Results 1 to 9 of 9

Thread: [Cygwin GDB] how to find Segmentation fault at 0x00401277 in main() function

  1. #1
    deathhex
    Guest

    Question [Cygwin GDB] how to find Segmentation fault at 0x00401277 in main() function

    Hello people,

    Well, I am using Cygwin GDB to debug a program, which is main.exe

    Code:
    $ gdb main.exe
    GNU gdb 6.8.0.20080328-cvs (cygwin-special)
    Copyright (C) 2008 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
    and "show warranty" for details.
    This GDB was configured as "i686-pc-cygwin"...
    (gdb) break main
    Breakpoint 1 at 0x401141
    (gdb) run
    Starting program: /cygdrive/c/C_CPP_ASM/Test3/main.exe
    [New thread 2336.0xa7c]
    [New thread 2336.0xf9c]
    
    Breakpoint 1, 0x00401141 in main ()
    (gdb) s
    Single stepping until exit from function main,
    which has no line number information.
    
    a = 1
    d = a = 1
    b = 2
    c = 4
    
    !!!Hello World!!!
    
    a = 1
    d = a = 4202691
    b = 6920660
    c = 4198803
    
    a = 1
    d = a = 4202656
    b = 6920660
    c = 11123316
    
    a = 5
    d = a = 5
    b = 6
    c = 7
    
    a = 5
    d = a = 4202656
    b = 6920660
    c = 4198975
    
    Program received signal SIGSEGV, Segmentation fault.
    0x00401277 in main ()
    (gdb)
    As we could see that there is a Segmentation fault at 0x00401277 in main (). Therefore, how do we pin point or find out what causing it?

    I have tried several ways:

    Code:
    (gdb) where
    #0  0x00401277 in main ()
    (gdb) bt
    #0  0x00401277 in main ()
    (gdb) frame
    #0  0x00401277 in main ()
    (gdb) list
    1       /gnu/gcc/releases/packaging/4.3.4-3/gcc4-4.3.4-3/src/gcc-4.3.4/libgcc/..
    /gcc/libgcc2.c: No such file or directory.
            in /gnu/gcc/releases/packaging/4.3.4-3/gcc4-4.3.4-3/src/gcc-4.3.4/libgcc
    /../gcc/libgcc2.c
    (gdb)
    But it seems to be not working or unable to pin point the problem....

    So, anyone mind teach me how to pin point or find the cause of the problem?

    Thank you.
    Attached Files Attached Files
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    If it were me, I'd take the program that's crashing, and run it through IDA, and check the address that way. But I'm more of the "kill a fly with a sledgehammer" kinda guy.

  3. #3
    deathhex
    Guest
    I got a solution by using " disassemble main ".

    Code:
    $ gdb main.exe
    GNU gdb 6.8.0.20080328-cvs (cygwin-special)
    Copyright (C) 2008 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
    and "show warranty" for details.
    This GDB was configured as "i686-pc-cygwin"...
    (gdb) break main
    Breakpoint 1 at 0x401141
    (gdb) run
    Starting program: /cygdrive/c/C_CPP_ASM/Test3/main.exe
    [New thread 4004.0xfc0]
    [New thread 4004.0x294]
    
    Breakpoint 1, 0x00401141 in main ()
    (gdb) step
    Single stepping until exit from function main,
    which has no line number information.
    
    a = 1
    d = a = 1
    b = 2
    c = 4
    
    !!!Hello World!!!
    
