I want to put a breakpoint in a Linux share library in specific offset ( in libTest.so in function 0x1234 ) while I debugging with GEF GDB. But I want to put it with gdb script.
If I run vmmap libTest.so I got
[ Legend: Code | Heap | Stack ]
Start End Offset Perm Path
0x00000012a1XXX 0x00000012a3XXX 0x00000000000000 r-x /lib/libTest.so
0x00000012a3XXX 0x00000012a5XXX 0x000000000XXXX --- /lib/libTest.so
0x00000012aXXXX 0x00000012aXXXX 0x000000000XXXX r-- /lib/libTest.so
0x00000012aXXXX 0x00000012aXXXX 0x000000000XXXX rw- /lib/libTest.so
So the first line is where the code located. So I want to put a breakpoint in 0x00000012a1XXX+0x1234
For now I put that code in GDB script
python
str = gdb.execute('vmmap libTest.so', False, True)
addr_base= (str.split('\n')[2].split(' ')[0])
gdb.execute('b '+addr_base+0x1234)
end
But that is bad code.
Is there any simple way?
Related
I'm writing a lkm to get sys_call_table address and I'm trying to get it by IDT (I have tested other methods and they work). The problem is that when I use rdmsrl to get register MSR_LSTAR, it's different each time.
I have tried function rdmsrl (MSR_LSTAR) and asm sentences in Ubuntu 18.04.1 with kernel 4.15.0-51.
asm("rdmsr" : "=a" (low), "=d" (high) : "c" (IA32_LSTAR));
system_call = (void*)(((long)high<<32) | low);
printk(KERN_INFO "system_call: 0x%llx", system_call);
rdmsrl(MSR_LSTAR, sct_off);
printk("sct_off: %016llx\n", sct_off);
The result is as follows:
system_call: 0xfffffe0000006000
system_call: 0xfffffe000008a000
system_call: 0xfffffe0000032000
Do you have CONFIG_RETPOLINE=y enabled? (check via cat /usr/src/`uname -r`/.config | grep RETPOLINE). If so, for CPUs where Kernel Page Table Isolation is enabled MSR_LSTAR holds the trampoline per-cpu entry SYSCALL64_entry_trampoline instead of the standard entry_SYSCALL_64 for your kernel version.
I need to compose a simple rmarkdown file, with text, code and the results of executed code included in a resulting PDF file. I would prefer if the source file is executable and self sifficient, voiding the need for a makefile.
This is the best I have been able to achieve, and it is far from good:
#!/usr/bin/env Rscript
library(knitr)
pandoc('hw_ch4.rmd', format='latex')
# TODO: how to NOT print the above commands to the resulting .pdf?
# TODO: how to avoid putting everyting from here on in ""s?
# TODO: how to avoid mentioning the file name above?
# TODO: how to render special symbols, such as tilde, miu, sigma?
# Unicode character (U+3BC) not set up for use with LaTeX.
# See the inputenc package documentation for explanation.
# nano hw_ch4.rmd && ./hw_ch4.rmd && evince hw_ch4.pdf
"
4E1. In the model definition below, which line is the likelihood?
A: y_i is the likelihood, based on the expectation and deviation.
4M1. For the model definition below, simulate observed heights from the prior (not the posterior).
A:
```{r}
points <- 10
rnorm(points, mean=rnorm(points, 0, 10), sd=runif(points, 0, 10))
```
4M3. Translate the map model formula below into a mathematical model definition.
A:
```{r}
flist <- alist(
y tilda dnorm( mu , sigma ),
miu tilda dnorm( 0 , 10 ),
sigma tilda dunif( 0 , 10 )
)
```
"
Result:
What I eventually came to use is the following header. At first it sounded neat, but later I realized
+ is indeed easy to compile in one step
- this is code duplication
- mixing executable script and presentation data in one file is a security risk.
Code:
#!/usr/bin/env Rscript
#<!---
library(rmarkdown)
argv <- commandArgs(trailingOnly=FALSE)
fname <- sub("--file=", "", argv[grep("--file=", argv)])
render(fname, output_format="pdf_document")
quit(status=0)
#-->
---
title:
author:
date: "compiled on: `r Sys.time()`"
---
The quit() line is supposed to guarantee that the rest of the file is treated as data. The <!--- and --> comments are to render the executable code as comments in the data interpretation. They are, in turn, hidden by the #s from the shell.
If I do something like this:
dumpbin myexe.exe
I got output similar to:
Dump of file myexe.exe
File Type: EXECUTABLE IMAGE
Summary
21000 .data
1000 .gfids
3C9000 .rdata
4F000 .reloc
B4000 .rsrc
325000 .text
1000 .tls
Second column (.data, .gfids, .rdata...) represents section name.
