RadishRadish/
有关于在Docker远程调试各种Glibc踩的坑
Search
有关于在Docker远程调试各种Glibc踩的坑

有关于在Docker远程调试各种Glibc踩的坑

Created
May 6, 2022 04:08 AM
Tags

环境准备

起一个ubuntu:19.04的docker,把ld和libc文件拿出来
docker cp 8af:/lib/x86_64-linux-gnu/libc-2.29.so ./
docker cp 8af:/usr/lib/x86_64-linux-gnu/ld-2.29.so ./
在调试机器上运行:
LD_PRELOAD=$PWD/libc-2.29.so ./ld-2.29.so ./demo-1
 
gdb调试,这里用到patchelf对demo-1的libc和ld路径进行修改
patchelf --replace-needed libc.so.6 ./libc-2.29.so ./demo-1
patchelf --set-interpreter ./ld-2.29.so ./demo-1
效果如下所示:
pwndbg> vmmap
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
    0x555555554000     0x555555555000 r-xp     1000 0      /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/demo-1
    0x555555754000     0x555555755000 r--p     1000 0      /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/demo-1
    0x555555755000     0x555555756000 rw-p     1000 1000   /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/demo-1
    0x555555756000     0x555555758000 rw-p     2000 3000   /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/demo-1
    0x7ffff7de1000     0x7ffff7e06000 r--p    25000 0      /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/libc-2.29.so
    0x7ffff7e06000     0x7ffff7f79000 r-xp   173000 25000  /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/libc-2.29.so
    0x7ffff7f79000     0x7ffff7fc2000 r--p    49000 198000 /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/libc-2.29.so
    0x7ffff7fc2000     0x7ffff7fc5000 r--p     3000 1e0000 /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/libc-2.29.so
    0x7ffff7fc5000     0x7ffff7fc8000 rw-p     3000 1e3000 /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/libc-2.29.so
    0x7ffff7fc8000     0x7ffff7fce000 rw-p     6000 0      
    0x7ffff7fce000     0x7ffff7fd1000 r--p     3000 0      [vvar]
    0x7ffff7fd1000     0x7ffff7fd2000 r-xp     1000 0      [vdso]
    0x7ffff7fd2000     0x7ffff7fd3000 r--p     1000 0      /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/ld-2.29.so
    0x7ffff7fd3000     0x7ffff7ff4000 r-xp    21000 1000   /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/ld-2.29.so
    0x7ffff7ff4000     0x7ffff7ffc000 r--p     8000 22000  /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/ld-2.29.so
    0x7ffff7ffc000     0x7ffff7ffd000 r--p     1000 29000  /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/ld-2.29.so
    0x7ffff7ffd000     0x7ffff7ffe000 rw-p     1000 2a000  /media/psf/Home/MyFile/mac_file/glibc源码/2-29-demo/ld-2.29.so
    0x7ffff7ffe000     0x7ffff7fff000 rw-p     1000 0      
    0x7ffffffde000     0x7ffffffff000 rw-p    21000 0      [stack]
0xffffffffff600000 0xffffffffff601000 r-xp     1000 0      [vsyscall]
 
带符号调试
http://archive.ubuntu.com/ubuntu/pool/main/g/glibc/ 上下载对应版本的dbg包,
解压deb包:dpkg-deb --fsys-tarfile libc6-dbg_2.23-0ubuntu11.3_amd64.deb | tar xvf -
 
然后在gdb里面先进行远程attach,然后设置debug-file-directory
> target remote 10.211.55.2:10002
> set debug-file-directory ~/dbg-file/23/usr/lib/debug
> ls -al ~/dbg-file/23/usr/lib/debug/
总用量 20
drwxr-xr-x 5 root root 4096 Apr 22  2021 .
drwxr-xr-x 3 root root 4096 Apr 22  2021 ..
drwxr-xr-x 3 root root 4096 Apr 22  2021 .build-id
drwxr-xr-x 3 root root 4096 Apr 22  2021 lib
drwxr-xr-x 3 root root 4096 Apr 22  2021 usr
 
 
ubuntu 18.04原来gdb版本是8.1,远程glibc2.31时,识别不了这个版本的符号
gdb8.1 : glibc2.23、glibc2.27、glibc、2.29
gdb10:glibc2.31