菜鸟笔记
提升您的技术认知

dmesg 程序崩溃调试

[root@localhost log]# cat -n /root/xx.c
     1
     2
     3  #include <stdio.h>
     4
     5  void func(char *p)
     6  {
     7  *p = 'p';
     8  }
     9
    10  int main(int argc, char *argv[])
    11  {
    12  char *p=NULL;
    13  func(p);
    14
    15  return 0;
    16  }

[root@localhost log]# /root/xx
 
[root@localhost log]# dmesg 

xx[8226]: segfault at 0 ip 0000000000400454 sp 00007fffcb8b6360 error 6 in xx[400000+1000]
[root@localhost log]# objdump -d /root/xx

/root/xx:     file format elf64-x86-64

Disassembly of section .init:

0000000000400338 <_init>:
  400338:       48 83 ec 08             sub    $0x8,%rsp
  40033c:       e8 5b 00 00 00          callq  40039c <call_gmon_start>
  400341:       e8 da 00 00 00          callq  400420 <frame_dummy>
  400346:       e8 d5 01 00 00          callq  400520 <__do_global_ctors_aux>
  40034b:       48 83 c4 08             add    $0x8,%rsp
  40034f:       c3                      retq   
Disassembly of section .plt:

0000000000400350 <__libc_start_main@plt-0x10>:
  400350:       ff 35 d2 04 20 00       pushq  2098386(%rip)        # 600828 <_GLOBAL_OFFSET_TABLE_+0x8>
  400356:       ff 25 d4 04 20 00       jmpq   *2098388(%rip)        # 600830 <_GLOBAL_OFFSET_TABLE_+0x10>
  40035c:       0f 1f 40 00             nopl   0x0(%rax)

0000000000400360 <__libc_start_main@plt>:
  400360:       ff 25 d2 04 20 00       jmpq   *2098386(%rip)        # 600838 <_GLOBAL_OFFSET_TABLE_+0x18>
  400366:       68 00 00 00 00          pushq  $0x0
  40036b:       e9 e0 ff ff ff          jmpq   400350 <_init+0x18>
Disassembly of section .text:

0000000000400370 <_start>:
  400370:       31 ed                   xor    %ebp,%ebp
  400372:       49 89 d1                mov    %rdx,%r9
  400375:       5e                      pop    %rsi
  400376:       48 89 e2                mov    %rsp,%rdx
  400379:       48 83 e4 f0             and    $0xfffffffffffffff0,%rsp
  40037d:       50                      push   %rax
  40037e:       54                      push   %rsp
  40037f:       49 c7 c0 80 04 40 00    mov    $0x400480,%r8
  400386:       48 c7 c1 90 04 40 00    mov    $0x400490,%rcx
  40038d:       48 c7 c7 59 04 40 00    mov    $0x400459,%rdi
  400394:       e8 c7 ff ff ff          callq  400360 <__libc_start_main@plt>
  400399:       f4                      hlt    
  40039a:       90                      nop    
  40039b:       90                      nop    

000000000040039c <call_gmon_start>:
  40039c:       48 83 ec 08             sub    $0x8,%rsp
  4003a0:       48 8b 05 71 04 20 00    mov    2098289(%rip),%rax        # 600818 <_DYNAMIC+0x190>
  4003a7:       48 85 c0                test   %rax,%rax
  4003aa:       74 02                   je     4003ae <call_gmon_start+0x12>
  4003ac:       ff d0                   callq  *%rax
  4003ae:       48 83 c4 08             add    $0x8,%rsp
  4003b2:       c3                      retq   
  4003b3:       90                      nop    
  4003b4:       90                      nop    
  4003b5:       90                      nop    
  4003b6:       90                      nop    
  4003b7:       90                      nop    
  4003b8:       90                      nop    
  4003b9:       90                      nop    
  4003ba:       90                      nop    
  4003bb:       90                      nop    
  4003bc:       90                      nop    
  4003bd:       90                      nop    
  4003be:       90                      nop    
  4003bf:       90                      nop    

00000000004003c0 <__do_global_dtors_aux>:
  4003c0:       55                      push   %rbp
  4003c1:       48 89 e5                mov    %rsp,%rbp
  4003c4:       53                      push   %rbx
  4003c5:       48 83 ec 08             sub    $0x8,%rsp
  4003c9:       80 3d 80 04 20 00 00    cmpb   $0x0,2098304(%rip)        # 600850 <completed.6145>
  4003d0:       75 44                   jne    400416 <__do_global_dtors_aux+0x56>
  4003d2:       b8 78 06 60 00          mov    $0x600678,%eax
  4003d7:       48 2d 70 06 60 00       sub    $0x600670,%rax
  4003dd:       48 c1 f8 03             sar    $0x3,%rax
  4003e1:       48 8d 58 ff             lea    0xffffffffffffffff(%rax),%rbx
  4003e5:       48 8b 05 5c 04 20 00    mov    2098268(%rip),%rax        # 600848 <dtor_idx.6147>
  4003ec:       48 39 c3                cmp    %rax,%rbx
  4003ef:       76 1e                   jbe    40040f <__do_global_dtors_aux+0x4f>
  4003f1:       48 83 c0 01             add    $0x1,%rax
  4003f5:       48 89 05 4c 04 20 00    mov    %rax,2098252(%rip)        # 600848 <dtor_idx.6147>
  4003fc:       ff 14 c5 70 06 60 00    callq  *0x600670(,%rax,8)
  400403:       48 8b 05 3e 04 20 00    mov    2098238(%rip),%rax        # 600848 <dtor_idx.6147>
  40040a:       48 39 c3                cmp    %rax,%rbx
  40040d:       77 e2                   ja     4003f1 <__do_global_dtors_aux+0x31>
  40040f:       c6 05 3a 04 20 00 01    movb   $0x1,2098234(%rip)        # 600850 <completed.6145>
  400416:       48 83 c4 08             add    $0x8,%rsp
  40041a:       5b                      pop    %rbx
  40041b:       c9                      leaveq 
  40041c:       c3                      retq   
  40041d:       0f 1f 00                nopl   (%rax)

0000000000400420 <frame_dummy>:
  400420:       55                      push   %rbp
  400421:       48 83 3d 57 02 20 00    cmpq   $0x0,2097751(%rip)        # 600680 <__JCR_END__>
  400428:       00 
  400429:       48 89 e5                mov    %rsp,%rbp
  40042c:       74 16                   je     400444 <frame_dummy+0x24>
  40042e:       b8 00 00 00 00          mov    $0x0,%eax
  400433:       48 85 c0                test   %rax,%rax
  400436:       74 0c                   je     400444 <frame_dummy+0x24>
  400438:       bf 80 06 60 00          mov    $0x600680,%edi
  40043d:       49 89 c3                mov    %rax,%r11
  400440:       c9                      leaveq 
  400441:       41 ff e3                jmpq   *%r11
  400444:       c9                      leaveq 
  400445:       c3                      retq   
  400446:       90                      nop    
  400447:       90                      nop    

0000000000400448 <func>:
  400448:       55                      push   %rbp
  400449:       48 89 e5                mov    %rsp,%rbp
  40044c:       48 89 7d f8             mov    %rdi,0xfffffffffffffff8(%rbp)
  400450:       48 8b 45 f8             mov    0xfffffffffffffff8(%rbp),%rax
  400454:       c6 00 70                movb   $0x70,(%rax)
  400457:       c9                      leaveq 
  400458:       c3                      retq   

