1

I am playing around with the debugger. The actual task I am working on is in watching how the instruction pointer changes as I run through the code.

However, I am having difficulty understanding something else. I set breakpoints at line 6, strcpy (which is at line 7) and line 8. After setting the breakpoints I run it.

Why does it go through the breakpoints in a different order? Breakpoint 2, breakpoint 1 and breakpoint 3?

The other question I have... breakpoint 1 was set at line 6. Yet when we get to that breakpoint it says "char_array2.c:7". I am aware that line 6 is empty, does the breakpoint stop before reading any part of line 7?

(gdb) list
1   #include <stdio.h>
2   #include <string.h>
3   
4   int main() {
5      char str_a[20];
6   
7      strcpy(str_a, "Hello World!\n");
8      printf(str_a);
9   }
(gdb) 
Line number 10 out of range; char_array2.c has 9 lines.
(gdb) break 6
Breakpoint 1 at 0x100000ec8: file char_array2.c, line 6.
(gdb) break strcpy
Breakpoint 2 at 0x20c49ba5c77e20
(gdb) break 8
Breakpoint 3 at 0x100000edd: file char_array2.c, line 8.
(gdb) run
Starting program: /Users/Guest1/Desktop/Hacking files/char_array2 
Reading symbols for shared libraries +. done

Breakpoint 2, 0x00007fff8601ce20 in strcpy ()
(gdb) continue
Continuing.

Breakpoint 1, main () at char_array2.c:7
7      strcpy(str_a, "Hello World!\n");
(gdb) continue
Continuing.

Breakpoint 3, main () at char_array2.c:8
8      printf(str_a);
jimbo123
  • 289
  • 3
  • 7
  • 13
  • 1
    Disassemble `main` - what's at `0x100000ec8`? Breakpoints *really* only happen on instructions, not lines of code, even though gdb gives you the convenience of setting them that way. Did you compile with some optimizations on? – Carl Norum Jan 22 '13 at 21:49
  • Thank you, yes I used "gcc -g -o char_array2 char_array2.c" – jimbo123 Jan 24 '13 at 16:50

2 Answers2

0

You don't say how you built your program, but I'm guessing you enabled compiler optimization.

When the compiler optimizes your code it is permitted to reorder your code in any way it likes provided that it's impossible to tell from observing the running program (i.e., it remains logically equivalent). Of course, if you attach a debugger and stop the program you can see the reordering, and that's why its common to debug unoptimized code.

Not only can the compiler reorder your code lines, it can also reorder all the individual operations within each line. The breakpoint will usually be set on the first instruction associated with the given line, but if you single-step through a function, you will typically see the program apparently jumping back to each line several times, and then you can see how the lines are interleaved.

Of course, when the compiler optimizes code by removing duplicated operations, it isn't always clear which source line a given instruction relates to, and then you may seem some very counter intuitive behaviour.

Finally, the compiler is free to completely remove any code that is either not used, or else can be combined with another, so it might not appear to hit a code line at all.

ams
  • 24,923
  • 4
  • 54
  • 75
  • ohh I see! To build the code I used: "gcc -g -o char_array2 char_array2.c" – jimbo123 Jan 22 '13 at 22:52
  • Oh okay. I have not gotten to the part of the book (Hacking The Art of Exploitation) where it explains what the switches do. I know that -g is for debugging. I thought that -o enabled optimization, or should it be -0? – jimbo123 Jan 24 '13 at 16:49
  • `-o` lets you provide a name for the output file. `-O` is for optimizations. `-0` isn't a flag at all. – Carl Norum Jan 24 '13 at 17:51
  • hello Carl. I looked on the GCC website to confirm what you said and you are right. -o lets you name a file and -O gives 4 levels of optimization. But when I use "gcc -0 char_array2.c", it gives me an a.out file. I mean it compiles as normal. – jimbo123 Jan 24 '13 at 20:21
0

Line number 10 out of range; char_array2.c has 9 lines is highly suspicious. I think, your GDB fails to determine end of line. Convert \n to \r\n in your source file, and set up your editor to use \r\n

Also, I agree with ams, to be completely sure, compile with explicit -g -O0 options.

Konstantin Vladimirov
  • 6,791
  • 1
  • 27
  • 36
  • 1
    Sorry the reason it says that is because when I was using terminal on Mac, after typing 'list' I pressed return again. – jimbo123 Jan 24 '13 at 16:45