I'm trying to debug a relatively simple OS using QEMU and GDB. The problem is that the bootloader loads the OS executable and then randomly relocates the OS code and data pages to different parts of memory. This is to implement the Address Space Layout Randomisation (ASLR) security feature.
The OS executable has been built with debug symbols, so in theory, I just need to tell the GDB debugger where these symbols are in memory. However, because they have been randomly relocated, I have no idea where they are.
Are there any GDB commands or scripts I can use to find the different parts of the executable in memory? Maybe based on code fingerprinting?
However, because they have been randomly relocated, I have no idea where they are.
There are two usual approaches to this:
Are there any GDB commands or scripts I can use to find the different parts of the executable in memory?
Yes, you can use the GDB find command if you there is a known byte sequence you are looking for.