strace, breakpoints, etc.

Question 1

strace

Answer 1

traces all system calls made by the program. -o for output file. -t for timestamp. -r for relative timestamps. -e to specify comma-separated list of syscalls to view. -p PID to attach to running process. Run as root. -c prints statistics on syscalls.

Question 2

breakpoint

Answer 2

set for functions, about to execute a specific instruction, etc. Allows examination of memory, variables, and registers at that point.

Question 3

break main
break EchoInput
break <address>
info brekapoints
disable/enable 1
delete 1</address>

Answer 3

breakpoint options. May want to add breakpoints at function returns (i.e., line after call) to see return values, etc.

Question 4

x/fmt address
ex. x/s argv[1]
print argv[1]

Answer 4

examine memory. Format is a number of lines to view plus x for hex, a for address, others.

Question 5

disassemble

Answer 5

Gives a running disassembly of the function with a pointer for eip.

Question 6

x/i <address>
x/5c argv[1]
x/10i address
x/20xw $register</address>

Answer 6

Decodes memory contents at address. /xw gives this in hex, /i is a decode to text, /c is characters.

Question 7

c

continue

Answer 7

Continue execution after breakpoint to next breakpoint

Question 8

stepi

step

Answer 8

Per assembly instruction or per code line line stepping. Stepi will step into functions like printf. Both take argument - number of times.

Question 9

print

Answer 9

Gives address of function