在上一篇文章中講到了ptrace，那么我們完全可以用ptrace來寫一個非常簡單的trace工具，用以trace程序的具體運行過程。

用它可以很清楚的回答，使用glibc編譯后的hello world是從什么地方開始運行的。

(注：本文內(nèi)容根據(jù)“A really simple tracing debugger"翻譯而來，具體鏈接見參考資料一節(jié))

itrace.c

#include <stdio.h> #include <sys/wait.h> #include <unistd.h>#include <sys/user.h> #include <sys/ptrace.h>int main(int argc, char **argv) {int pid = fork();if(pid == 0) {if(ptrace(PTRACE_TRACEME) < 0) {perror("ptrace");_exit(1);}execvp(argv[1], argv + 1);perror("exec");_exit(1);}while(1) {int status;struct user_regs_struct regs;if(waitpid(pid, &status, 0) < 0)perror("waitpid");if(!WIFSTOPPED(status))break;if(ptrace(PTRACE_GETREGS, pid, 0, &regs) < 0)perror("ptrace/GETREGS");printf("%lx %lx\n", regs.eip, regs.esp);if(ptrace(PTRACE_SINGLESTEP, pid, 0, 0) < 0)perror("ptrace/SINGLESTEP");}return 0; }

編譯

gcc -m32 itrace.c -o itrace

譯者注: -m32表示編譯成32位格式，如果是在64位機器上，不需要加此選項，同時將itrace.c源碼中的eip和esp轉換為rip,rsp.

hellow.c

#include <stdio.h> int main() { printf("Hello, world!\n");return 0; }

編譯

gcc -static -o hellow hellow.c

譯者注: itrace保持一致，itrace如果是按32位格式來編譯的，此處也應該一樣。

測試運行

./itrace ./hellow | addr2line -e ./hellow -f | grep -v "??\|:?" | uniq

說明如下

addr2line 是將地址轉換為相應的源碼

運行的結果很長，所以就不打算沒有貼出來了。

treeify

為了讓運行結果在顯示的時候能夠更好的反映出調(diào)用關系，根據(jù)堆棧(%esp)中的信息采用python腳本將其層次化的打印出來。

import subprocess import sysdef read():for line in sys.stdin:try:regs = [int(x, 16) for x in line.split(" ")]yield {"eip": regs[0], "esp": regs[1]}# Ignore lines interspersed with other output!except (ValueError, IndexError):passdef addr2line(iterable):proc = subprocess.Popen(["addr2line", "-e", sys.argv[1], "-f"],stdin=subprocess.PIPE, stdout=subprocess.PIPE)for regs in iterable:proc.stdin.write("%x\n" % regs["eip"])a = proc.stdout.readline().rstrip("\n")b = proc.stdout.readline().rstrip("\n")regs["func"] = "%s %s" % (a, b)yield regsdef entry_points(iterable):funcs = {}# We treat the first address we see for the function as its entry# point, and only report those entries from this point on.for regs in iterable:func = regs["func"].split(":")[0]if funcs.setdefault(func, regs["eip"]) == regs["eip"]:yield regsdef add_nesting(iterable):stack = [2 ** 64]for regs in iterable:stack_pos = regs["esp"]if stack_pos < stack[-1]:stack.append(stack_pos)while stack_pos > stack[-1]:stack.pop()regs["indent"] = " " * len(stack)yield regsfor x in add_nesting(entry_points(addr2line(read()))):print x["indent"], x["func"], "%x" % x["eip"]

