Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EDB UI detach from the debugged process on process restart via sys_execve #758

Open
johnfound opened this issue Apr 11, 2020 · 1 comment
Open

EDB UI detach from the debugged process on process restart via sys_execve #758

johnfound opened this issue Apr 11, 2020 · 1 comment

Comments

@johnfound
Copy link

johnfound commented Apr 11, 2020
edited by eteran

Sometimes in my projects, when running in 64bit Linux, a 32bit process needs to have personality of PER_LINUX32_3GB.

The program switches into this mode by calling the following procedure:

proc ___SwitchLinuxTo3GB
begin
        cmp     esp, $c0000000
        jb      .finish                 ; the system is 32bit

        mov     eax, sys_personality
        mov     ebx, -1
        int     $80

        test    eax, ADDR_LIMIT_3GB
        jnz     .finish                         ; everything is OK.

; set the needed personality
        mov     eax, sys_personality
        mov     ebx, PER_LINUX32_3GB
        int     $80
        test    eax, eax
        js      .finish       

; and restart the process
        mov     eax, [esp+4]          ; argument count
        mov     ebx, [esp+8]          ; the first argument is the name of the program.
        lea     ecx, [esp+8]          ; the arguments list.
        lea     edx, [ecx+4*eax+4]    ; the environment list.

        mov     eax, sys_execve
        int     $80
        int3

.finish:
        return
endp

As you can see, in the case of switching personality, the procedure restarts the whole process by calling sys_execve; On the second call of this procedure, it is already in the right personality and it exits through the .finish label.

But after the application restart, EDB user interface detaches from the debugged program.

However, the debugger remains attached and the user can step through the instructions or run/pause the program, but without any indication in the CPU, Data or Stack panels. All the registers are zeroed, but if their values are changed on the instructions stepping, they are updated (maybe) correctly.

I will attach a small demo program that switches to PER_LINUX32_3GB and then immediately exits:

edb_bug_demo.zip

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
@eteran
Copy link
Owner

eteran commented Apr 11, 2020

Interesting, that's certainly an unaccounted for use case. We'll look into it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eteran @johnfound