0000000000400459 <main>:
  400459:       55                      push   %rbp
  40045a:       48 89 e5                mov    %rsp,%rbp
  40045d:       48 83 ec 20             sub    $0x20,%rsp
  400461:       89 7d ec                mov    %edi,0xffffffffffffffec(%rbp)
  400464:       48 89 75 e0             mov    %rsi,0xffffffffffffffe0(%rbp)
  400468:       48 c7 45 f8 00 00 00    movq   $0x0,0xfffffffffffffff8(%rbp)
  40046f:       00 
  400470:       48 8b 7d f8             mov    0xfffffffffffffff8(%rbp),%rdi
  400474:       e8 cf ff ff ff          callq  400448 <func>
  400479:       b8 00 00 00 00          mov    $0x0,%eax
  40047e:       c9                      leaveq 
  40047f:       c3                      retq   

0000000000400480 <__libc_csu_fini>:
  400480:       f3 c3                   repz retq 
  400482:       0f 1f 80 00 00 00 00    nopl   0x0(%rax)
  400489:       0f 1f 80 00 00 00 00    nopl   0x0(%rax)

0000000000400490 <__libc_csu_init>:
  400490:       4c 89 64 24 e0          mov    %r12,0xffffffffffffffe0(%rsp)
  400495:       4c 89 6c 24 e8          mov    %r13,0xffffffffffffffe8(%rsp)
  40049a:       4c 8d 25 bb 01 20 00    lea    2097595(%rip),%r12        # 60065c <__fini_array_end>
  4004a1:       4c 89 74 24 f0          mov    %r14,0xfffffffffffffff0(%rsp)
  4004a6:       4c 89 7c 24 f8          mov    %r15,0xfffffffffffffff8(%rsp)
  4004ab:       49 89 f6                mov    %rsi,%r14
  4004ae:       48 89 5c 24 d0          mov    %rbx,0xffffffffffffffd0(%rsp)
  4004b3:       48 89 6c 24 d8          mov    %rbp,0xffffffffffffffd8(%rsp)
  4004b8:       48 83 ec 38             sub    $0x38,%rsp
  4004bc:       41 89 ff                mov    %edi,%r15d
  4004bf:       49 89 d5                mov    %rdx,%r13
  4004c2:       e8 71 fe ff ff          callq  400338 <_init>
  4004c7:       48 8d 05 8e 01 20 00    lea    2097550(%rip),%rax        # 60065c <__fini_array_end>
  4004ce:       49 29 c4                sub    %rax,%r12
  4004d1:       49 c1 fc 03             sar    $0x3,%r12
  4004d5:       4d 85 e4                test   %r12,%r12
  4004d8:       74 1e                   je     4004f8 <__libc_csu_init+0x68>
  4004da:       31 ed                   xor    %ebp,%ebp
  4004dc:       48 89 c3                mov    %rax,%rbx
  4004df:       90                      nop    
  4004e0:       48 83 c5 01             add    $0x1,%rbp
  4004e4:       4c 89 ea                mov    %r13,%rdx
  4004e7:       4c 89 f6                mov    %r14,%rsi
  4004ea:       44 89 ff                mov    %r15d,%edi
  4004ed:       ff 13                   callq  *(%rbx)
  4004ef:       48 83 c3 08             add    $0x8,%rbx
  4004f3:       49 39 ec                cmp    %rbp,%r12
  4004f6:       75 e8                   jne    4004e0 <__libc_csu_init+0x50>
  4004f8:       48 8b 5c 24 08          mov    0x8(%rsp),%rbx
  4004fd:       48 8b 6c 24 10          mov    0x10(%rsp),%rbp
  400502:       4c 8b 64 24 18          mov    0x18(%rsp),%r12
  400507:       4c 8b 6c 24 20          mov    0x20(%rsp),%r13
  40050c:       4c 8b 74 24 28          mov    0x28(%rsp),%r14
  400511:       4c 8b 7c 24 30          mov    0x30(%rsp),%r15
  400516:       48 83 c4 38             add    $0x38,%rsp
  40051a:       c3                      retq   
  40051b:       90                      nop    
  40051c:       90                      nop    
  40051d:       90                      nop    
  40051e:       90                      nop    
  40051f:       90                      nop    

