4

I'm having a difficult to debug a program at assembly level because GDB is jumping some parts of the code. The code is:

#include <stdio.h>
#define BUF_SIZE 8

void getInput(){
    char buf[BUF_SIZE];
    gets(buf);
    puts(buf);
}

int main(int argc, char* argv){
    printf("Digite alguma coisa, tamanho do buffer eh: %d\n", BUF_SIZE);

    getInput();
    return 0;
}

The program was compiled with gcc -ggdb -fno-stack-protector -mpreferred-stack-boundary=4 -o exploit1 exploit1.c In gdb, I added break getInput and when I run disas getInput it returns me:

Dump of assembler code for function getInput:
0x00000000004005cc <+0>:    push   %rbp
0x00000000004005cd <+1>:    mov    %rsp,%rbp
0x00000000004005d0 <+4>:    sub    $0x10,%rsp
0x00000000004005d4 <+8>:    lea    -0x10(%rbp),%rax
0x00000000004005d8 <+12>:   mov    %rax,%rdi
0x00000000004005db <+15>:   mov    $0x0,%eax
0x00000000004005e0 <+20>:   callq  0x4004a0 <gets@plt>
0x00000000004005e5 <+25>:   lea    -0x10(%rbp),%rax
0x00000000004005e9 <+29>:   mov    %rax,%rdi
0x00000000004005ec <+32>:   callq  0x400470 <puts@plt>
0x00000000004005f1 <+37>:   nop
0x00000000004005f2 <+38>:   leaveq 
0x00000000004005f3 <+39>:   retq

If I type run I noticed that the program stops at the line 0x00000000004005d4 and not in the first line of the function 0x00000000004005cc as I expected. Why is this happening?

By the way, this is messing me up because I'm noticing that some extra data is being added to the Stack and I want to see step by step the stack growing.

Fnr
  • 2,096
  • 7
  • 41
  • 76
  • 2
    gdb is trying to be helpful and skips the function prologue. Use `b *getInput` to get a breakpoint at the very first instruction. – Jester Feb 05 '17 at 22:40
  • Thanks. I noticed also that the following is being added to the stack (x/8xw $rsp) in this order: 0x0 (???) 0x00400621 (ret val, ok), 0x00007fff (???), 0xffffdec0 (content of rbp, ok), 0x00007fff (???), 0xf7ffe168 (???), 0x0 0x0 (ok, this is the buf variable). Why is these extra data being added? is this some kind of paddind data to help avoid buffer overflow? – Fnr Feb 05 '17 at 22:53
  • It's padding for alignment. – Jester Feb 05 '17 at 22:56
  • I don't understand, to align what? should I open a new question for this? – Fnr Feb 05 '17 at 22:57
  • 1
    The x86-64 sysv abi mandates `rsp` to be 16 byte aligned. – Jester Feb 05 '17 at 22:58
  • Someone using the debugger, way to go! – Michael Petch Feb 05 '17 at 23:23
  • Related: [How does GDB determine the address to break at when you do "break function-name"?](https://stackoverflow.com/a/31451340) – Peter Cordes Aug 12 '20 at 03:18

1 Answers1

6

If I type run I noticed that the program stops at the line 0x00000000004005d4 and not in the first line of the function 0x00000000004005cc as I expected.

Your expectation is incorrect.

Why is this happening?

Because when you set breakpoint via break getInput, GDB sets the breakpoint after function prolog. From documentation:

-function function
  The value specifies the name of a function. Operations on function locations
  unmodified by other options (such as -label or -line) refer to the line that
  begins the body of the function. In C, for example, this is the line with the
  open brace.

If you want to set breakpoint on the first instruction, use break *getInput instead.

Documentation here and here.

Employed Russian
  • 199,314
  • 34
  • 295
  • 362