101

I typically run my program with:

perl -e 'print "A"x200' | ./vuln_prog

The stdin is consumed by a gets() function in C++.

If this were just a command argument, I could open gdb by doing:

gdb ./vuln_prog
run $(perl -e 'print "A"x200')

However, my scenario is not a command argument, but rather input (STDIN?). How would I debug this in gdb? I've tried a bunch of options, but nothing seems to really work.

I would normally just run gdb on the process, and when it prompts for user input, type it in, however I'm not wanting to type just "A". I want to type all chars from \x00-\xff, which I can't type.

Improve this question
5
  • Why are you using gets? I mean sometimes it's acceptable (like if you're just writing a quick program to test something, or if the program will only be run with trusted input) but I'm curious. Commented Sep 19, 2016 at 22:33
  • It was not my code. It was for a fun reverse engineering challenge, where the code was provided. Commented Sep 20, 2016 at 12:28
  • Oh okay. Was gets intentionally used because it was vulnerable, like as part of a possible solution to the challenge? Commented Sep 21, 2016 at 2:38
  • @flarn2006 Indeed it was the vulnerable function. I was able to do a buffer overflow due to it not bound-checking. Commented Sep 21, 2016 at 14:02
  • 8
    r < <(perl -e 'print "A"x200') (as the question is closed, not as answer) Commented May 6, 2019 at 20:07

1 Answer 1

Reset to default
129 
gdb ./vuln_prog
run < filename_with_input
Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

Does the have a lldb equivalent?
@ThomasAhle For lldb equivalent stackoverflow.com/questions/29861242/…
@iAdjunct I saw in another question that you can use the bash syntax, i.e., "run < <(bunzip file.bz2)"
is there any way to pipe without writing to file?
@Shinlos I'm still trying to figure out how this syntax works, but I believe, run < <(python3 ~/exploit.py) will work if you're trying to pipe in the output of exploit.py into the program you're currently stepping in gdb.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.