    a = 1
    d = a = 4202691
    b = 6920660
    c = 4198803
    
    a = 1
    d = a = 4202656
    b = 6920660
    c = 11123316
    
    a = 5
    d = a = 5
    b = 6
    c = 7
    
    a = 5
    d = a = 4202656
    b = 6920660
    c = 4198975
    
    Program received signal SIGSEGV, Segmentation fault.
    0x00401277 in main ()
    (gdb) set disassembly-flavor intel
    (gdb) disassemble main
    Dump of assembler code for function main:
    0x00401130 <main+0>:    lea    ecx,[esp+0x4]
    0x00401134 <main+4>:    and    esp,0xfffffff0
    0x00401137 <main+7>:    push   DWORD PTR [ecx-0x4]
    0x0040113a <main+10>:   push   ebp
    0x0040113b <main+11>:   mov    ebp,esp
    0x0040113d <main+13>:   push   ecx
    0x0040113e <main+14>:   sub    esp,0x4
    0x00401141 <main+17>:   call   0x4012c0 <__main>
    0x00401146 <main+22>:   mov    DWORD PTR [ebp-0x10],0x2
    0x0040114d <main+29>:   mov    DWORD PTR [ebp-0xc],0x4
    0x00401154 <main+36>:   mov    eax,ds:0x40200c
    0x00401159 <main+41>:   mov    DWORD PTR [ebp-0x8],eax
    0x0040115c <main+44>:   mov    edx,DWORD PTR ds:0x40200c
    0x00401162 <main+50>:   mov    eax,DWORD PTR [ebp-0xc]
    0x00401165 <main+53>:   mov    DWORD PTR [esp+0x10],eax
    0x00401169 <main+57>:   mov    eax,DWORD PTR [ebp-0x10]
    0x0040116c <main+60>:   mov    DWORD PTR [esp+0xc],eax
    0x00401170 <main+64>:   mov    eax,DWORD PTR [ebp-0x8]
    0x00401173 <main+67>:   mov    DWORD PTR [esp+0x8],eax
    0x00401177 <main+71>:   mov    DWORD PTR [esp+0x4],edx
    0x0040117b <main+75>:   mov    DWORD PTR [esp],0x4020a0
    0x00401182 <main+82>:   call   0x4012c8 <printf>
    0x00401187 <main+87>:   mov    DWORD PTR [esp],0x4020c3
    ---Type <return> to continue, or q <return> to quit---
    0x0040118e <main+94>:   call   0x4012d0 <puts>
    0x00401193 <main+99>:   mov    edx,DWORD PTR ds:0x40200c
    0x00401199 <main+105>:  mov    eax,DWORD PTR [ebp-0xc]
    0x0040119c <main+108>:  mov    DWORD PTR [esp+0x10],eax
    0x004011a0 <main+112>:  mov    eax,DWORD PTR [ebp-0x10]
    0x004011a3 <main+115>:  mov    DWORD PTR [esp+0xc],eax
    0x004011a7 <main+119>:  mov    eax,DWORD PTR [ebp-0x8]
    0x004011aa <main+122>:  mov    DWORD PTR [esp+0x8],eax
    0x004011ae <main+126>:  mov    DWORD PTR [esp+0x4],edx
    0x004011b2 <main+130>:  mov    DWORD PTR [esp],0x4020a0
    0x004011b9 <main+137>:  call   0x4012c8 <printf>
    0x004011be <main+142>:  mov    edx,DWORD PTR [ebp-0x10]
    0x004011c1 <main+145>:  mov    eax,DWORD PTR [ebp-0x8]
    0x004011c4 <main+148>:  add    eax,edx
    0x004011c6 <main+150>:  mov    DWORD PTR [ebp-0xc],eax
    0x004011c9 <main+153>:  mov    edx,DWORD PTR ds:0x40200c
    0x004011cf <main+159>:  mov    eax,DWORD PTR [ebp-0xc]
    0x004011d2 <main+162>:  mov    DWORD PTR [esp+0x10],eax
    0x004011d6 <main+166>:  mov    eax,DWORD PTR [ebp-0x10]
    0x004011d9 <main+169>:  mov    DWORD PTR [esp+0xc],eax
    0x004011dd <main+173>:  mov    eax,DWORD PTR [ebp-0x8]
    0x004011e0 <main+176>:  mov    DWORD PTR [esp+0x8],eax
    0x004011e4 <main+180>:  mov    DWORD PTR [esp+0x4],edx
    0x004011e8 <main+184>:  mov    DWORD PTR [esp],0x4020a0
    ---Type <return> to continue, or q <return> to quit---
    0x004011ef <main+191>:  call   0x4012c8 <printf>
    0x004011f4 <main+196>:  mov    DWORD PTR ds:0x40200c,0x5
    0x004011fe <main+206>:  mov    DWORD PTR [ebp-0x10],0x6
    0x00401205 <main+213>:  mov    DWORD PTR [ebp-0xc],0x7
    0x0040120c <main+220>:  mov    eax,ds:0x40200c
    0x00401211 <main+225>:  mov    DWORD PTR [ebp-0x8],eax
    0x00401214 <main+228>:  mov    edx,DWORD PTR ds:0x40200c
    0x0040121a <main+234>:  mov    eax,DWORD PTR [ebp-0xc]
    0x0040121d <main+237>:  mov    DWORD PTR [esp+0x10],eax
    0x00401221 <main+241>:  mov    eax,DWORD PTR [ebp-0x10]
    0x00401224 <main+244>:  mov    DWORD PTR [esp+0xc],eax
    0x00401228 <main+248>:  mov    eax,DWORD PTR [ebp-0x8]
    0x0040122b <main+251>:  mov    DWORD PTR [esp+0x8],eax
    0x0040122f <main+255>:  mov    DWORD PTR [esp+0x4],edx
    0x00401233 <main+259>:  mov    DWORD PTR [esp],0x4020a0
    0x0040123a <main+266>:  call   0x4012c8 <printf>
    0x0040123f <main+271>:  mov    edx,DWORD PTR ds:0x40200c
    0x00401245 <main+277>:  mov    eax,DWORD PTR [ebp-0xc]
    0x00401248 <main+280>:  mov    DWORD PTR [esp+0x10],eax
    0x0040124c <main+284>:  mov    eax,DWORD PTR [ebp-0x10]
    0x0040124f <main+287>:  mov    DWORD PTR [esp+0xc],eax
    0x00401253 <main+291>:  mov    eax,DWORD PTR [ebp-0x8]
    0x00401256 <main+294>:  mov    DWORD PTR [esp+0x8],eax
    0x0040125a <main+298>:  mov    DWORD PTR [esp+0x4],edx
    ---Type <return> to continue, or q <return> to quit---
    0x0040125e <main+302>:  mov    DWORD PTR [esp],0x4020a0
    0x00401265 <main+309>:  call   0x4012c8 <printf>
    0x0040126a <main+314>:  mov    eax,0x0
    0x0040126f <main+319>:  add    esp,0x4
    0x00401272 <main+322>:  pop    ecx
    0x00401273 <main+323>:  pop    ebp
    0x00401274 <main+324>:  lea    esp,[ecx-0x4]
    0x00401277 <main+327>:  ret
    End of assembler dump.
    (gdb)
    However, I wanted to know was there any alternative method to pin point or find the root of cause?

