TransWikia.com

GDBserver on Qemu not honoring "follow-fork-mode child"

Reverse Engineering Asked by user503997 on May 16, 2021

I am using gdb-multiarch version 9.1 on Ubuntu to connect to a qemu-mipsel-static version 4.2.0 running a MIPS application which daemonizes itself with fork(), and which is running the built-in gdbserver. Here is the relevant GDB output:

Breakpoint 5, 0x7f5bb874 in daemon () from ./lib/libc.so.0

The next instruction is jalr to fork

(gdb) si
0x7f5738e0 in fork () from ./lib/libc.so.0

Now we are in fork(), let’s check the state of follow-fork-mode

(gdb) show follow-fork-mode 
Debugger response to a program call of fork or vfork is "child".

Everything looks good, let’s finish the function and check our return value

(gdb) finish
Run till exit from #0  0x7f5738e0 in fork () from ./lib/libc.so.0
0x7f5bb87c in daemon () from ./lib/libc.so.0
(gdb) p $v0
$7 = 119052
(gdb) # what

The PID indicates we are still attached to the parent process

One Answer

From the docs:

On most systems, GDB has no special support for debugging programs which create additional processes using the fork function. When a program forks, GDB will continue to debug the parent process and the child process will run unimpeded. If you have set a breakpoint in any code which the child then executes, the child will get a SIGTRAP signal which (unless it catches the signal) will cause it to terminate.

On some systems, GDB provides support for debugging programs that create additional processes using the fork or vfork functions. On GNU/Linux platforms, this feature is supported with kernel version 2.5.46 and later.

Could it be that your kernel version is too low?

You can also try catch fork/vfork/exec commands.

Answered by Igor Skochinsky on May 16, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP