runsisi's

technical notes

gdb 与 Python 集成

2019-01-21 runsisi#debug#python#gdb

gdb 从 7.0 版本开始提供了比较完善的 Python api 支持,通过使用这些 Python api 可以比较容易的得到被调试程序的各种信息,比如各线程的调用栈等,而通过周期性的采样个线程的调用栈,可以粗略得到调用栈中每个函数执行的所需的相对时间。gdbprof 和 gdbpmp 即利用这一原理实现的 profile 工具,gdbpmp 实际上完全基于 gdbprof,其基本原理完全一致,仅在代码实现上稍有差异。

当前的 gdbprof 和 gdbpmp 版本在运行时会有一些问题,因此 fork gdbprof 并进行了一些修改,实现对 Python2 和 Python3 的支持,提供采样频率,采样时间,百分比过滤阈值等三个参数,实现 Ctrl-C 支持,支持 profile 过程中进程退出,同时对命令行自动完成提供了支持。

代码路径

https://github.com/runsisi/gdbprof.git

使用方法

~# gdb -p pid
(gdb) source gdbprof.py
(gdb) help profile
Profile an application against wall clock time.

profile FREQUENCY DURATION THRESHOLD
FREQUENCY is the sampling frequency, the default frequency is 10hz.
DURATION is the sampling duration, the default duration is 180s.
THRESHOLD is the sampling filter threshold, the default threshold is %0.50.

(gdb) profile 10 5 0.5
..................................................

Thread: 1 (ceph-osd) - 50 samples

+ 100.00% main
  + 100.00% AsyncMessenger::wait
    + 100.00% Cond::Wait
      + 100.00% pthread_cond_wait@@GLIBC_2.3.2

Thread: 2 (log) - 50 samples

+ 100.00% clone
  + 100.00% start_thread
    + 100.00% Thread::_entry_func
      + 100.00% Thread::entry_wrapper
        + 100.00% ceph::logging::Log::entry
          + 96.00% pthread_cond_wait@@GLIBC_2.3.2
          | + 6.00% __pthread_mutex_cond_lock
          |   + 6.00% __lll_lock_wait
          + 4.00% __GI___pthread_mutex_unlock
            + 4.00% __pthread_mutex_unlock_usercnt
              + 4.00% __lll_unlock_wake

参考资料

GDB Python API

https://sourceware.org/gdb/onlinedocs/gdb/Python-API.html#Python-API

Exploring GDB’s Python API with Jupyter

https://greek0.net/blog/2018/03/30/explore_gdb_python_api_with_jupyter/

So you want to script gdb with python

https://fy.blackhats.net.au/blog/html/2017/08/04/so_you_want_to_script_gdb_with_python.html

Python scripts in GDB

https://www.wzdftpd.net/blog/python-scripts-in-gdb.html

GDB Debugging Automation with Python : Implementing a memory leak detector

https://nativecoding.wordpress.com/2016/07/31/gdb-debugging-automation-with-python/

Hi GDB, this is Python

http://download.tuxfamily.org/overclokblog/Hi%20GDB%2c%20this%20is%20python/0vercl0k_Hi%20GDB%2c%20this%20is%20python.pdf

https://github.com/0vercl0k/stuffz/blob/master/dps_like_for_gdb.py

https://github.com/longld/peda

https://github.com/jefftrull/gdb_python_api

gdbprof

https://github.com/markhpc/gdbprof

https://github.com/yangdongsheng/gdbprof

gdbpmp

https://github.com/markhpc/gdbpmp

Exploit Development and Reverse Engineering with GDB Made Easy

https://github.com/pwndbg/pwndbg