You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sometimes in my projects, when running in 64bit Linux, a 32bit process needs to have personality of PER_LINUX32_3GB.
The program switches into this mode by calling the following procedure:
proc ___SwitchLinuxTo3GBbegincmpesp,$c0000000jb .finish ; the system is 32bitmoveax, sys_personalitymovebx,-1int$80testeax, ADDR_LIMIT_3GBjnz .finish ; everything is OK.; set the needed personalitymoveax, sys_personalitymovebx, PER_LINUX32_3GBint$80testeax,eax js .finish ; and restart the processmoveax,[esp+4] ; argument countmovebx,[esp+8] ; the first argument is the name of the program.leaecx,[esp+8] ; the arguments list.leaedx,[ecx+4*eax+4] ; the environment list.moveax, sys_execveint$80 int3.finish: returnendp
As you can see, in the case of switching personality, the procedure restarts the whole process by calling sys_execve; On the second call of this procedure, it is already in the right personality and it exits through the .finish label.
But after the application restart, EDB user interface detaches from the debugged program.
However, the debugger remains attached and the user can step through the instructions or run/pause the program, but without any indication in the CPU, Data or Stack panels. All the registers are zeroed, but if their values are changed on the instructions stepping, they are updated (maybe) correctly.
I will attach a small demo program that switches to PER_LINUX32_3GB and then immediately exits:
Sometimes in my projects, when running in 64bit Linux, a 32bit process needs to have personality of PER_LINUX32_3GB.
The program switches into this mode by calling the following procedure:
As you can see, in the case of switching personality, the procedure restarts the whole process by calling sys_execve; On the second call of this procedure, it is already in the right personality and it exits through the
.finish
label.But after the application restart, EDB user interface detaches from the debugged program.
However, the debugger remains attached and the user can step through the instructions or run/pause the program, but without any indication in the CPU, Data or Stack panels. All the registers are zeroed, but if their values are changed on the instructions stepping, they are updated (maybe) correctly.
I will attach a small demo program that switches to PER_LINUX32_3GB and then immediately exits:
edb_bug_demo.zip
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: