利用core 文件查找嵌入式程序中的溢出点
来源:互联网 发布:淘宝网单层不锈钢大水 编辑:程序博客网 时间:2024/06/14 10:49
2015年8月31日星期一 15:25:10
1、GDB工具准备
确保gdb工具版本在7.3.1以上, 一般使用最新版即可;
GDB官方下载地址: http://ftp.gnu.org/gnu/gdb/
相关文档: http://blog.csdn.net/lile777/article/details/48132703
[root@roger ~]#/usr/local/arm-gdb/bin/arm-linux-gdb
GNU gdb (GDB) 7.9.1
Copyright (C) 2015 Free SoftwareFoundation, Inc.
License GPLv3+: GNU GPL version 3 orlater <http://gnu.org/licenses/gpl.html>
This is free software: you are free tochange and redistribute it.
There is NO WARRANTY, to the extentpermitted by law. Type "showcopying"
and "show warranty" fordetails.
This GDB was configured as"--host=i686-pc-linux-gnu --target=arm-linux".
Type "show configuration" forconfiguration details.
For bug reporting instructions, pleasesee:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and otherdocumentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to searchfor commands related to "word".
(gdb)
2、程序的编译
gcc添加 -funwind-tables -g -rdynamic 参数,可直接在Makefile中修改
-funwind-tables 嵌入式版本需要添加
-g 生成操作系统本地格式的调试信息
-rdynamic 用来通知链接器将所有符号添加到动态符号表中
CC = arm-linux-gcc -funwind-tables -g –rdynamic
CXX = arm-linux-g++ -funwind-tables -g -rdynamic
3、嵌入式程序运行环境的设置
# ulimit -c unlimited // 设定足够的core空间
# echo “core.%e.%p” >/proc/sys/kernel/core_pattern /// 自定义core文件格式
以下是core文件名参数列表:
%p - insert pid intofilename 添加pid
%u - insert current uidinto filename 添加当前uid
%g - insert current gidinto filename 添加当前gid
%s - insert signal thatcaused the coredump into the filename 添加导致产生core的信号
%t - insert UNIX time thatthe coredump occurred into filename 添加生成时的unix时间
%h - insert hostname wherethe coredump happened into filename 添加主机名
%e - insert coredumpingexecutable name into filename 添加命令名(执行文件名)
/tmp1/chengxu # ulimit -c unlimited
/tmp1/chengxu # ulimit -c
unlimited
/tmp1/chengxu # ./tiaoshi1
card_buff[2] = FF,card_buff[3] = FF
Segmentation fault (core dumped) //// 此处生产 dum-core文件
/tmp1/chengxu # ls -lh cor*
-rw------- 1 root root 7.7M Aug 31 14:26 core.tiaoshi1.854
/tmp1/chengxu #
4、core文件的分析
将生成的core文件拷贝到编译嵌入式程序的主机上, 利用gdb工具查看堆栈信息;
[root@roger]#/usr/local/arm-gdb/bin/arm-linux-gdb ./tiaoshi1
GNU gdb(GDB) 7.9.1
Copyright(C) 2015 Free Software Foundation, Inc.
LicenseGPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This isfree software: you are free to change and redistribute it.
There isNO WARRANTY, to the extent permitted by law. Type "show copying"
and"show warranty" for details.
This GDBwas configured as "--host=i686-pc-linux-gnu --target=arm-linux".
Type"show configuration" for configuration details.
For bugreporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find theGDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help,type "help".
Type"apropos word" to search for commands related to "word"...
Readingsymbols from ./tiaoshi1...done.
(gdb) set solib-absolute-prefix /mnt/9260/lib/:/root/code/system/libqte // 自定义库路径
(gdb) set solib-search-path /mnt/9260/lib/:/root/code/system/libqte // 自定义库路径
(gdb)core-file ./core.tiaoshi1.854 // 导入core 文件
[New LWP854]
[New LWP869]
[New LWP859]
[New LWP867]
[New LWP868]
Core wasgenerated by `./tiaoshi1'.
Programterminated with signal SIGSEGV, Segmentation fault.
#0 ICcardread () at card_I2c.c:224
224 *ptr = 0x00;
(gdb) l /// 打印上下的代码
219 }//end
220 memset(NowLicense,0,19);
221 memcpy(NowLicense,&(card_buff[32]),18);
222
223 unsigned char *ptr = 0x00;
224 *ptr = 0x00;
225
226 //更新
227 if(NowLicense[0] != 0)
228 {
(gdb)
(gdb)info sharedlibrary
From To Syms Read Shared Object Library
0x401c8fd8 0x4060bda0 Yes /root/code/system/libqte/libqte-mt.so.3.3.8
0x4075efc8 0x407f884c Yes (*) /root/code/system/libqte/libstdc++.so.6.0.4
0x408143d4 0x4084bd4c Yes (*) /mnt/9260/lib/libm-2.3.90.so
0x4088c9fc 0x40892e34 Yes /mnt/9260/lib/libgcc_s.so.1
0x408b2a00 0x40984964 Yes (*) /mnt/9260/lib/libc-2.3.90.so
0x409b00a0 0x409ba210 Yes (*) /mnt/9260/lib/libpthread-0.10.so
0x40a06c8c 0x40a07be0 Yes (*) /mnt/9260/lib/libdl-2.3.90.so
0x40000ba0 0x400153c8 Yes (*) /mnt/9260/lib/ld-2.3.90.so
(*):Shared library is missing debugging information.
(gdb) bt
#0 ICcardread () at card_I2c.c:224
#1 0x0000e420 in ontimer_200ms_fun(signal=<optimized out>) at main.c:775
#2 <signal handler called>
#3 0x0000cef8 in main (argc=<optimizedout>, argv=<optimized out>) at main.c:600
(gdb)where
#0 ICcardread () at card_I2c.c:224
#1 0x0000e420 in ontimer_200ms_fun(signal=<optimized out>) at main.c:775
#2 <signal handler called>
#3 0x0000cef8 in main (argc=<optimizedout>, argv=<optimized out>) at main.c:600
(gdb)
至此, 找到了程序的溢出点。
That all.
- 利用core 文件查找嵌入式程序中的溢出点
- WinDbug 查找调试程序内存溢出点
- 【GDB调试学习笔记】利用core文件调试程序
- 嵌入式 产生core dump文件
- UNIX下查找CORE文件
- 利用Core Dump调试程序
- 利用GDB调试CORE文件
- 利用gdb调试core文件
- java 程序内存溢出问题查找
- java 程序内存溢出问题查找
- 利用监视点定位导致溢出的代码点
- 查找增强点程序02
- 查找增强点程序01
- 在linux下利用程序崩溃后的core文件分析bug
- 在linux下利用程序崩溃后的core文件分析bug
- 在linux下利用程序崩溃后的core文件分析bug
- 二分查找中的堆栈溢出错误
- 查找嵌入式C语言程序/软件中的缺陷的多种技术
- Hadoop第1~2周练习—Hadoop1.X和2.X安装
- OpenGL - Lighting
- 1127 -- 计算阶乘和
- 深入Python(4):深拷贝和浅拷贝
- Shell替换:变量替换,命令替换,转义字符
- 利用core 文件查找嵌入式程序中的溢出点
- 模态框----Bootstrap Modals基础使用详解
- C#把UNICODE编码转换为GB编码
- TextView内容中给部分设置字体颜色或大小
- 标题:伸展树的基本操作:
- 关于List集合使用 Linq 操作问题
- ssh用户等效性配置
- xUtils中DBUtils 数据库版本升级 说明
- Java中有关Null的9件事