I was messing around with SoftwarePassport and Amit Singh’s tiny executable to find out why GDB doesn’t breakpoint in those two executables. I thought it was due to incomplete headers, but GDB can’t also breakpoint into nicertiny, which has the segment/section added (otool/otx problems can be fixed by manually adding the missing section – there is enough padding space in the header to do that so SoftwarePassport developers might want to fix that).
Anyway, I decided to use the int3 trick to see if GDB was able to breakpoint and it worked. But then I wanted to manually fix the code – restore the original byte and point EIP to the correct address – and GDB didn’t allowed me to. You get a “Value being assigned to is no longer active.” error message. Web searching for the problem, and there is a small patch at https://bugzilla.redhat.com/attachment.cgi?id=313103&action=diff. I tried it and it works! The problem isn’t exclusive with these two binaries but happens if you stop at the beginning of a function and GDB is missing stack frame information. So it’s a very useful fix. I have also included in this patch the fix for LIBICONV problem, as described here. If you don’t want to compile GDB yourself, I’m including the (fat) binary, compiled in Snow Leopard, 32 and 64 bit.
Enjoy!
fG!
all_patches_v0.2.patch.gz
SHA256(all_patches_v0.2.patch.gz)= e9e113b583f6eeea47025fce612028ca76b63386cc35d6fcda5bb7c9a705814f
gdb-i386-apple-darwin.gz
SHA256(gdb-i386-apple-darwin.gz)= 5ed41b093cd451b55bf35b6f103a9879c1e224f4721647c82757f8aee21293fb