1. Getting the coredump
(1)set the core size to be unlimited (run it on each login)
$ ulimit -c unlimited
(2)Be at the directory writable by your permission
$ pwd
/home/users/red9057/week2
# run a program to generate a crash
red9057@blue9057-vm-ctf1 : ~/week2/samples
$ python -c 'print "A"*200' | ./frame-pointer-32
Segmentation fault (core dumped)
$ ls -ls
total 476
352 -rw------- 1 red9057 red9057 360448 Jan 25 14:06 core
CHECK THE MESSAGE "(core dumped)" and the generation of the 'core' file.
If you do not see the message or the core file on crash,
please run the following command again, and also check the current working
directory.
$ ulimit -c unlimited
2. Debug with coredump
$ gdb --core=core
This command will open a gdb session at the crash point. The coredump file
contains a system's status at the crash point, which includes memory,
register, type of signal on crash (mostly SIGSEGV), etc.
You cannot execute (e.g., using r, ni, si) because the execution was
terminated, but you can still check the memory.
3.Use GDB Debug
Core was generated by
./frame-pointer-32'.
Program terminated with signal SIGSEGV, Segmentation fault.
warning: Unexpected size of section `.reg-xstate/25202' in core file.
#0 0x08048635 in ?? ()
gdb-peda$
This output means that the coredump is generated by './frame-pointer-32',
and the program crashed at 0x8048635 with the signal SIGSEGV.
3-1. Checking register values.
Just type "i r" (info regs)
-- GDB --
gdb-peda$ i r
eax 0x0 0x0
ecx 0x7fffffa9 0x7fffffa9
edx 0xf7fb8870 0xf7fb8870
ebx 0x41414141 0x41414141
esp 0xffffd5c0 0xffffd5c0
ebp 0x41414141 0x41414141
esi 0xf7fb7000 0xf7fb7000
edi 0xf7fb7000 0xf7fb7000
eip 0x8048635 0x8048635
eflags 0x10286 [ PF SF IF RF ]
cs 0x23 0x23
ss 0x2b 0x2b
ds 0x2b 0x2b
es 0x2b 0x2b
fs 0x0 0x0
gs 0x63 0x63
k0 0x0 0x0
k1 0x0 0x0
k2 0x0 0x0
k3 0x0 0x0
k4 0x0 0x0
k5 0x0 0x0
k6 0x0 0x0