How does a debugger like GDB work
Posted 31 July 2008 - 08:05 PM
I've been wondering how the internals of gdb, and similar debuggers, work. How do they "attach" themselves to programs? (I know they read a certain sector of memory that the program is occupying, but how do they find this certain sector of memory? Are there some OS-specific system calls?) Also, I know downloading the "debug info" for a program allows you to debug it, but what information does the debug info contain?
I don't know much about assembly (and I don't know if that makes a difference) but I'm starting to learn; in the meantime I'm just curious as to how these debugging programs work.
Some links to information about this would be helpful; I'm not finding much on Google. Thanks in advance.
Posted 31 July 2008 - 08:19 PM
Posted 31 July 2008 - 09:47 PM
Debugging symbols contain and name, location, and type information for variables and functions throughout the binary. The debugger unravels the call stack frame by frame by looking at the stack pointer (stored in a special register which varies from platform to platform) and performs some pointer arithmetic to determine the parent of the current function. Without debug information, it will only be able to display hexadecimal addresses and such, with debugging symbols it will be able to display detailed information about the functions that have been called and the variables that have been passed into them. The debug info also allows the program to associate the current instruction with a particular line of code (if the source code is available to the debugger.)
BinRev is hosted by the great people at Lunarpages!