運行

./itrace ./hellow|python2 ./treeify.py ./hellow

測試結果

_start /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/start.S:61 8048d40__libc_start_main ??:? 8048ea0_dl_aux_init ??:? 806e590_dl_discover_osversion ??:? 806f3b0uname ??:? 80921c0?? ??:0 b77e0414index ??:? 805b250__x86.get_pc_thunk.bx /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crti.S:66 8048d70__init_cpu_features ??:? 806f570strncasecmp_l ??:? 80b5ac0strcmp ??:? 805b460memset ??:? 805ba70strcasecmp_l ??:? 805bc10bcmp ??:? 805b6b0strstr ??:? 806b080memchr ??:? 808ce90__x86.get_pc_thunk.bx /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crti.S:66 8048d70strrchr ??:? 808c660__x86.get_pc_thunk.bx /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crti.S:66 8048d70wcslen ??:? 808eae0__x86.get_pc_thunk.bx /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crti.S:66 8048d70__rawmemchr ??:? 805bcc0__x86.get_pc_thunk.bx /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crti.S:66 8048d70memmove ??:? 805b9d0__strnlen ??:? 808c620__x86.get_pc_thunk.bx /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crti.S:66 8048d70strcpy ??:? 805b4d0stpcpy ??:? 805bb30__pthread_initialize_minimal ??:? 80494d0__libc_setup_tls ??:? 8049240sbrk ??:? 806cd70__brk ??:? 80928e0?? ??:0 b77e0414__brk ??:? 80928e0?? ??:0 b77e0414memcpy ??:? 805bc50__libc_init_first ??:? 806f4b0__setfpucw ??:? 807ac00__libc_init_secure ??:? 806f360_dl_non_dynamic_init ??:? 806e7f0_dl_get_origin ??:? 809a800?? ??:0 b77e0414malloc ??:? 8058f60malloc_hook_ini malloc.o:? 805a020ptmalloc_init.part.7 malloc.o:? 8059c20__linkin_atfork ??:? 806e0f0malloc ??:? 8058f60_int_malloc malloc.o:? 8057060malloc_consolidate malloc.o:? 80560b0malloc_init_state malloc.o:? 80552e0__default_morecore ??:? 805b230sbrk ??:? 806cd70__brk ??:? 80928e0?? ??:0 b77e0414__default_morecore ??:? 805b230sbrk ??:? 806cd70__brk ??:? 80928e0?? ??:0 b77e0414mempcpy ??:? 805bb00getenv ??:? 804e240strlen ??:? 805b5f0_dl_new_object ??:? 80972a0strlen ??:? 805b5f0__calloc ??:? 8059720_int_malloc malloc.o:? 8057060__memset_sse2_rep ??:? 805f690memcpy ??:? 805bc50_dl_setup_hash ??:? 8097150strlen ??:? 805b5f0malloc ??:? 8058f60_int_malloc malloc.o:? 8057060memcpy ??:? 805bc50_dl_add_to_namespace_list ??:? 8097200getenv ??:? 804e240strlen ??:? 805b5f0_dl_init_paths ??:? 80951f0_dl_important_hwcaps ??:? 80991b0malloc ??:? 8058f60_int_malloc malloc.o:? 8057060mempcpy ??:? 805bb00malloc ??:? 8058f60_int_malloc malloc.o:? 8057060malloc ??:? 8058f60_int_malloc malloc.o:? 8057060getenv ??:? 804e240strlen ??:? 805b5f0getenv ??:? 804e240strlen ??:? 805b5f0getenv ??:? 804e240strlen ??:? 805b5f0getenv ??:? 804e240strlen ??:? 805b5f0getenv ??:? 804e240strlen ??:? 805b5f0__init_misc ??:? 806dd90__strrchr_sse2_bsf ??:? 808d830__ctype_init ??:? 807abb0__cxa_atexit ??:? 804e5d0__new_exitfn ??:? 804e440__libc_csu_init ??:? 80494f0_init /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crti.S:63 8048190__x86.get_pc_thunk.bx /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crti.S:66 8048d70_init /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crtn.S:40 80481aeframe_dummy crtstuff.c:? 8048e20__register_frame_info_bases ??:? 80bd5a0__x86.get_pc_thunk.bx /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crti.S:66 8048d70register_tm_clones crtstuff.c:? 8048db0init_cacheinfo cacheinfo.o:? 8048b10handle_intel cacheinfo.o:? 806b380intel_check_word cacheinfo.o:? 806b0b0intel_check_word cacheinfo.o:? 806b0b0intel_check_word cacheinfo.o:? 806b0b0intel_check_word cacheinfo.o:? 806b0b0handle_intel cacheinfo.o:? 806b380intel_check_word cacheinfo.o:? 806b0b0intel_check_word cacheinfo.o:? 806b0b0_setjmp ??:? 804d970main ??:? 8048e7cputs ??:? 804f350strlen ??:? 805b5f0_IO_new_file_xsputn ??:? 8052470_IO_file_overflow ??:? 8052e60_IO_doallocbuf ??:? 8053b10_IO_file_doallocate ??:? 808a730_IO_file_stat ??:? 8051f20___fxstat64 ??:? 806c300?? ??:0 b77e0414__mmap ??:? 806ce60?? ??:0 b77e0414_IO_setb ??:? 8053aa0_IO_new_do_write ??:? 80527b0_IO_default_xsputn ??:? 8053bc0exit ??:? 804e420__run_exit_handlers ??:? 804e320__libc_csu_fini ??:? 8049590fini sdlerror.o:? 8048b00check_free.isra.0 sdlerror.o:? 80a6f30__do_global_dtors_aux crtstuff.c:? 8048df0deregister_tm_clones crtstuff.c:? 8048d80__deregister_frame_info_bases ??:? 80bd7c0__x86.get_pc_thunk.bx /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crti.S:66 8048d70_fini /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crti.S:82 80bec78__x86.get_pc_thunk.bx /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crti.S:66 8048d70_fini /root/glibc/src/glibc-2.18/csu/../sysdeps/i386/crtn.S:45 80bec87_IO_cleanup ??:? 80543b0_IO_flush_all_lockp ??:? 8054190_IO_file_overflow ??:? 8052e60_IO_new_do_write ??:? 80527b0new_do_write fileops.o:? 8051100_IO_file_write ??:? 8051f50__write ??:? 806c420?? ??:0 b77e0414_IO_file_setbuf ??:? 8051060_IO_default_setbuf ??:? 8053d10_IO_file_sync ??:? 8053060_IO_setb ??:? 8053aa0_Exit ??:? 806ba24?? ??:0 b77e0414

參考資料

http://lackingrhoticity.blogspot.ca/2009/05/really-simple-tracing-debugger.html

?

總結

以上是生活随笔為你收集整理的每天学点GDB14的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。