Reputation: 53
Dont dump variables in gdb
Im trying to find if there is a way to hide/avoid printing variable values in case of core dump. I see when there is a core dump, when traversed through gdb, we are able to find the value of the variables which is expected, but in need of a way where this doesnt happen. I came across this particular link in my quest for my answer. But I still see the values being printed.
(gdb) p data $1 = (void *) 0x615000 (gdb)
Upvotes: 0
Views: 327
Answers (1)
Reputation: 213957
Im trying to find if there is a way to hide/avoid printing variable values in case of core dump.
The usual way to achieve that is install a signal handler for all fatal signals.
In the handler, you would zero out all secret variables, then reset the handler to SIG_DFL and re-raise the signal.
say a secret code being saved in a variable and I wouldnt want that to be let out when gdb
Certainly madvise(...MADV_DONTDUMP) in your linked answer will not achieve that.
You can use some anti-debugging techniques, such as fork() followed by ptrace attach, with the child and parent using a complicated handshake and the child only decoding secrets when it knows that it's being traced by a trusted parent.
Beware: you will have very hard time debugging your program when it goes wrong, and a sufficiently motivated attacker in control of the machine will defeat your protections anyway.
Your efforts are likely better spent elsewhere.
Upvotes: 2
Related Questions
- GDB: Do not print output of .gdbinit commands
- How do I print only the value of a variable in GDB?
- Print local variables in GDB
- Reading variables while debugging with GDB (C)
- GDB prevents errors
- Printing multiple variables in GDB?
- Printing certain variables in gdb causes execution to resume
- GDB unused variable
- Why I can't print out environment variables in gdb?
- Variable name conflict with GDB debugger