libc-2.26.so                            
7f4e8bc50000-7f4e8bc54000 r--p 001d6000 08:09 523649                     /lib/x86_64-linux-gnu/libc-2.26.so                            
7f4e8bc54000-7f4e8bc56000 rw-p 001da000 08:09 523649                     /lib/x86_64-linux-gnu/libc-2.26.so                            
7f4e8bc56000-7f4e8bc5a000 rw-p 00000000 00:00 0                    
7f4e8bc5a000-7f4e8bc81000 r-xp 00000000 08:09 523292                     /lib/x86_64-linux-gnu/ld-2.26.so                              
7f4e8be51000-7f4e8be54000 rw-p 00000000 00:00 0                    
7f4e8be7e000-7f4e8be81000 rw-p 00000000 00:00 0                    
7f4e8be81000-7f4e8be82000 r--p 00027000 08:09 523292                     /lib/x86_64-linux-gnu/ld-2.26.so                              
7f4e8be82000-7f4e8be83000 rw-p 00028000 08:09 523292                     /lib/x86_64-linux-gnu/ld-2.26.so                              
7f4e8be83000-7f4e8be84000 rw-p 00000000 00:00 0                    
7ffc28637000-7ffc28658000 rw-p 00000000 00:00 0                          [stack]                                                       
7ffc286aa000-7ffc286ad000 r--p 00000000 00:00 0                          [vvar]                                                        
7ffc286ad000-7ffc286af000 r-xp 00000000 00:00 0                          [vdso]                                                        
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

计算

  1. rip 指向a.out 的 .text 段 r-xp
  2. rip - a.out .text 段基址 = 0x55943b2bb8c4 - 0x55943b2bb000 = 0x8c4

objdump

objdump -ds a.out > a.txt

00000000000008a0 <frame_dummy>:                                                                                                        
 8a0:   55                      push   %rbp                                                                                            
 8a1:   48 89 e5                mov    %rsp,%rbp                                                                                       
 8a4:   5d                      pop    %rbp                                                                                            
 8a5:   e9 66 ff ff ff          jmpq   810 <register_tm_clones>                                                                        
                                                                                                                                       
00000000000008aa <foo>:                                                                                                                
 8aa:   55                      push   %rbp                                                                                            
 8ab:   48 89 e5                mov    %rsp,%rbp                                                                                       
 8ae:   48 89 7d e8             mov    %rdi,-0x18(%rbp)                                                                                
 8b2:   c7 45 fc 00 00 00 00    movl   $0x0,-0x4(%rbp)                                                                                 
 8b9:   c7 45 fc 03 00 00 00    movl   $0x3,-0x4(%rbp)                                                                                 
 8c0:   48 8b 45 e8             mov    -0x18(%rbp),%rax                                                                                
 8c4:   8b 00                   mov    (%rax),%eax                                                                                     
 8c6:   89 45 fc                mov    %eax,-0x4(%rbp)                                                                                 
 8c9:   90                      nop                                                                                                    
 8ca:   5d                      pop    %rbp                                                                                            
 8cb:   c3                      retq                                                                                                   
                                                                                                                                       
00000000000008cc <main>:                                                                                                               
 8cc:   55                      push   %rbp                                                                                            
 8cd:   48 89 e5                mov    %rsp,%rbp                                                                                       
 8d0:   48 83 ec 50             sub    $0x50,%rsp
...

a.c 的内容:

void foo(int *p)
{
    int a = 0;

    a = 1 + 2;

    a = *p;

}


int main()
{
...
    foo(0);
...
}

定位

0x8c4 即foo函数中 mov (%rax),%eax 对应的a = *p; 一句。
完成!

相关推荐