Sign in to follow this  
Followers 0
Spyril

How does a debugger like GDB work

4 posts in this topic

Hi,

I've been wondering how the internals of gdb, and similar debuggers, work. How do they "attach" themselves to programs? (I know they read a certain sector of memory that the program is occupying, but how do they find this certain sector of memory? Are there some OS-specific system calls?) Also, I know downloading the "debug info" for a program allows you to debug it, but what information does the debug info contain?

I don't know much about assembly (and I don't know if that makes a difference) but I'm starting to learn; in the meantime I'm just curious as to how these debugging programs work.

Some links to information about this would be helpful; I'm not finding much on Google. Thanks in advance.

0

Share this post


Link to post
Share on other sites

Using the ptrace() system call I believe.

0

Share this post


Link to post
Share on other sites

what functionality of the debugger are you talking about. Yes ptrace (on linux) is used in debugging allowing the debugger to attach to the process and read it's memory, interact, set breakpoints etc. in many cases. However working with interpreted languages you can embed the interpreter into a debugger and not have to attach to the process but interact directly with the interpreter.

0

Share this post


Link to post
Share on other sites

For Intel, the INT 3h instruction is used to set breakpoints. The debugger overwrites the instruction at the location where the breakpoint is to be set with INT 3h, and saves the original instruction. Then, when the program counter reaches that location, the debugger stops execution of the debugee, rewrites the original instruction back to that location where the breakpoint was and prompts the user for further action.

Debugging symbols contain and name, location, and type information for variables and functions throughout the binary. The debugger unravels the call stack frame by frame by looking at the stack pointer (stored in a special register which varies from platform to platform) and performs some pointer arithmetic to determine the parent of the current function. Without debug information, it will only be able to display hexadecimal addresses and such, with debugging symbols it will be able to display detailed information about the functions that have been called and the variables that have been passed into them. The debug info also allows the program to associate the current instruction with a particular line of code (if the source code is available to the debugger.)

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0