1

It looks like there is a way to inject C code into gdb via compile...code.

Is there a way to inject a single instruction in the command line? For example, something like:

>>> mov %rax, %rbx
# Undefined command: "mov".  Try "help".
Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
samuelbrody1249
  • 4,379
  • 1
  • 15
  • 58

1 Answers1

3

Not an easy interactive way that I know of; I don't think GDB has an assembler built-in to its command parser, just commands to disassemble code from memory. Probably in theory some kind of external assemble + load somewhere.

You can of course set $rbx = $rax to replicate the effect of that specific mov.

(GDB uses $ as a decorator for register names in GDB expressions.)

To play with single instructions and see what they do, your best bet is to put them in a .s file and build them into a static executable, which you can then single-step with GDB.

$ cat > foo.s
mov %rax, %rbx
(hit control-d here for EOF)
$ gcc -static -nostdlib foo.s
/usr/bin/ld: warning: cannot find entry symbol _start; defaulting to 0000000000401000
  (That's fine, the top of the .text section is where you want the entry point)
$ gdb ./a.out
(gdb) starti    # stop before the first instruction
(gdb) set $rax = 0x1234     # or whatever to make the effect visible
(gdb) si
(gdb) quit  # or starti to restart or whatever

If you let execution continue from there, it will of course segfault as it decodes the 00 00 bytes that follow the text section as add %al, (%rax).

Recent GDB seems to crash on starti with layout reg in your ~/.gdbinit if there's no symbol for the entry point, unfortunately, so you might need to use .globl _start / _start: in your .s.

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
  • thanks, that's a great idea. Could you please briefly explain why it's necessary to pass `-static` into `gcc` to be able to run this? – samuelbrody1249 Aug 22 '20 at 21:14
  • 1
    @samuelbrody1249: It's actually not necessary; a PIE with no libraries will also work for this. See [What's the difference between "statically linked" and "not a dynamic executable" from Linux ldd?](https://stackoverflow.com/q/61553723). `-no-pie` (implied by `-static`) generally simplifies things by making symbol addresses link-time constants, and making static addresses in the low 2G of address space, so symbol references can use 32-bit absolute addresses, like `mov array(%rdi), %eax` instead of having to RIP-relative LEA `array(%rip)` into a GP register. – Peter Cordes Aug 22 '20 at 21:18
  • thanks, out of curiosity how did you get so...good with assembly? What would be your suggestions for improving it on my end (sorry for the broad question in a comment). – samuelbrody1249 Aug 22 '20 at 21:41
  • 1
    @samuelbrody1249: play with it; look at compiler output and see if it looks optimal or not (e.g. https://agner.org/optimize/ and other CPU architecture stuff to learn what's fast: https://stackoverflow.com/tags/x86/info), and try tweaking it to see if you can do better. Answer Stack Overflow questions about it. Play around with the tools like GCC, `readelf`, and so on to get some practical experience with how the pieces fit together. [How to remove "noise" from GCC/clang assembly output?](https://stackoverflow.com/q/38552116) and Matt Godbolt's CppCon talk (in that link) are a good start. – Peter Cordes Aug 22 '20 at 21:44
  • 1
    And have a look at how libraries do things, like glibc's hand-written asm for memcmp / strlen and so on, and x264's hand-written asm. Also how glibc uses dynamic linker tricks to do CPU dispatching to select a good version of asm functions at runtime. – Peter Cordes Aug 22 '20 at 21:46
  • thanks for the suggestions! Already found this which should be a gentler intro to that optimization site: https://www.youtube.com/watch?v=ee9_HgShh8s&list=PLKK11LigqithMn_3ipTSSTZdbLHSh5Iy3. – samuelbrody1249 Aug 22 '20 at 21:48
  • 3
    @samuelbrody1249 Ok I guess if you want to spend 11 minutes watching someone talk about it and who Agner Fog is... Agner Fog writes well, seriously you can just start reading his asm optimization manual. Or skim through it until you find something that looks interesting, then dive in. If it turns out you don't understand why he's saying some things, go back and read about those concepts. See also performance links in https://stackoverflow.com/tags/x86/info, especially the CPU architecture stuff like David Kanter's Sandybridge write-up https://www.realworldtech.com/sandy-bridge/ with diagrams – Peter Cordes Aug 22 '20 at 21:58