0000000000400520 <__do_global_ctors_aux>:
  400520:       55                      push   %rbp
  400521:       48 89 e5                mov    %rsp,%rbp
  400524:       53                      push   %rbx
  400525:       bb 60 06 60 00          mov    $0x600660,%ebx
  40052a:       48 83 ec 08             sub    $0x8,%rsp
  40052e:       48 8b 05 2b 01 20 00    mov    2097451(%rip),%rax        # 600660 <__CTOR_LIST__>
  400535:       48 83 f8 ff             cmp    $0xffffffffffffffff,%rax
  400539:       74 14                   je     40054f <__do_global_ctors_aux+0x2f>
  40053b:       0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)
  400540:       48 83 eb 08             sub    $0x8,%rbx
  400544:       ff d0                   callq  *%rax
  400546:       48 8b 03                mov    (%rbx),%rax
  400549:       48 83 f8 ff             cmp    $0xffffffffffffffff,%rax
  40054d:       75 f1                   jne    400540 <__do_global_ctors_aux+0x20>
  40054f:       48 83 c4 08             add    $0x8,%rsp
  400553:       5b                      pop    %rbx
  400554:       c9                      leaveq 
  400555:       c3                      retq   
  400556:       90                      nop    
  400557:       90                      nop    
Disassembly of section .fini:

0000000000400558 <_fini>:
  400558:       48 83 ec 08             sub    $0x8,%rsp
  40055c:       e8 5f fe ff ff          callq  4003c0 <__do_global_dtors_aux>
  400561:       48 83 c4 08             add    $0x8,%rsp
  400565:       c3                      retq   


[root@localhost log]# objdump -d /root/xx |grep -C5 400454 0000000000400448 <func>: 400448: 55 push %rbp 400449: 48 89 e5 mov %rsp,%rbp 40044c: 48 89 7d f8 mov %rdi,0xfffffffffffffff8(%rbp) 400450: 48 8b 45 f8 mov 0xfffffffffffffff8(%rbp),%rax 400454: c6 00 70 movb $0x70,(%rax) 400457: c9 leaveq 400458: c3 retq 0000000000400459 <main>: 400459: 55 push %rbp

 

Usage: addr2line [option(s)] [addr(s)]
 Convert addresses into line number/file name pairs.
 If no addresses are specified on the command line, they will be read from stdin
 The options are:
  @<file>                Read options from <file>
  -b --target=<bfdname>  Set the binary file format
  -e --exe=<executable>  Set the input file name (default is a.out)
  -i --inlines           Unwind inlined functions
  -j --section=<name>    Read section-relative offsets instead of addresses
  -s --basenames         Strip directory names
  -f --functions         Show function names
  -C --demangle[=style]  Demangle function names
  -h --help              Display this information
  -v --version           Display the program's version


[root@localhost log]# addr2line -e /root/xx 0x400454
/root/xx.c:7

 

 

gdb调试:


[root@localhost ~]# gdb ./xx GNU gdb (GDB) 7.7 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-unknown-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./xx...done. (gdb) disas 0x400454 Dump of assembler code for function func: 0x0000000000400448 <+0>: push %rbp 0x0000000000400449 <+1>: mov %rsp,%rbp 0x000000000040044c <+4>: mov %rdi,-0x8(%rbp) 0x0000000000400450 <+8>: mov -0x8(%rbp),%rax 0x0000000000400454 <+12>: movb $0x70,(%rax) 0x0000000000400457 <+15>: leaveq 0x0000000000400458 <+16>: retq End of assembler dump.

(gdb) list func
1
2
3       #include <stdio.h>
4
5       void func(char *p)
6       {
7       *p = 'p';
8       }
9
10      int main(int argc, char *argv[])