When using gdb, I often get a nice list of parameters passed to functions. However, with certain functions like bind, I do not get the parameters:
(gdb) break bind
Breakpoint 1 at 0x404b40
(gdb) r
...
Breakpoint 1, bind () at ../sysdeps/unix/syscall-template.S:82
82 in ../sysdeps/unix/syscall-template.S
(gdb) bt
#0 bind () at ../sysdeps/unix/syscall-template.S:82
...
How can I still get the parameters passed to these functions?
bind is one of socket system calls. There is a special way to put breakpoints on system calls in gdb - catch syscall <syscall name>. After this kind of breakpoint hit, you can watch syscall parameters in registers according to kernel calling conventions. For x86_64, parameters are passed via %rdi, %rsi, %rdx, %r10, %r8 and %r9 registers. For x86-32 - via %ebx, %ecx, %edx, %esi, %edi, %ebp registers.
(gdb) catch syscall bind
Catchpoint 3 (syscall 'bind' [49])
(gdb) r
Starting program: /usr/bin/nmap google.com
Starting Nmap 5.00 ( http://nmap.org ) at 2012-03-16 01:09 PDT
Warning: Hostname google.com resolves to 6 IPs. Using 173.194.69.100.
Catchpoint 3 (call to syscall 'bind'), 0x00007ffff6520307 in bind ()
from /lib/libc.so.6
(gdb) info registers
rax 0xffffffffffffffda -38
rbx 0xb35870 11753584
rcx 0xffffffffffffffff -1
rdx 0x14 20
rsi 0x7fffffff7d90 140737488321936
rdi 0x8 8
rbp 0x8 0x8
rsp 0x7fffffff7d58 0x7fffffff7d58
r8 0xb 11
r9 0x8000 32768
r10 0x7fffffff7b00 140737488321280
r11 0x202 514
r12 0xb09630 11572784
r13 0xb359f0 11753968
r14 0x2 2
r15 0xc8 200
rip 0x7ffff6520307 0x7ffff6520307 <bind+7>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
---Type <return> to continue, or q <return> to quit---
gs 0x0 0
(gdb)
For example here %rdi contains first bind call parameter - socket file descriptor.
For x86-32 things are more complicated as socket system calls are implemented via socketcall system call. Thats why it's impossible to put catchpoint directly to bind. You can find more info about it here.
