[Cygwin GDB] how to find Segmentation fault at 0x00401277 in main() function [Archive]

View Full Version : [Cygwin GDB] how to find Segmentation fault at 0x00401277 in main() function

deathhex

May 5th, 2010, 22:39

Hello people,

Well, I am using Cygwin GDB to debug a program, which is main.exe

Code:



$ gdb main.exe

GNU gdb 6.8.0.20080328-cvs (cygwin-special)

Copyright (C) 2008 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "i686-pc-cygwin"...

(gdb) break main

Breakpoint 1 at 0x401141

(gdb) run

Starting program: /cygdrive/c/C_CPP_ASM/Test3/main.exe

[New thread 2336.0xa7c]

[New thread 2336.0xf9c]



Breakpoint 1, 0x00401141 in main ()

(gdb) s

Single stepping until exit from function main,

which has no line number information.



a = 1

d = a = 1

b = 2

c = 4



!!!Hello World!!!



a = 1

d = a = 4202691

b = 6920660

c = 4198803



a = 1

d = a = 4202656

b = 6920660

c = 11123316



a = 5

d = a = 5

b = 6

c = 7



a = 5

d = a = 4202656

b = 6920660

c = 4198975



Program received signal SIGSEGV, Segmentation fault.

0x00401277 in main ()

(gdb)

As we could see that there is a Segmentation fault at 0x00401277 in main (). Therefore, how do we pin point or find out what causing it?

I have tried several ways:

Code:



(gdb) where

#0  0x00401277 in main ()

(gdb) bt

#0  0x00401277 in main ()

(gdb) frame

#0  0x00401277 in main ()

(gdb) list

1       /gnu/gcc/releases/packaging/4.3.4-3/gcc4-4.3.4-3/src/gcc-4.3.4/libgcc/..

/gcc/libgcc2.c: No such file or directory.

        in /gnu/gcc/releases/packaging/4.3.4-3/gcc4-4.3.4-3/src/gcc-4.3.4/libgcc

/../gcc/libgcc2.c

(gdb)

But it seems to be not working or unable to pin point the problem....

So, anyone mind teach me how to pin point or find the cause of the problem?

Thank you.

FrankRizzo

May 6th, 2010, 17:06

If it were me, I'd take the program that's crashing, and run it through IDA, and check the address that way. But I'm more of the "kill a fly with a sledgehammer" kinda guy.

deathhex

May 6th, 2010, 21:38

I got a solution by using " disassemble main ".

Code:



$ gdb main.exe

GNU gdb 6.8.0.20080328-cvs (cygwin-special)

Copyright (C) 2008 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "i686-pc-cygwin"...

(gdb) break main

Breakpoint 1 at 0x401141

(gdb) run

Starting program: /cygdrive/c/C_CPP_ASM/Test3/main.exe

[New thread 4004.0xfc0]

[New thread 4004.0x294]



Breakpoint 1, 0x00401141 in main ()

(gdb) step

Single stepping until exit from function main,

which has no line number information.



a = 1

d = a = 1

b = 2

c = 4



!!!Hello World!!!



a = 1

d = a = 4202691

b = 6920660

c = 4198803



a = 1

d = a = 4202656

b = 6920660

c = 11123316



a = 5

d = a = 5

b = 6

c = 7



a = 5

d = a = 4202656

b = 6920660

c = 4198975



Program received signal SIGSEGV, Segmentation fault.

0x00401277 in main ()

(gdb) set disassembly-flavor intel

(gdb) disassemble main

Dump of assembler code for function main:

0x00401130 <main+0>:    lea    ecx,[esp+0x4]

0x00401134 <main+4>:    and    esp,0xfffffff0

0x00401137 <main+7>:    push   DWORD PTR [ecx-0x4]

