12

So I'm doing some stack/heap digging with gdb and trying to grab the value for someInt, but have thrown my limited gdb knowledge to get at it w/o effect. I need to get the value of someInt using gdb, and it's only referenced at one location outside of the #define, line 20

#define someInt 0x11111111

void someFunc() {
   // ...
   int a = 0;
   if(a==someInt) {  //line 20
   //...
   }
}

After calling gdb on the compiled program I've tried gdb break 20 and then gdb x\dw $someInt I get No symbol 'someInt' in current context. If I try x/dw 0x11111111 I get 'Cannot access memory at address 0x11111111'. I can't recompile the code a la How do I print a #defined constant in GDB? and thus am lost as to how to print the value at that space.

How do I use gdb (most likely with x) to print out the value of someInt?

ks1322
  • 33,961
  • 14
  • 109
  • 164
Kurt Wagner
  • 3,295
  • 13
  • 44
  • 71
  • `grab the value for someInt` .... conceptual problem. What exactly is `someInt`?? – Sourav Ghosh Nov 12 '14 at 07:59
  • someInt is a value that if 'a' matches it, gives me (through the if statement) mock shell access to demonstrate a concept in a book – Kurt Wagner Nov 12 '14 at 08:04
  • So, you can see the define, but you would still like to know value of macro? Or do you need to print value of a? – dbrank0 Nov 12 '14 at 08:42
  • Do yourself a favour, and make sure your macro's all have UPPER_CASE names. That way, you're far less likely to confuse them with variables as you seem to be doing. Macro's are for the preprocessor to sort, once compiled, they no longer exist as such – Elias Van Ootegem Nov 12 '14 at 09:00

2 Answers2

13

The answer is here: GCC -g vs -g3 GDB Flag: What is the Difference?

Compile with -O0 -ggdb3:

gcc -O0 -ggdb3 source.c

From doc

-ggdblevel - Request debugging information and also use level to specify how much information. The default level is 2.

Level 3 includes extra information, such as all the macro definitions present in the program. Some debuggers support macro expansion when you use -g3.

9               if(a == someInt)
(gdb) list
4
5       int main()
6       {
7               int a=0;
8
9               if(a == someInt)
10              {
11                      printf("!\n");
12              }
13      }
(gdb) p someInt
$1 = 1111
Community
  • 1
  • 1
fukanchik
  • 2,811
  • 24
  • 29
0

yes. MACROS are usally exapanded and simply used as text replacement. That's why gdb reports , in your code, there is no someInt.

effecttively, after preprocessing, your code looks like

void someFunc() {
   // ...
   int a = 0;
   if(a==0x11111111) {  //line 20 //note the change
   //...
   }
}

so, in your binary, there is no existance of someInt.

Hint: Don't confuse someInt as a variable. Hope this helps.

Sourav Ghosh
  • 133,132
  • 16
  • 183
  • 261
  • 1
    Reclarified the question; I'm looking how to print out value at #define address using gdb (and in conjunction with with x), not modifying the code – Kurt Wagner Nov 12 '14 at 07:54
  • @KurtWagner and how do you exactly know `value at #define address` is accessible? What you're upto? – Sourav Ghosh Nov 12 '14 at 07:57
  • I'm following along in an exploitation book to better understand how people do things like stack/heap overflows and getting shell access. It's one of the problems so it should be feasible, I'm just not getting a gdb concept that is critical for this bit.... – Kurt Wagner Nov 12 '14 at 08:03
  • 1
    @KurtWagner: Object-like macros don't have any address. These are simply gone after preprocessing phase. Either recompile you program an use proper syntax from [GDB manual](http://sourceware.org/gdb/current/onlinedocs/gdb/Macros.html) or deduce it from program's source (or disasm if symbols are not available). – Grzegorz Szpetkowski Nov 12 '14 at 08:29
  • Ah OK, I'm thinking maybe I should trying using gdb on one of the registers then? With Intel architecture is there a place where the first/second arg's go in an if statement? – Kurt Wagner Nov 12 '14 at 09:21
  • @KurtWagner: Of course `gdb` allows you to examine particular registers if needed. You could also disassemble binary/object file by `objdump` command (see [this](http://stackoverflow.com/questions/1289881/using-gcc-to-produce-readable-assembly)). Note that resulting assembly is likely to be optimized by compiler (depending on optimization level and other switches) or even throwed away as "dead code", thus it may be non-trivial to follow-it. As a basic case x86-64 `%rbp` (as `a` is located on stack) register might be checked with `CMP` instruction (compare two values) in this specific case. – Grzegorz Szpetkowski Nov 12 '14 at 10:36
  • @KurtWagner: In addition to above I wouldn't rely on that `a` is really on stack. It might be throwed into some general-purpose register like `%ebx`. There is really no way to recognize registers-allocation without seeing disassembly at first. – Grzegorz Szpetkowski Nov 12 '14 at 10:48