6

Is it possible to run a process with gdb, modify some memory and then detach from the process afterwards?

I can't start the process from outside of gdb as I need to modify the memory, before the first instruction is executed.

When you detach from a process started with gdb, gdb will hang, but killing gdb from another process makes the debugged process still running.

I currently use the following script to launch the process:

echo '# custom gdb function that finds the entry_point an assigns it to $entry_point_address entry_point b *$entry_point_address run set *((char *)0x100004147) = 0xEB set *((char *)0x100004148) = 0xE2 detach # gdb hangs here quit # quit never gets executed ' | gdb -quiet "$file"

This happens in both of my gdb versions:

GNU gdb 6.3.50-20050815 (Apple version gdb-1824) GNU gdb 6.3.50-20050815 (Apple version gdb-1822 + reverse.put.as patches v0.4)
Improve this question
4
  • What? You're using 6.3? That was released almost a decade back. Commented Jul 12, 2013 at 5:10
  • @devnull It's the newest version released by Apple, which includes OS X related features. As Apple is preferring llvm+clang instead of gcc, it makes sense that they would also prefer lldb over gdb. Commented Jul 12, 2013 at 11:36
  • Why do you need to detach? Why not just leave gdb running? Commented Jul 22, 2013 at 15:45
  • @PaulBeusterien I would prefer if I didn't have multiple instances of gdb running, just because detach doesn't work. Commented Jul 22, 2013 at 18:57

1 Answer 1

Reset to default
8
+50

I'm pretty sure that you can't detach from an inferior processes that was started directly under gdb, however, something like the following might work for you, this is based on a recent gdb, I don't know how much of this will work on version 6.3.

Create a small shell script, like this:

#! /bin/sh echo $$ sleep 10 exec /path/to/your/program arg1 arg2 arg3

Now start this up, spot the pid from echo $$, and attach to the shell script like this gdb -p PID. Once attached you can:

(gdb) set follow-fork-mode child (gdb) catch exec (gdb) continue Continuing. [New process NEW-PID] process NEW-PID is executing new program: /path/to/your/program [Switching to process NEW-PID] Catchpoint 1 (exec'd /path/to/your/program), 0x00007f40d8e9fc80 in _start () (gdb)

You can now modify the child process as required. Once you're finished just do:

(gdb) detach

And /path/to/your/program should resume (or start in this case) running.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.