Artificial truth

The more you see, the less you believe.

[archives] [latest] | [homepage] | [atom/rss]

Solving "warning: Probes-based dynamic linker interface failed." in GDB
Tue 07 March 2017 — download

I was having fun writing some php extension, when suddenly, in GDB:

$ gdb -q --args php -dextension=./src/modules/mymodule.so ./test.php
Reading symbols from php...(no debugging symbols found)...done.
gdb-peda$ symbol-file ./src/modules/mymodule.so 
Reading symbols from ./src/modules/mymodule.so...done.
gdb-peda$ b my_function
Breakpoint 1 at 0x8e17: file /home/jvoisin/Dev/mymodule/src/myfile.c, line 5.
gdb-peda$ r
Starting program: /usr/bin/php -dextension=./src/modules/mymodule.so ./test.php
warning: Probes-based dynamic linker interface failed.
Reverting to original interface.

1[Inferior 1 (process 27468) exited normally]
Warning: not running or target is remote
gdb-peda$ 

The solution is dead-simple: Don't use symbol-file on .so files that are dynamically loaded at runtime. GDB isn't clever enough to deal with this.

The right™ solution is simply to use set breakpoint pending on:

$ gdb --args php -dextension=./src/modules/mymodule.so ~/shells/shell.php
Reading symbols from php...(no debugging symbols found)...done.
gdb-peda$ set breakpoint pending on
gdb-peda$ b my_function
Function "my_function" not defined.
Breakpoint 1 (my_function) pending.
gdb-peda$ r
Starting program: /usr/bin/php -dextension=./src/modules/my_extension.so ./test.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

 [----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x7fffe2cae010 --> 0x7fffe2cad010 --> 0x10600000002 
RCX: 0x7ffff3808000 ("/home/jvoisin/Dev/my_extension/src/main.ini")
RDX: 0x7ffff3808000 ("/home/jvoisin/Dev/my_extension/src/main.ini")
RSI: 0x7ffff7e08028 ("/home/jvoisin/Dev/my_extension/src/main.ini")
RDI: 0x7ffff3808000 ("/home/jvoisin/Dev/my_extension/src/main.ini")
RBP: 0x7fffffffc940 --> 0x7fffffffc980 --> 0x7fffe63e8ce0 --> 0x7fffe61e6794 ("my_extension.configuration_file")
RSP: 0x7fffffffc910 --> 0x7ffff3800000 --> 0x7ffff3800040 --> 0x0 
RIP: 0x7fffe61def36 (<my_function+8>:   mov    rax,QWORD PTR fs:0x28)
R8 : 0x8 
R9 : 0x7ffff3800000 --> 0x7ffff3800040 --> 0x0 
R10: 0x66 ('f')
R11: 0x7fffe61def2e (<my_function>: push   rbp)
R12: 0x7ffff3b5bff0 --> 0x7ffff7e08010 --> 0x10600000001 
R13: 0x2f ('/')
R14: 0x15 
R15: 0x7fffe61e6794 ("my_module.config_var")
EFLAGS: 0x202 (carry parity adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7fffe61def2e <my_function>:    push   rbp
   0x7fffe61def2f <my_function+1>:  mov    rbp,rsp
   0x7fffe61def32 <my_function+4>:  sub    rsp,0x30
=> 0x7fffe61def36 <my_function+8>:  mov    rax,QWORD PTR fs:0x28
   0x7fffe61def3f <my_function+17>: mov    QWORD PTR [rbp-0x8],rax
   0x7fffe61def43 <my_function+21>: xor    eax,eax
   0x7fffe61def45 <my_function+23>: mov    rax,QWORD PTR [rip+0x20b974]        # 0x7fffe63ea8c0 <__gcov0.my_function>
   0x7fffe61def4c <my_function+30>: add    rax,0x1
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffc910 --> 0x7ffff3800000 --> 0x7ffff3800040 --> 0x0 
0008| 0x7fffffffc918 --> 0x7ffff3b5bff0 --> 0x7ffff7e08010 --> 0x10600000001 
0016| 0x7fffffffc920 --> 0x2f ('/')
0024| 0x7fffffffc928 --> 0x555555791c66 (<_estrdup+54>: mov    rcx,rax)
0032| 0x7fffffffc930 --> 0x7fffe2cae010 --> 0x7fffe2cad010 --> 0x10600000002 
0040| 0x7fffffffc938 --> 0x7fffe6d6e010 --> 0x7fffe61da000 --> 0x10102464c457f 
0048| 0x7fffffffc940 --> 0x7fffffffc980 --> 0x7fffe63e8ce0 --> 0x7fffe61e6794 ("sp.configuration_file")
0056| 0x7fffffffc948 --> 0x7fffe61de1c5 (<OnUpdateConfiguration+173>:   test   eax,eax)
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value

Breakpoint 1, my_function () at /home/jvoisin/Dev/my_module/src/file.c:242
242 int my_function() {
gdb-peda$