GDB 用法之参数输入

xiaozhiwise

已于 2023-09-21 00:56:29 修改

阅读量553

点赞数

分类专栏： Linux 文章标签： linux

于 2023-09-21 00:26:03 首次发布

本文链接：https://blog.csdn.net/xiaozhiwise/article/details/133108377

版权

Linux 专栏收录该内容

92 篇文章 1 订阅

订阅专栏

逆向时碰到 getopt_long 函数，要进入while循环里调测一下，使用 set args -ac，这里的-不能丢，否则getopt_long返回-1。

80491a2: e8 19 fd ff ff call 8048ec0 <getopt_long@plt> */

   char *option = "aAcGhH:npglsuUVZ";
   int var_44 = 0;
   while ((var_44 = getopt_long(argc, argv, option, buff_d8, NULL) != -1) {
       switch (var_44) {
           case 'u':
               break;
       }
   }
   // je 80493d1

/*80491a7:   83 f8 ff                cmp    $0xffffffff,%eax   // eax=-1   // eax=-1, zf=1
80491aa:   0f 84 21 02 00 00       je     80493d1 <tigetstr@plt+0x381>   // yes , zf=1, jump
80491b0:   83 e8 41                sub    $0x41,%eax                   // eax=eax-0x41
80491b3:   83 f8 34                cmp    $0x34,%eax                   // eax=eax-0x34
80491b6:   0f 87 87 01 00 00       ja     8049343 <tigetstr@plt+0x2f3>   // (CF or ZF)=0, jump
80491bc:   ff 24 85 c0 ba 04 08    jmp    *0x804bac0(,%eax,4)
80491c3:   c7 05 b0 d1 04 08 01    movl   $0x1,0x804d1b0

以上是反汇编代码节选，开始参数设置。

1.在调用 getopt_long 的地方打断点

b *0x80491a2

2.设置参数

set args -ac

3.查看参数

show args

4.执行

run

操作如下：
(gdb) b *0x80491a2
Breakpoint 1 at 0x80491a2

(gdb) set args aA
(gdb) show args
Argument list to give program being debugged when it is started is "aA".
(gdb) run
The program being debugged has been started already.
Start it from the beginning? (y or n) y
(gdb) n
0x080491a7 in main ()
=> 0x080491a7 <main+327>:   83 f8 ff   cmp    $0xffffffff,%eax
(gdb) n
0x080491aa in main ()
=> 0x080491aa <main+330>:   0f 84 21 02 00 00   je     0x80493d1 <main+881>
(gdb) n
0x080493d1 in main ()
=> 0x080493d1 <main+881>:   8b 45 08   mov    0x8(%ebp),%eax

设置参数失败，因为没有- 。

(gdb) set args -ac
(gdb) show args
Argument list to give program being debugged when it is started is "-ac".
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y

Breakpoint 1, 0x080491a2 in main ()
=> 0x080491a2 <main+322>:   e8 19 fd ff ff   call   0x8048ec0 <getopt_long@plt>
(gdb) n
0x080491a7 in main ()
=> 0x080491a7 <main+327>:   83 f8 ff   cmp    $0xffffffff,%eax
(gdb)
0x080491aa in main ()
=> 0x080491aa <main+330>:   0f 84 21 02 00 00   je     0x80493d1 <main+881>
(gdb)
0x080491b0 in main ()
=> 0x080491b0 <main+336>:   83 e8 41   sub    $0x41,%eax
(gdb) p/x $eax
$3 = 0x61

成功进入 while 循环。

还有其他的方式，简单写一下，都差不多。

1. gdb --args ./exe -ac

或

2. gdb ./exe

run -ac