GDB print stl (ex. std::vector) with no debug symbols

Question

While I was trying to reverse engineer my c++ code I came up with the problem of wanting to print my std::vector elements in the debugger (gdb).

One of my teammates suggested to

p *(std::vector *)0x7fffffffe210

But then I get

No symbol "std" in current context.

Which is an error generated due to the absence of debug symbols. I am aware that windbg has pre-build structs (accessed by the "dt" command).

Is there any already built solution or how can I build my own structs for gdb?

Thanks!

My testing code is a simple

std::vector<int>

gdb prints vectors etc. with Python pretty printers, you may want to study them. Failing that, build a little shared library with debug symbols and a few containers, and arrange it to call your main() with LD_PRELOAD. — n. m. could be an AI, Oct 22 '18 at 16:13
@n.m. Thank you for your answer I added a complete solution for the next "wanderer" :) — ItsYou, Oct 23 '18 at 15:52

score 2 · Answer 1 · answered Oct 23 '18 at 03:59

2

Is there any already built solution or how can I build my own structs for gdb?

This answer shows how to add debug symbols to existing GDB session.

As n.m. suggested, you could also achieve this by preloading a library that uses std::vector<int> and is compiled with debug symbols, but that's not really necessary.

answered Oct 23 '18 at 03:59

Employed Russian

199,314
34
295
362

Thank you for your answer I added a complete solution for the next "wanderer" :) – ItsYou Oct 23 '18 at 15:52

ItsYou · Accepted Answer · 2018-10-23T17:41:42.653

This answer could not be achieved without the tips of @Employed Russian and @n.m. + one more guy so please upvotes to them :)

Have in mind that I am trying to reverse the binary so access to the source code does not exist

Step 1: Create a shared Library

//g++ -shared -g -fPIC  preload.cpp -o preload.so
#include <iostream>
#include <vector> 

static __attribute__((constructor)) void init(void)
{
    std::vector<int> vect2 (4,1); 
    vect2.push_back(1); //Just be sure of the compilation

    printf("Hi\n"); //Simple debug (std::cout results to segfault)
}

Step 2: open your binary in gdb

gdb ./test
(gdb) set environment LD_PRELOAD  /path/to/preload.so

Step 3: locate your pointer and access it

(gdb) print *('std::vector<int, std::allocator<int> >' *) 0x7fffffffe1e0
$8 = std::vector of length 3, capacity 3 = {1, 3, 2} //w00t!

How did I find that std::vector<int, std::allocator<int> > is the correct pointer ? (also bare in mind the quotes)

Find the type of the vector ex. from IDA and create a sample binary with this type but with debug symbols (-g) enabled. Open the binary with gdb and take a look on how he translates it ex. (function push_back with <int> vector)

   0x00005555555552f9 <+83>:    movl   $0x1,-0x4c(%rbp)
   0x0000555555555300 <+90>:    lea    -0x4c(%rbp),%rdx
   0x0000555555555304 <+94>:    lea    -0x70(%rbp),%rax
   0x0000555555555308 <+98>:    mov    %rdx,%rsi
   0x000055555555530b <+101>:   mov    %rax,%rdi
   0x000055555555530e <+104>:   callq  0x555555555598 <std::vector<int, std::allocator<int> >::push_back(int&&)>
   0x0000555555555313 <+109>:   movl   $0x2,-0x48(%rbp)
   0x000055555555531a <+116>:   lea    -0x48(%rbp),%rdx
   0x000055555555531e <+120>:   lea    -0x70(%rbp),%rax

Thats it have fun !

GDB print stl (ex. std::vector) with no debug symbols

2 Answers2