协议
参考https://sourceware.org/gdb/current/onlinedocs/gdb/Remote-Protocol.html
gdbserver打印数据包:--remote-debug
lldbserver打印数据包:--log-file stdout --log-flags 8388608
call stack是根据各架构指令特点来解析的
call api是set context方式运行的
po指令定义函数,临时编译成shellcode执行
packet format
$packet-data#checksum 单个包
$sequence-id:packet-data#checksum 分包
+ 传输正常
- 传输错误
域分隔符 , ; :
需要转义 } $ } *
packet-data format
! 扩展模式
A arglen,argnum,arg,... 传入参数
B addr,mode 设置断点
bc Backwardcontinue
bs Backwardsinglestep
c [addr] Continueat addr
C sig[;addr] Continue with signal sig
D Detachgdb from system
D;pid Detachgdb from process
F RC,EE,CF;XX File I/O Operation
g Readgeneral registers
G XX… Writegeneral registers
H op thread-id Set thread for subsequent operations
i [addr[,nnn]] Step the remote target by nnn clock cycles
I Signalthen cycle step
m addr,length Read memory
M addr,length:XX... Write memory
p n Readthe value of register n
P n...=r... Writethe value of register n
q name params... General Query Package
Q name params...
r Resetsystem
R XX Restartprograme
s [addr] Singlestep resuming at addr
S sig[;addr] Step with signal
t addr:PP,MM Search backwards
T thread-id Findout if the thread is alive
vAttach;pid Attach to a new process
vCont[;action[:thread-id]]... Resume inferior
vCont? Requesta list of actions
vCtrlC Interrupremote target
vFile:operation:parameter... Perform file operation
vKill;pid Killprocess
vRun;filename[;argument]... Run the program
vStopped
x addr,length Read data from memory
X addr,length:XX... Write data to memory
z type,addr,kind Remove breakpoint or watchpoint
Z type,addr,kind Insert breakpoint or watchpoint
z0,addr,kind Remove software breakpoint
Z0,addr,kind[;cond_list...][;cmds:persist,cmd_list...] Insert software breakpoint
z1,addr,kind Remove hardware breakpoint
Z1,addr,kind[;cond_list...][;cmds:persist,cmd_list...] Insert hardware breakpoint
z2,addr,kind write watchpoint
Z2,addr,kind write watchpoint
z3,addr,kind read watchpoint
Z3,addr,kind read watchpoint
z4,addr,kind access watchpoint
Z4,addr,kind access watchpoint
{ARM Z0/Z1 kind=>2=16bitthumb mode bp kind=>3=32bit Thumb-2mode bp kind=>4=32bit ARM mode bp}
stop reply format
? 停止原因
S AA receivedsignal
T AA n1:r1;n2:r2;... received signal
W AA process exited
W AA ; process:pid
X AA process terminated
X AA ; process:pid
w AA ; tid thread exited
N nothead dead
O XX...
F call-id,parameter... which host system call shold becalled
query packet format
QAgent:1 turnon helper
QAgent:0 turnoff helper
QAllow:op:val... query operation(op=WriteRe/WriteMem/InsertBreak/InsertTrace/InsertFastTrace/Stopval=0/1)
qC 获取当前线程id
qCRC:addr,length Compute CRC checksum of block of memory
QDisableRandomization:value
qsThreadInfo
qfThreadInfo 获取线程id
qGetTLSAddr:thread-id,offset,lm
qGetTIBAddr:thread-id windows tib
qL startflag threadcount nextthread obtain thread info from RTOS
qOffsets
qThreadExtraInfo
QNonStop:1
QNonStop:0
QCatchSyscalls:1 [;sysno]...
QCatchSyscalls:0
QPassSignals: signal [;signal]...
QProgramSignals: signal [;signal]...
