Ticket #60 (new enhancement)
debugging module using ptrace
|Reported by:||guest||Owned by:||sam|
Description (last modified by sam) (diff)
The main function of this ptrace module is to add debugging environment. At the same time its other task is find maximum possible locations where the application may crash and to find its location.
Ptrace module can be invoked using -d option i.e Debugging. zzuf -r0.12 -d ./mypgm2
If the application program crashes the following options are shown:- 1.Single Step 2.View Variable 3.Continue stop child 4.Modify Variable 5.View Registers 6.Modify Registers 7.Process Id 8.View Instuctions 9.View EIP 10.View Error Table 11.Set BreakPoint? 12.Help
- Restart Process
These are the various debugging options and also it will show the different functions with name and its start and the end eip. This can be used for setting the breakpoint.
example:- Name Of Function Start Eip End Eip libc_csu_fini 8048900 8048904 _start 80483c0 80483f2 _fini 80489a8 80489b6 libc_csu_init 8048910 804891c i686.get_pc_thunk.bx 8048979 804897c main 8048494 80488f5 _init 8048310 8048326
It will also show
ch.pid=6506 read count=4 crash=1 seed=0 sec_count=0 rerun=1
ch.pid represents the process id of current application which is under control zzuf. sec_count represents the number of system call(or fuzzing) that has been executed. After each run these sec_count is set to zero and its value is assigned to read count. Both read count and sec_count is used for controlling the fuzzing. If sec_count is greater than read count then only fuzzing occurs.
crash represents the number of crashes that can be occur in application. rerun is incremented whenever the application is restarted after crash.
These are the various options :-
This option can be used for single stepping. It will show the eip (instruction pointer) of current statement.
This option can be used to view the content of variable. Currently it is implemented only for global variables.For this name of variable is taken as input.
3.Continue stop child
Application program stops after executing the system call (which contains fuzzing). So to continue that program this option is used.
This option can be used to modify the content of variable. Currently it is implemented only for global variables.For this name of variable is taken as input.
This option can be used for viewing the content of following registers EAX,EBX,ECX,EDX,ESI,EDI,EBP,ESP,EIP of application program.
This option can be used for modifying the content of following registers EAX,EBX,ECX,EDX,ESI,EDI,EBP,ESP,EIP of application program.
This option shows the process id of current option.
This option can be used for viewing the next few instructions.
This option will show the content of instruction pointer.
10.View Error Table
This option will show the error table. example:-
Function Name Eip main 8048635 main 804883b
It will give the name of function as well as the exact instruction pointer where the program crashes. This can be then mapped with utilities like (objdump/readelf).
This option can be used for setting the break point. This option take eip as input(as a decimal value). So it will set the break point at that instruction pointer. Note: Please try to set the break point before any system call (where fuzzing occurs). Eip of application can be taken from utilities like (objdump/readelf).
This option will show the help.
- Restart Process
This option is used to restart the application program when it crashes. If the following messages comes then give option 13 as input "Program Has Been Crashed !!!!! Please Give Option 13 so as to restart the Process" "Program Execution Is Over"
This option can terminate the whole application.
- Description modified (diff)
- Summary changed from The main function of this ptrace module is to add debugging environment. At the same time its other task is find maximum possible locations where the application may crash and to find its location. to debugging module using ptrace