Download
1 / 59
590 likes | 738 Views
Institute of Parallel and Distributed System (iPads) Shanghai Jiao Tong University Rong Chen rongchen @ sjtu.edu.cn. T UTORIAL L ESSON GNU Tools. OUTLINE. Pre-requisite Debugging Bomb!. Pre-requisite Debugging Bomb!. GNU Tools. GDB ( G nu D e B ugger ) Start your program
E N D
Institute of Parallel and Distributed System (iPads) Shanghai Jiao Tong University Rong Chen rongchen@sjtu.edu.cn TUTORIAL LESSONGNU Tools
OUTLINE Pre-requisite Debugging Bomb!
Pre-requisite Debugging Bomb!
GNU Tools • GDB(Gnu DeBugger) • Start your program • Stop on special conditions • Exams what has happened • Change thing in your program Institute of Parallel and Distributed System (iPads), SJTU
GNU Tools • GDB(Gnu DeBugger) • Commands • gdb <file> • break FUNC | *ADDR • run • print</?> $REG | ADDR • continue | stepi | nexti • quit Reference http://ipads.se.sjtu.edu.cn/courses/ics/tutorials/gdb-ref.txt Institute of Parallel and Distributed System (iPads), SJTU
GNU Tools • OBJDUMP(OBJect-file DUMP) • Display information from object files • Disassemble object file • Show file headers • Show symbol table • ... • Commands • objdump–d | -D <object-file>
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl $0x8048538,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl $0x804854b,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl $0x8048554,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
GNU Tools • Install GNU Tools • apt-get install build-essential • apt-get install gdb Institute of Parallel and Distributed System (iPads), SJTU
Pre-requisite Debugging Bomb! • bug & warning debugging examples
Bug & Warning • Bug • Grammar • int a b; • Semantics • int a[2]; a[2]=2; • Warning • int a; b=a; int a, b; a[0]=2; int a=0; b=a; Institute of Parallel and Distributed System (iPads), SJTU
Pre-requisite Debugging Bomb! bug & warning • debugging examples
Debugging • Debugging = Find + Fix Core Competency ! • Compiling (HINTS: don’t miss warning) • gcc–Wall –o test test.c • Debugging (HINTS: code review first) • gdb test Institute of Parallel and Distributed System (iPads), SJTU
Debugging • Debugging = Find + Fix + Experience • example#1: “Segmentation fault” • example#2: test.c:6: error: expected ‘,’ or ‘;’ before ‘struct’ test.c:9: warning: data definition has no type or storage class test.c:9: warning: type defaults to ‘int’ in ... test.c:16: warning: (near initialization for ‘s’) test.c:16: error: storage size of ‘s’ isn’t known test.c:21: error: request for member ‘a’ in something not a structure or union test.c:16: warning: unused variable ‘s’ Institute of Parallel and Distributed System (iPads), SJTU
Pre-requisite Debugging Bomb! Bug & Warning Debugging • Examples
Example#1 • test.c: In function ‘main’: • test.c:18: warning: implicit declaration of function ‘malloc’ • Example#2 • test.c:6: error: expected ‘,’ or ‘;’ before ‘struct’ • Example#3 • test.c:18: error: ‘j’ undeclared (first use in this function) • Example#4 • test.c:18: error: expected ‘;’ before ‘)’ token • test.c:18: error: expected statement before ‘)’ token • Example#5 • test.c:27: error: conflicting types for ‘test’ • test.c:4: note: previous declaration of ‘test’ was here
Example#1 • test.c:22: warning: ‘x’ is used uninitialized in this function • Example#2 • test.c:16: warning: unused variable ‘s’ • Example#3 • test.c:19: warning: too few arguments for format • test.c:22: warning: ‘x’ is used uninitialized in this function • Example#4 • test.c: In function ‘main’: • test.c:24: warning: control reaches end of non-void function • Example#5 • test.c: In function ‘test’: • test.c:30: warning: assignment makes pointer from integer without a cast
It’s a joke ^o^ • It’s a “Hello world!” • intmain(void) { • printf(“hello world!\n”); • return 0; • } • How about this code? • int main(void) { • printf(“hello world!\n”); • http://ipads.se.sjtu.edu.cn/courses/ics • return 0; • }
Pre-requisite Debugging Bomb! • Binary Bomb Defuse Bomb Using GDB
Defuse Bomb Right key Survive • What is Bomb ? • Only a binary file • What should you do ? • Find the key and defuse the bomb ! • What can you use ? • Anything from ICS course • Any tools Wrong key Bomb ! gdb calculator strings objdump paper pencil Institute of Parallel and Distributed System (iPads), SJTU
Demo • Please See Carefully ! • A binary bomb • Need a password to defuse it • Demo $./bomb input password: • bomb!... • $ • $./bomb • input password: • survive! 224 123
Pre-requisite Debugging Bomb! Binary Bomb • Defuse Bomb Using GDB
Step by Step • Machine Code to Assembly Code • objdump -D bomb > asm NAME objdump - display information from object files. SYNOPSIS objdump [-d|--disassemble] [-D|--disassemble-all] ... Institute of Parallel and Distributed System (iPads), SJTU
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl $0x8048538,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl $0x804854b,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl $0x8048554,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl $0x8048538,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl $0x804854b,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl $0x8048554,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
Step by Step • Find key functions and parameters • scanf: where does the password store ? • printf: which the instruction will print “bomb” ? Institute of Parallel and Distributed System (iPads), SJTU
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl $0x8048538,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl $0x804854b,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl $0x8048554,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl $0x8048538,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl $0x804854b,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl $0x8048554,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl $0x8048538,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl $0x804854b,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl $0x8048554,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl $0x8048538,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl $0x804854b,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl $0x8048554,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl $0x8048538,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl $0x804854b,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl $0x8048554,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
Step by Step • Find key functions and parameters • scanf: where does the password store ? • printf: which the instruction will print “bomb” ? • Find key strings • “bomb”, “survive” and “password” Institute of Parallel and Distributed System (iPads), SJTU
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl $0x8048538,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl $0x804854b,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl $0x8048554,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
i n p u t p a ss w o r d ... 8048538: 69 6e 70 75 74 20 70 imul $0x70207475,0x70 ... 804853f: 61 popa 8048540: 73 73 ... 8048542: 77 6f ... 8048544: 72 64 ... 8048546: 3a 00 ... 8048548: 25 64 00 ... 804854b: 73 75 ... 804854d: 72 76 ... 804854f: 69 76 65 21 00 ... 8048554: 62 6f 6d ... 8048557: 62 21 ... 8048559: 2e ... 804855a: 2e ... 804855b: 2e ... ... :\0 su rv iv e ! \0 bo m b! . . .
