7

I am trying to analyze a crackme file.

When I open it with gdb, I firstly set its SIGTRAP handler with, e.g., int80.SIGTRAP handler address 0x8011111.

I caught it through catch syscall signal in gdb. And, there are some traps in the application, some int3 interactions.

0x80abcde - int3

My gdbinit file is set like this:

b * 0x80abcde
commands 1
call (void)0x8011111(5)
continue
end

Is this okay for emulation or do I need to still push the calling address on the stack ?

perror
  • 19,083
  • 29
  • 87
  • 150
Eren Yagdiran
  • 171
  • 2

1 Answers1

6

You could use the handle command instead, to pass the signal to the application. Maybe with something like:

handle SIGTRAP nostop print pass

GDB will:

  • Not stop on SIGTRAP
  • Pass it to the application
  • Tell you when it get a SIGTRAP
jvoisin
  • 2,516
  • 16
  • 23
  • i have 2 questions also.When i change the handle , how could i stop on my own breakpoints ? HW bps are ok for this ? When i changed the handle like you said , gdb prints "Program terminated with SIGTRAP" , what do you think about this ? – Eren Yagdiran Oct 29 '13 at 17:20