Reading Questions

Remember to submit your answer to this quetion BEFORE the next class.

(ssedb: a minimal debugger). Debuggers are powerful tools which allow programmers to load and run executables, to attach to a already running process (even remote ones); and perform interesting actions.

In this problem, you'll learn what's going on under the hood of debugging, by implementing a minimal debugger called ssedb by yourself. And further, you'll understand how anti-debugging techniques can make debugging difficult, and how to overwhele these anti-debugging techniques.

Though small, ssedb debugger includes many features: loading files, setting up break points, stopping and continuing processes, peeking registers and memory, poking memory and registers, etc.. And finally, ssedb is also based-on ptrace, as do gdb, edb or ida pro, etc..

First, download the source file of ssedb to your Linux machine, along with a trivial testing program. Compile these two program files: 

          $ gcc -o ssedb ssedb.c
          $ gcc -o hello hello.c
And then run the debugger on hello: 
          $ ./ssedb hello
And you may try several commands now, for instance, the regs command: 
          (ssedb) regs
will display contents in registers. But note that command names are similar but not the same with gdb.

Now read the source file ssedb.c and answer the following questions. In this process, you may find this manual useful.

  1. How the regs command is implemented?
  2. Now, how the breaking point command b addr is implemented? In fact, there is a serious bug in current implementation we offered you. Let's check where is this bug. First run this 
          	$ objdump -d hello
    and figure out the address of the function main, suppose that address is 0xaddr on your machine. Now in the ssedb, you set up a break point on address 0xaddr by typing (remember this address must be in hexadecimal, which has a leading 0x): 
          	(ssedb) b 0xaddr
    and then let the debugger run to hit the break point: 
          	(ssedb) c
    now peek the registers: 
          	(ssedb) regs
    What's the value of eip? Is this value right? Why?

    And then disassembly the content at address 0xaddr. 

          	(ssedb) x/x 0xaddr
    What's there? Have you detected the bug? How to fix this bug?
  3. There is also a command to disassembly bianry into assembly intructions, but has not be completed. Now run 
          	(ssedb) x/i 0xaddr
    you'll see an error message indicating the file position you should supply code. Implement it. (Hint: manual disassemblying is tedious and error-prone, so you may find some libraries are helpful, such as the libdisasm.)
  4. (Hard.) Another feature missing from the ssedb is debugging symbols. For instance, when setting up breaking points, we'd like just to type a symbolic name, such as: 
          	(ssedb) b main
    instead of an ugly hexadecimal address for main. Implement this feature. (Hint: refer to the DEARF debugging format.)