QThreadEvents:1
qRcmd,command
qSearch:memory:address;length;search-pattern search hex
QStartNoAckMode request remote stub disable ‘+/-‘
qSupported [:gdbfeature [;gdbfeature]... ]
qSymbol::
qSymbol:sym_value:sym_name
qThreadExtraInfo,thread-id extra thread description
lldb定义包
A, // Program arguments packet
qfProcessInfo,
qsProcessInfo,
qC,
qEcho, 用于同步
qGroupName,
qHostInfo,
qLaunchGDBServer,
qQueryGDBServer,
qKillSpawnedProcess,
qLaunchSuccess,
qModuleInfo,
qProcessInfoPID, 进程信息
qSpeedTest,
qUserName,
qGetWorkingDir,
qFileLoadAddress,
QEnvironment,
QLaunchArch,
QSetDisableASLR,
QSetDetachOnError,
QSetSTDIN,
QSetSTDOUT,
QSetSTDERR,
QSetWorkingDir,
QStartNoAckMode,
qPlatform_shell,
qPlatform_mkdir,
qPlatform_chmod,
vFile_open,
vFile_close,
vFile_pread,
vFile_pwrite,
vFile_size,
vFile_mode,
vFile_exists,
vFile_md5,
vFile_stat,
vFile_symlink,
vFile_unlink,
ages
QEnvironmentHexEncoded,
QListThreadsInStopReply,
QRestoreRegisterState,
QSaveRegisterState,
QSetLogging,
QSetMaxPacketSize,
QSetMaxPayloadSize,
QSetEnableAsyncProfiling,
QSyncThreadState,
QThreadSuffixSupported,
jThreadsInfo,
qsThreadInfo,
qfThreadInfo,
qGetPid,
qGetProfileData, proflie
qGDBServerVersion, gdb version
qMemoryRegionInfo, memory block info
qMemoryRegionInfoSupported,
qProcessInfo, processinfo
qRcmd,
qRegisterInfo,
qShlibInfoAddr,
qStepPacketSupported,
qSupported,
qSyncThreadStateSupported,
qThreadExtraInfo,
qThreadStopInfo,
qVAttachOrWaitSupported,
qWatchpointSupportInfo,
qWatchpointSupportInfoSupported,
qXfer_auxv_read,
jSignalsInfo,
vAttach,
vAttachWait,
vAttachOrWait,
vAttachName,
vCont,
vCont_actions, // vCont?
stop_reason, // '?'
c,
C,
D,
g,
G,
H,
I, // stdin notification
k,
m,
M,
p,
P,
s,
S,
T,
x,
X,
Z,
z,
_M, mallocmemory
_m, freememory
notify, // '%' notification
实例
例:lldb初始化通信记录
+ 同步
QStartNoAckMode 无应答模式
QThreadSuffixSupported
QListThreadsInStopReply
qHostInfo 进程信息
vCont 类型
qVAttachOrWaitSupported
qC 当前线程
? 暂停原因
qProcessInfo
qRegisterInfo0->65 寄存器信息
p0;thread:557 指定线程指定寄存器值
qShlibInfoAddr 获取_dyld_all_image_infos基址
...........解析各个macho结构和符号表........
qThreadStopInfo
qMemoryRegionInfo 内存块查询
gdb通信纪录
+ 同步
qSupported:multiprocess+;swbreak+;hwbreak+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+;xmlRegisters=i386 查询扩展特性
+ 同步
QStartNoAckMode 无应答模式
+ 同步
QProgramSignals:
Hgp0.0
qXfer:features:read:target.xml:0,fff 获取系统信息及寄存器内部数据
qXfer:features:read:32bit-linux.xml:0,fff 获取特殊寄存器
qXfer:auxv:read::0,1000
QNonStop:0
qTStatus
qTfV
qTsV
?
qXfer:threads:read::0,fff 读取线程信息
qAttached:640 读取第I个线程
qXfer:exec-file:read:640:0,fff
qXfer:libraries-svr4:read::0,fff 读取模块