GDB 用法之参数输入

逆向时碰到 getopt_long 函数，要进入while循环里调测一下，使用 set args -ac，这里的-不能丢，否则getopt_long返回-1。

 80491a2:    e8 19 fd ff ff           call   8048ec0 <getopt_long@plt> */

    char *option = "aAcGhH:npglsuUVZ";
    int var_44 = 0;
    while ((var_44 = getopt_long(argc, argv, option, buff_d8, NULL) != -1) {
        switch (var_44) {
            case 'u':
                break;
        }
    }
    // je 80493d1

 /*80491a7:    83 f8 ff                 cmp    $0xffffffff,%eax    // eax=-1    // eax=-1, zf=1
 80491aa:    0f 84 21 02 00 00        je     80493d1 <tigetstr@plt+0x381>    // yes , zf=1, jump
 80491b0:    83 e8 41                 sub    $0x41,%eax                    // eax=eax-0x41
 80491b3:    83 f8 34                 cmp    $0x34,%eax                    // eax=eax-0x34
 80491b6:    0f 87 87 01 00 00        ja     8049343 <tigetstr@plt+0x2f3>    // (CF or ZF)=0, jump
 80491bc:    ff 24 85 c0 ba 04 08     jmp    *0x804bac0(,%eax,4)
 80491c3:    c7 05 b0 d1 04 08 01     movl   $0x1,0x804d1b0

以上是反汇编代码节选，开始参数设置。

1.在调用 getopt_long 的地方打断点

b *0x80491a2

2.设置参数

set args -ac

3.查看参数

show args

4.执行

run

操作如下：
(gdb) b *0x80491a2
Breakpoint 1 at 0x80491a2

(gdb) set args aA  
(gdb) show args
Argument list to give program being debugged when it is started is "aA".
(gdb) run
The program being debugged has been started already.
Start it from the beginning? (y or n) y
(gdb) n
0x080491a7 in main ()
=> 0x080491a7 <main+327>:    83 f8 ff    cmp    $0xffffffff,%eax
(gdb) n
0x080491aa in main ()
=> 0x080491aa <main+330>:    0f 84 21 02 00 00    je     0x80493d1 <main+881>
(gdb) n
0x080493d1 in main ()
=> 0x080493d1 <main+881>:    8b 45 08    mov    0x8(%ebp),%eax 

设置参数失败，因为没有-  。

(gdb) set args -ac
(gdb) show args
Argument list to give program being debugged when it is started is "-ac".
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y

Breakpoint 1, 0x080491a2 in main ()
=> 0x080491a2 <main+322>:    e8 19 fd ff ff    call   0x8048ec0 <getopt_long@plt>
(gdb) n
0x080491a7 in main ()
=> 0x080491a7 <main+327>:    83 f8 ff    cmp    $0xffffffff,%eax
(gdb)
0x080491aa in main ()
=> 0x080491aa <main+330>:    0f 84 21 02 00 00    je     0x80493d1 <main+881>
(gdb)
0x080491b0 in main ()
=> 0x080491b0 <main+336>:    83 e8 41    sub    $0x41,%eax
(gdb) p/x $eax
$3 = 0x61
 

成功进入 while 循环。

还有其他的方式，简单写一下，都差不多。

1. gdb --args ./exe -ac 

或

2. gdb ./exe

    run -ac