4

How do I set a breakpoint using GDB for x86 assembly code, when there is no symbol information, i.e. it is not possible to write b *_start.

I'd like to stop execution immediately, but writing b *0 isn't very useful, because this would stop execution at address 0, but I need to break execution at address x relative to the starting point (which is unknown when no symbol information is present).

Shuzheng
  • 11,288
  • 20
  • 88
  • 186
  • 3
    Is the executable readable? Then you can get its entry point using e.g. `objdump -f`. – Mark Plotnick Aug 17 '16 at 13:57
  • Actually, I'm trying to debug an executable that has its entry point changed by modification, such that execution starts at no label. – Shuzheng Aug 17 '16 at 15:07
  • 1
    You say: "executable that has its entry point changed by modification". So this program does have a known entry point? If not, how is it executed? – dbrank0 Aug 17 '16 at 15:37
  • Well, the executable in this case a Microsoft PE EXE has got its entrypoint field changed in its header, so that execution starts at a specific but rather arbitrary address, not backed up by any labels. – Shuzheng Aug 17 '16 at 16:58
  • 1
    @NicolasLykkeIversen: Right, so use a tool that will show you the numeric address of the entry point from the file metadata, and use `b *0x...` (copy/pasting the address, so you break at the entry point). That's what Mark was telling you to do with `objdump`. – Peter Cordes Aug 17 '16 at 18:10
  • Ahh, now I understand it - thanks. – Shuzheng Aug 17 '16 at 18:14

1 Answers1

4

Use something like objdump -f to show you the numeric value of the entry point address. Or inside gdb, info files will show you the entry point.

Copy/paste that value into a gdb command: b *0x... to break at the entry point. You can then single-step from there.

See also the bottom of the tag wiki for some asm-debugging tips, like layout reg.

Sample output from objdump -f:

/bin/ls:     file format elf64-x86-64
architecture: i386:x86-64, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x0000000000404870          <<---- copy this address

Instead of finding the entry-point address

b *0 will cause an error when gdb tries to set the breakpoint. This results in stopping before any instructions execute, at the entry point. Delete the bogus breakpoint (or it will keep erroring when you try to single-step or continue). Stopping at the first machine code instruction in GDB

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847