But what is first column? Section size?
This value is actually the aligned section size.
If you do dumpbin /headers myexe.exe, you will get a more verbose output. For example, dumpbin C:\Windows\explorer.exe on my system produces:
Dump of file c:\Windows\explorer.exe
File Type: EXECUTABLE IMAGE
Summary
4000 .data
1000 .didat
1000 .imrsiv
18000 .pdata
7B000 .rdata
6000 .reloc
1EA000 .rsrc
1C5000 .text
dumpbin /headers C:\Windows\explorer.exe, contains the output for the .text section as follows (... = lines omitted):
...
SECTION HEADER #1
.text name
1C4737 virtual size
1000 virtual address (0000000140001000 to 00000001401C5736)
1C4800 size of raw data
400 file pointer to raw data (00000400 to 001C4BFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
Execute Read
...
It also gives 1000 section alignment in the OPTIONAL HEADER VALUES section.
As you can see, the size of the .text section is actually 1C4737, when aligned, it becomes 1C5000, as reported in the /summary (which is the default option for dumpbin).
This question already has an answer here:
Error: Non-numeric character in statement label at (1)?
(1 answer)
Closed 6 years ago.
Compile .for format file using gfortran in my Linux cluster.
By typing gfortran -O2 calpuff.for -o calpuff.exe, there happened to be one error:
Unclassifiable statement
Error
In file calutils.for:2912
Included at calpuff.for:2115
cdeflt=ctext
Error: Unclassifiable statement at (1)
Corresponing calutil.for shows like:
c ----------------------------------------
c
character*132 ctext,cdeflt
c
c --- Microsoft variables
c *** integer*2 iarg,istat
c
c --- HP declaration
c *** external getarg
c *** external iargc
c
c --- The following is for any system without a command line routine
c --- and is also used as a default
cdeflt=ctext ## Line 2912
c
c ----------------------------------------
c ----------------
## Another subroutine.
c --- Sun compiler
c ----------------
numargs=IARGC()
if(numargs.ge.1)then
call GETARG(1,ctext)
endif
### Add another subroutine which are the only code related to `cdeflt`
c --- If no command line arguments, use default
if(ctext(1:1).eq.' ')ctext=cdeflt # Line 2954
return
end
Update
Thanks for #Alexander Vogt's remind, the code below is calpuff.for.
c----------------------------------------------------------------------
c --- BRING IN SUBROUTINES for MCHEM=6,7 OPTIONS (API)
include 'api_chem.for'
include 'isorropia.for'
c --- BRING IN CALPUFF SYSTEM UTILITY SUBROUTINES
include 'calutils.for' ### This is line 2115
include 'coordlib.for'
c----------------------------------------------------------------------
What's wrong with cdeflt=ctext? Can someone give some advice?
The actual error occurs in the lines afterwards:
c ----------------
c --- Sun compiler
c ----------------
numargs=IARGC()
if(numargs.ge.1)then
call GETARG(1,ctext)
endif
You just have five blanks in there, (at least) six are required. It should read
c ----------------
c --- Sun compiler
c ----------------
numargs=IARGC()
if(numargs.ge.1)then
call GETARG(1,ctext)
endif
In fixed form Fortran, the first six columns have a special meaning and may not be used for code.
Unfortunately, this (again) makes your question a duplicate of a multitude of others on SO.
I am trying to determine if the PC my app is running on is x64 or x86.
Here is my current code:
format PE GUI 4.0
include "Win32A.Inc"
entry start
section ".idata" import data readable writable
library kernel32,"KERNEL32.DLL",user32,"USER32.DLL"
import kernel32,\
IsWow64Process,"IsWow64Process",\
GetCurrentProcess,"GetCurrentProcess",\
ExitProcess,"ExitProcess"
import user32,\
MessageBox,"MessageBoxA"
section '.data' data readable writeable
hProcess dd ?
hResult dd ?
section '.code' code readable executable
start:
invoke GetCurrentProcess
mov [hProcess],eax
invoke IsWow64Process,hProcess,hResult
cmp [hResult],1
je Is64
cmp [hResult],0
je Is32
invoke ExitProcess,0
Is64:
invoke MessageBox,0,'64','AR',0
invoke ExitProcess,0
Is32:
invoke MessageBox,0,'32','AR',0
invoke ExitProcess,0
It simply crashes upon execution.
What is the proper way to check the value of a boolean, am I doing that part correctly?
Thanks for any help solving this issue.
To be able to declare inline strings, you need to include the extended headers:
include "Win32AX.Inc"
or else '64' and so on will be interpreted as constants.
You're also not passing hProcess as a value:
invoke IsWow64Process,[hProcess],hResult