    Thank you.
    Last edited by deathhex; May 6th, 2010 at 22:32.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Looks like your stack pointer is getting munged at the end.

  5. #5
    deathhex
    Guest
    The actual problem were:

    Code:
    0x0040113e <main+14>:   sub    esp,0x4
    and

    Code:
    0x0040126f <main+319>:  add    esp,0x4
    where by I have to change "sub esp, 0x4" to "sub esp, 0x18"

    and

    change "add esp, 0x4" to "add esp, 0x18".

    Can anyone recommend any disassembler or debugger beside gdb, ollydbg and IDA pro?

    Thank you.
    Last edited by deathhex; May 17th, 2010 at 10:09.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Quote Originally Posted by deathhex View Post
    Can anyone recommend any disassembler or debugger beside gdb, ollydbg and IDA pro?
    If you have source code, Visual Studio's debugger is pretty good.
    What functionality are you looking for that isn't already provided by OllyDbg or IDA?

  7. #7
    deathhex
    Guest
    Quote Originally Posted by disavowed View Post
    If you have source code, Visual Studio's debugger is pretty good.
    What functionality are you looking for that isn't already provided by OllyDbg or IDA?
    Hello disavowed,

    Thank you for the information that you have provided.

    Is there a something like VMware with real time disassemble or debugger? It would be cool if we are executing the entire application or system and get to see all the registries, frames and etc etc.

    On the other hand, I noticed that both Ollydbg and IDA PRO didn't break at the main() function on most binary executable application. However, mostly it break at the beginning (entry point) of the code segment. (PS: Sorry for my noobish, correct me if I am wrong).

    Thank you.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Bochs has an internal debugger like that. But you might be better off just using a kernel debugger like WinDbg instead.

  9. #9
    deathhex
    Guest
    Quote Originally Posted by disavowed View Post
    Bochs has an internal debugger like that. But you might be better off just using a kernel debugger like WinDbg instead.
    Thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Protected Mode Segmentation as a powerful anti-debugging measure
    By j00ru vx tech blog in forum Blogs Forum
    Replies: 1
    Last Post: June 19th, 2011, 06:56
  2. Kgm1 crackme - gdb segmentation fault
    By Xgrzyb90 in forum The Newbie Forum
    Replies: 1
    Last Post: October 25th, 2010, 09:00
  3. [Ollydbg] how to break at main() function just like GDB?
    By deathhex in forum The Newbie Forum
    Replies: 4
    Last Post: May 17th, 2010, 04:12
  4. Linux/Unix/Cygwin/Bash.exe
    By WaxfordSqueers in forum Linux RCE
    Replies: 19
    Last Post: April 6th, 2008, 23:53
  5. Cygwin
    By diazpi in forum Linux RCE
    Replies: 1
    Last Post: November 27th, 2005, 17:22

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •