6

I'm trying to debug a stack problem using GDB in an application that is using a shared library in C. This is actually GO code compiled as a shared library in C, but it is failing with a "fatal: morestack on g0" error. I'm currently debugging the assembly code at the point of failure, but I'm having issues with how the following statement is interpreted:

cmp %rsi,%fs:(%rcx)

, I know this is comparing the content in the RSI register with the content in the offset defined by FS and RCX. According to what I have investigated:

%fs:(%rcx) == value at address defined by (value in FS + value in RCX)

, but I don't know if that is totally correct and how to get the actual value using GBD.

I'm trying to get the values that is comparing to see if there is any something that can give an idea of what is causing the failure.

This is the code that i'm debugging at the point of failure: 

  0x00007f1b5cdfb840 <+0>: mov    0x331721(%rip),%rcx        # 
  0x7f1b5d12cf68
  0x00007f1b5cdfb847 <+7>: mov    %fs:(%rcx),%rbx
  0x00007f1b5cdfb84b <+11>:    mov    0x30(%rbx),%rbx
  0x00007f1b5cdfb84f <+15>:    mov    (%rbx),%rsi
  0x00007f1b5cdfb852 <+18>:    cmp    %rsi,%fs:(%rcx)
  0x00007f1b5cdfb856 <+22>:    jne    0x7f1b5cdfb862 <runtime.morestack+34>
=> 0x00007f1b5cdfb858 <+24>:    callq  0x7f1b5cdd5e10 <runtime.badmorestackg0>
  0x00007f1b5cdfb85d <+29>:    callq  0x7f1b5cdfd1d0 <runtime.abort>
  0x00007f1b5cdfb862 <+34>:    mov    0x50(%rbx),%rsi
  0x00007f1b5cdfb866 <+38>:    cmp    %rsi,%fs:(%rcx)

This is the registers values at that point: 

   (gdb) info r
rax            0xc000000600 824633722368
rbx            0xc000064000 824634130432
rcx            0xfffffffffffff5c0   -2624
rdx            0xc000072b88 824634190728
rsi            0xc000000480 824633721984
rdi            0x7f1b5cdf9f80   139755499003776
rbp            0xc000072bb8 0xc000072bb8
rsp            0x7f1b517fdac8   0x7f1b517fdac8
r8             0x0  0
r9             0xc000016570 824633812336
r10            0xc0000166d0 824633812688
r11            0x63451e0    104092128
r12            0x604d7b0    100980656
r13            0x0  0
r14            0x55b6fd0    89878480
r15            0x6059160    101028192
rip            0x7f1b5cdfb858   0x7f1b5cdfb858 <runtime.morestack+24>
eflags         0x246    [ PF ZF IF ]
cs             0x33 51
ss             0x2b 43
ds             0x0  0
es             0x0  0
fs             0x0  0
gs             0x0  0

I don't thing the memory address that I need to read is 0 + 0xfffffffffffff5c0, since reading that is returning an error.

Any suggestion is more than welcome.

Rhysio Eren
  • 61
  • 2
  • 3
    You need to get fs base. Depending on your OS, that might mean invoking a function from inside gdb such as `arch_prctl` for linux. – Jester Aug 13 '19 at 19:40
  • @Jester, i found this link with a procedure to do that: https://stackoverflow.com/questions/23095665/using-gdb-to-read-msrs, i think it is working according to my calculations i'm getting a value that makes sense – Rhysio Eren Aug 13 '19 at 21:50
  • Good job finding that. I'll close as duplicate then if you don't mind. Upvote that answer if you have not done so yet. – Jester Aug 13 '19 at 22:03

0 Answers0