0x0040113a <main+10>:   push   ebp

0x0040113b <main+11>:   mov    ebp,esp

0x0040113d <main+13>:   push   ecx

0x0040113e <main+14>:   sub    esp,0x4

0x00401141 <main+17>:   call   0x4012c0 <__main>

0x00401146 <main+22>:   mov    DWORD PTR [ebp-0x10],0x2

0x0040114d <main+29>:   mov    DWORD PTR [ebp-0xc],0x4

0x00401154 <main+36>:   mov    eax,ds:0x40200c

0x00401159 <main+41>:   mov    DWORD PTR [ebp-0x8],eax

0x0040115c <main+44>:   mov    edx,DWORD PTR ds:0x40200c

0x00401162 <main+50>:   mov    eax,DWORD PTR [ebp-0xc]

0x00401165 <main+53>:   mov    DWORD PTR [esp+0x10],eax

0x00401169 <main+57>:   mov    eax,DWORD PTR [ebp-0x10]

0x0040116c <main+60>:   mov    DWORD PTR [esp+0xc],eax

0x00401170 <main+64>:   mov    eax,DWORD PTR [ebp-0x8]

0x00401173 <main+67>:   mov    DWORD PTR [esp+0x8],eax

0x00401177 <main+71>:   mov    DWORD PTR [esp+0x4],edx

0x0040117b <main+75>:   mov    DWORD PTR [esp],0x4020a0

0x00401182 <main+82>:   call   0x4012c8 <printf>

0x00401187 <main+87>:   mov    DWORD PTR [esp],0x4020c3

---Type <return> to continue, or q <return> to quit---

0x0040118e <main+94>:   call   0x4012d0 <puts>

0x00401193 <main+99>:   mov    edx,DWORD PTR ds:0x40200c

0x00401199 <main+105>:  mov    eax,DWORD PTR [ebp-0xc]

0x0040119c <main+108>:  mov    DWORD PTR [esp+0x10],eax

0x004011a0 <main+112>:  mov    eax,DWORD PTR [ebp-0x10]

0x004011a3 <main+115>:  mov    DWORD PTR [esp+0xc],eax

0x004011a7 <main+119>:  mov    eax,DWORD PTR [ebp-0x8]

0x004011aa <main+122>:  mov    DWORD PTR [esp+0x8],eax

0x004011ae <main+126>:  mov    DWORD PTR [esp+0x4],edx

0x004011b2 <main+130>:  mov    DWORD PTR [esp],0x4020a0

0x004011b9 <main+137>:  call   0x4012c8 <printf>

0x004011be <main+142>:  mov    edx,DWORD PTR [ebp-0x10]

0x004011c1 <main+145>:  mov    eax,DWORD PTR [ebp-0x8]

0x004011c4 <main+148>:  add    eax,edx

0x004011c6 <main+150>:  mov    DWORD PTR [ebp-0xc],eax

0x004011c9 <main+153>:  mov    edx,DWORD PTR ds:0x40200c

0x004011cf <main+159>:  mov    eax,DWORD PTR [ebp-0xc]

0x004011d2 <main+162>:  mov    DWORD PTR [esp+0x10],eax

0x004011d6 <main+166>:  mov    eax,DWORD PTR [ebp-0x10]

0x004011d9 <main+169>:  mov    DWORD PTR [esp+0xc],eax

0x004011dd <main+173>:  mov    eax,DWORD PTR [ebp-0x8]

0x004011e0 <main+176>:  mov    DWORD PTR [esp+0x8],eax

0x004011e4 <main+180>:  mov    DWORD PTR [esp+0x4],edx

0x004011e8 <main+184>:  mov    DWORD PTR [esp],0x4020a0

---Type <return> to continue, or q <return> to quit---

0x004011ef <main+191>:  call   0x4012c8 <printf>

0x004011f4 <main+196>:  mov    DWORD PTR ds:0x40200c,0x5

0x004011fe <main+206>:  mov    DWORD PTR [ebp-0x10],0x6

0x00401205 <main+213>:  mov    DWORD PTR [ebp-0xc],0x7

0x0040120c <main+220>:  mov    eax,ds:0x40200c

0x00401211 <main+225>:  mov    DWORD PTR [ebp-0x8],eax

0x00401214 <main+228>:  mov    edx,DWORD PTR ds:0x40200c

0x0040121a <main+234>:  mov    eax,DWORD PTR [ebp-0xc]