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl $0x8048538,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl $0x804854b,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl $0x8048554,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl password,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl survive,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl bomb,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
Step by Step • Find key functions and parameters • scanf: where does the password store ? • printf: which the instruction will print “bomb” ? • Find key strings • “bomb”, “survive” and “password” • Find key operators • jmp, change control flow • cmp, how to judgment condition Institute of Parallel and Distributed System (iPads), SJTU
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl password,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl survive ,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl bomb ,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl password ,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl survive,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl bomb,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl password ,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl survive ,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl bomb,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret Password !
Pre-requisite Debugging Bomb! Binary Bomb Defuse Bomb • Using GDB
Can we do it more efficiently and safely? • Defuse bomb using GDB • set breakpoint on the critical path • watch registers and/or memories • terminate program on demand • single step execution Institute of Parallel and Distributed System (iPads), SJTU
Command • GDB • gdb <file> • break FUNC | *ADDR • run • print</?> $REG | ADDR • continue | stepi | nexti • quit Institute of Parallel and Distributed System (iPads), SJTU
080483c4 <main>: ... 80483d5: c7 04 24 38 85 04 08 movl password,(%esp) 80483dc: e8 17 ff ffff call 80482f8 <printf@plt> 80483e1: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 80483e4: 89 44 24 04 mov %eax,0x4(%esp) 80483e8: c7 04 24 48 85 04 08 movl $0x8048548,(%esp) 80483ef: e8 e4 fe ff ff call 80482d8 <scanf@plt> 80483f4: 8b 45 f8 mov 0xfffffff8(%ebp),%eax 80483f7: 83 f8 7b cmp $0x7b,%eax 80483fa: 75 0e jne 804840a <main+0x46> 80483fc: c7 04 24 4b 85 04 08 movl survive,(%esp) 8048403: e8 c0 fe ff ff call 80482c8 <puts@plt> 8048408: eb 0c jmp 8048416 <main+0x52> 804840a: c7 04 24 54 85 04 08 movl bomb ,(%esp) 8048411: e8 b2 fe ff ff call 80482c8 <puts@plt> 8048416: b8 00 00 00 00 mov $0x0,%eax ... 8048423: c3 ret
$gdb bomb (gdb)
0x80483dc “password” $gdb bomb (gdb) break *0x80483dc Breakpoint 1 at 0x80483dc (gdb)
0x80483dc“password” 0x80483f7“compare” $gdb bomb (gdb) break *0x80483dc Breakpoint 1 at 0x80483dc (gdb) break *0x80483f7 Breakpoint 2 at 0x80483f7 (gdb)
0x80483dc “password” 0x80483f7 “compare” 0x8048403 “survive” $gdb bomb (gdb) break *0x80483dc Breakpoint 1 at 0x80483dc (gdb) break *0x80483f7 Breakpoint 2 at 0x80483f7 (gdb) break *0x8048403 Breakpoint 3 at 0x8048403 (gdb)
0x80483dc “password” 0x80483f7 “compare” 0x8048403 “survive” 0x8048411 “bomb” $gdb bomb (gdb) break *0x80483dc Breakpoint 1 at 0x80483dc (gdb) break *0x80483f7 Breakpoint 2 at 0x80483f7 (gdb) break *0x8048403 Breakpoint 3 at 0x8048403 (gdb) break *0x8048411 Breakpoint 4 at 0x8048411 (gdb)
0x80483dc “password” 0x80483f7 “compare” 0x8048403 “survive” 0x8048411 “bomb” $gdb bomb (gdb) break *0x80483dc Breakpoint 1 at 0x80483dc (gdb) break *0x80483f7 Breakpoint 2 at 0x80483f7 (gdb) break *0x8048403 Breakpoint 3 at 0x8048403 (gdb) break *0x8048411 Breakpoint 4 at 0x8048411 (gdb) run Starting program: /home/rong/tut1/bomb Breakpoint 1, 0x080483dc in main () (gdb)
