I want to add some extra funcionality to /bin/ls.
So I started it on gdb and added a breakpoint at the beginning.Now question is: how can I change the code of a running program in memory? I can see the assembly code, but I'm not able开发者_JS百科 to modify. How can I do it?
On Windows I can easily do this with olldbg for example. How about on Linux?
(I know that doing this I will only change the code of the process in memory. So then I can dump memory to a file, and then I'll have my changes saved in a binary file).
Thank you.
You can write binary to memory directly but GDB doesn't have an assembler build in by default you can however do something like set *(unsigned char*)0x80FFDDEE = 0x90
to change the mnemonic at that address to a NOP for example. You could however use NASM to write a shellcode and use perl or python to inject it into the program :)
You might also like this little .gdbinit file to make debugging allot easier: https://gist.github.com/985474
I would recommend a different approach: Download the coreutils package and modify the source code for ls
. If possible, you should get the package from your distro's source repositories and apply any patches.
compile code
command
Introduced around 7.9, it allows code compilation and injection. Documentation: https://sourceware.org/gdb/onlinedocs/gdb/Compiling-and-Injecting-Code.html
I have given a minimal example in this answer.
While it is not actual code modification, it does allow you to compile some code on the fly and run it once immediately, which might be enough.
And the GNU cauldron presentation suggests that actual code modification may be added later on as an extension to this feature, see slide 30 "Fix and continue".
There are a few constructs that did not work as I expected like return
, so I've asked why at: In the GDB compile code command, what language constructs behave exactly as if they were present in the original source?
You can use gcc-plugin to write an extension to modify your coed and add any additional functionality in easy way during compilation process. if you work on machine level code, you should use binary instrumentation tools like Pin and Dyninst to instrument your binary file on the disk. however, if the overhead is important issue, you should work carefully with such tools.
精彩评论