0x0040121d <main+237>:  mov    DWORD PTR [esp+0x10],eax

0x00401221 <main+241>:  mov    eax,DWORD PTR [ebp-0x10]

0x00401224 <main+244>:  mov    DWORD PTR [esp+0xc],eax

0x00401228 <main+248>:  mov    eax,DWORD PTR [ebp-0x8]

0x0040122b <main+251>:  mov    DWORD PTR [esp+0x8],eax

0x0040122f <main+255>:  mov    DWORD PTR [esp+0x4],edx

0x00401233 <main+259>:  mov    DWORD PTR [esp],0x4020a0

0x0040123a <main+266>:  call   0x4012c8 <printf>

0x0040123f <main+271>:  mov    edx,DWORD PTR ds:0x40200c

0x00401245 <main+277>:  mov    eax,DWORD PTR [ebp-0xc]

0x00401248 <main+280>:  mov    DWORD PTR [esp+0x10],eax

0x0040124c <main+284>:  mov    eax,DWORD PTR [ebp-0x10]

0x0040124f <main+287>:  mov    DWORD PTR [esp+0xc],eax

0x00401253 <main+291>:  mov    eax,DWORD PTR [ebp-0x8]

0x00401256 <main+294>:  mov    DWORD PTR [esp+0x8],eax

0x0040125a <main+298>:  mov    DWORD PTR [esp+0x4],edx

---Type <return> to continue, or q <return> to quit---

0x0040125e <main+302>:  mov    DWORD PTR [esp],0x4020a0

0x00401265 <main+309>:  call   0x4012c8 <printf>

0x0040126a <main+314>:  mov    eax,0x0

0x0040126f <main+319>:  add    esp,0x4

0x00401272 <main+322>:  pop    ecx

0x00401273 <main+323>:  pop    ebp

0x00401274 <main+324>:  lea    esp,[ecx-0x4]

0x00401277 <main+327>:  ret

End of assembler dump.

(gdb)

However, I wanted to know was there any alternative method to pin point or find the root of cause?

Thank you.

disavowed

May 13th, 2010, 21:58

Looks like your stack pointer is getting munged at the end.

deathhex

May 17th, 2010, 04:09

The actual problem were:

Code:



0x0040113e <main+14>:   sub    esp,0x4

and

Code:



0x0040126f <main+319>:  add    esp,0x4

where by I have to change "sub esp, 0x4" to "sub esp, 0x18"

and

change "add esp, 0x4" to "add esp, 0x18".

Can anyone recommend any disassembler or debugger beside gdb, ollydbg and IDA pro?

Thank you.

disavowed

May 17th, 2010, 10:33

Quote:

[Originally Posted by deathhex;86551]Can anyone recommend any disassembler or debugger beside gdb, ollydbg and IDA pro?

If you have source code, Visual Studio's debugger is pretty good.
What functionality are you looking for that isn't already provided by OllyDbg or IDA?

deathhex

May 19th, 2010, 06:00

Quote:

[Originally Posted by disavowed;86554]If you have source code, Visual Studio's debugger is pretty good.
What functionality are you looking for that isn't already provided by OllyDbg or IDA?

Hello disavowed,

Thank you for the information that you have provided.

Is there a something like VMware with real time disassemble or debugger? It would be cool if we are executing the entire application or system and get to see all the registries, frames and etc etc.

On the other hand, I noticed that both Ollydbg and IDA PRO didn't break at the main() function on most binary executable application. However, mostly it break at the beginning (entry point) of the code segment. (PS: Sorry for my noobish, correct me if I am wrong).

Thank you.

disavowed

May 19th, 2010, 10:47

Bochs has an internal debugger like that. But you might be better off just using a kernel debugger like WinDbg instead.

deathhex

June 1st, 2010, 06:44

Quote:

[Originally Posted by disavowed;86589]Bochs has an internal debugger like that. But you might be better off just using a kernel debugger like WinDbg instead.

Thanks