The following will teach you how to debug both MAMBO and an application running under MAMBO, using gdb. This is a useful skill to have if you wish to contribute to the development of MAMBO, or are developing complex plugins.
You will need gdb installed on the system.
- Run MAMBO with gdb
gdb ./dbm. Note that this launches gdb with the MAMBO binary. - Run the application under MAMBO after running gdb:
run binary-to-run. For example, to run ls:run /bin/ls.
Tip
Arguments for the application can be passed directly to gdb using the --args flag, e.g. gdb --args ./dbm /bin/ls.
To inspect MAMBO internals such as the scanner or dispatcher, simply set a breakpoint at the required line. For example, to break when scanning a new aarch64 basic block: break arch/aarch64/scanner_a64.c:scan_a64. Now run the application as before.
You will now see gdb break within the scanner.
To step through the scanner line by line, type: layout src. This will switch to a view displaying the source code. Step through using n.
You can find the start address of a basic block by stepping through the scanner as described above.
Typing print start_address will print the starting address of the current basic block. Similarly, print basic_block will print the number of the current basic block being scanned.
To inspect a basic block as it is constructed (or any other time), type disassemble <start-address>, <start-address>+<offset>. This will print out the instructions at this range of memory.
Alternatively, you can follow execution out of the scanner and back into the code cache by stepping through instructions until you reach the code cache. Note, that there is no source code available to display here, because this code is not internal to MAMBO, rather it is generated by scanning basic blocks from the loaded binary. Type layout asm to switch to an assembler view of memory and step through the code cache using ni to step instruction by instruction.