Search for a pointer to a single-user postmart in GDB (C ++)

Question

Search for a pointer to a single-user postmart in GDB (C ++)

I am doing a posthumous analysis of a broken program. I am on Linux (Ubuntu 12.04, x86), the code is written in C ++. The program uses some singletones that may contain valuable information. Is it possible to find a pointer to a singleton instance if it was created as follows:

SingletonType& SingletonType::getInstance(){ static SingletonType* instance = new SingletonType(); return *instance; }

And if possible, how is this done in GDB?

+4

c ++ linux gdb postmortem-debugging

techshack Jul 16 '13 at 14:43

source share

3 answers

show modules ¹ should probably tell you the base addresses, and instance , being statically distributed, should be visible in some objdump / nm report. Yes, hairy math.

An alternative would be to parse SingletonType::getInstance() and see which effective address loads in the initialization / return path.

¹ Mmm can't find the exact match that I remember. info sharedlibrary will provide you more information.

+3

sehe Jul 16 '13 at 14:52

source share

this is what i am doing and inside the kernel with gdb:

 (gdb) info var instance

this will display all the addresses of all singleton instances, among which you will find one of SingletonType

 0x86aa960 SingletonType::getInstance()::instance

Now that I have the address, you can print the reverse memory of your instance:

 (gdb) p *((SingletonType*)0x86aa960)

0

ellysisland May 09 '17 at 9:13

source share

tfk · Accepted Answer · 2013-07-16T15:41:03+0000

Run gdb with the main file and run the command

 disassemble SingletonType::getInstance

In my test program, I found the instruction mov 0x<addr>, %eax at the end of the method. A print *(*(SingletonType**) <0xaddr>) should print the contents of your singleton structure.

Search for a pointer to a single-user postmart in GDB (C ++)

More articles: