edb-debugger icon indicating copy to clipboard operation
edb-debugger copied to clipboard

Published 20 hours ago verified publisher icon eteran

Preserve breakpoints across debuggee restart

Open 10110111 opened this issue 8 years ago • 8 comments

Pressing Ctrl+F2 (or choosing Debug->Restart) currently is (mostly) equivalent to killing the process and launching it again. In particular, the breakpoints are lost on such restart. It'd be useful if they could be preserved.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

10110111 avatar Apr 02 '16 11:04 10110111

Right. Now that we have session files this is doable, but has a little bit of trickiness to it:

  1. ASLR, we need to make sure to store breakpoints as offsets from a region's start instead of absolute addresses. We probably should store a hash of each region that has a BP so we can detect if it changed and therefore should not restore BPs.
  2. This is the trickier part. Not all libraries are loaded on start, and with the ptrace API, there is no "event" for library was just loaded like there is on Windows... But there is a solution.

By the time we get to "main", there is a "debug pointer" that is set by ld (see Debugger::next_debug_event for some code which attempts to identify it).

One of the things that this pointer refers to is a place in memory which will be jumped to via a call instruction on each library load event. So we need to place an internal BP there and treat hitting that as a library load event. It's not pretty, but it'll work :-).

eteran avatar Apr 04 '16 13:04 eteran

So once we have the library load hooked, my current thoughts for how to store breakpoints would look like this:

{
    [
        {
            "module" : "/lib64/ld-2.21.so",
            "checksum" : "<MD5>",
            "breakpoint_offsets" : [ "1234", "5678", "9abc" ... ]
        }
    ]
}

Addresses in hex as strings so we don't lose precision converting between floats and values. This would support multiple regions and their offsets and we can detect if the module changed (letting us warn during restoration).

I think this'll cover our needs, but first thing's first, gotta finish implementing load library hooks on linux.

eteran avatar Apr 06 '16 21:04 eteran

What do you mean by floats? Addresses are integers.

10110111 avatar Apr 07 '16 04:04 10110111

Exactly. But JSON numbers according to the JSON standard are floating point. So to prevent any unexpected loss of precision, we should store all addresses as strings and convert back to integer values when we read it back.

eteran avatar Apr 07 '16 23:04 eteran

+1 for adding this. It would be great if you could find the time.

ojura avatar Apr 02 '17 21:04 ojura

Any updates on this?

Anutrix avatar Jan 03 '23 21:01 Anutrix

Any update on this?

redthing1 avatar May 25 '23 20:05 redthing1

It's been a while for sure, I would love to get this done, but life has been particularly busy. We'll get there eventually though :-).

eteran avatar May 26 '23 17:05 eteran