Casting C memory to rust data structure in a core using rust-gdb

srini38 · July 30, 2021, 6:38am

Hi,
I need to debug a core of Suricata process, which mixes C and rust. I need to walk the data structures in the core using a gdb script. Below is backtrace from a running program to illustrate what I am trying to achieve.

(gdb) bt
#0  suricata::smb::smb::SMBState::free_tx (self=0x7fffe44faec0, tx_id=0) at src/smb/smb.rs:1999
#1  suricata::smb::smb::rs_smb_state_tx_free (state=0x7fffe44faec0, tx_id=0) at src/smb/smb.rs:1999
#2  0x00005555555cbee2 in AppLayerParserTransactionsCleanup (f=0x55555699bb10) at app-layer-parser.c:992
#3  0x000055555569451b in FlowWorker (tv=0x555558645e60, p=0x7fffec26c170, data=0x7fffec2b9020, preq=0x555558b81f00,
    unused=<optimized out>) at flow-worker.c:294
#4  0x000055555571aeab in TmThreadsSlotVarRun (tv=tv@entry=0x555558645e60, p=p@entry=0x7fffec26c170,
    slot=slot@entry=0x555558603780) at tm-threads.c:149
#5  0x00005555556f302e in TmThreadsSlotProcessPkt (p=0x7fffec26c170, s=0x555558603780, tv=0x555558645e60) at tm-threads.h:148
#6  AFPParsePacketV3 (pbd=0x7ffff0206000, ppd=0x7ffff0206340, ptv=<optimized out>) at source-af-packet.c:1124
#7  AFPWalkBlock (pbd=0x7ffff0206000, ptv=<optimized out>) at source-af-packet.c:1140
#8  AFPReadFromRingV3 (ptv=<optimized out>) at source-af-packet.c:1190
#9  0x00005555556f738e in ReceiveAFPLoop (tv=0x555558645e60, data=<optimized out>, slot=<optimized out>)
    at source-af-packet.c:1583
#10 0x000055555571f051 in TmThreadsSlotPktAcqLoop (td=0x555558645e60) at tm-threads.c:375
#11 0x00007ffff67586db in start_thread (arg=0x7ffff1cd8700) at pthread_create.c:463
#12 0x00007ffff4ac771f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb) frame 1
#1  suricata::smb::smb::rs_smb_state_tx_free (state=0x7fffe44faec0, tx_id=0) at src/smb/smb.rs:1999
1999        state.free_tx(tx_id);
(gdb) p state
$19 = (suricata::smb::smb::SMBState *) 0x7fffe44faec0
(gdb) p state.transactions.len
$20 = 4
(gdb) frame 2
#2  0x00005555555cbee2 in AppLayerParserTransactionsCleanup (f=0x55555699bb10) at app-layer-parser.c:992
992             p->StateTransactionFree(alstate, i);
(gdb) p (suricata::smb::smb::SMBState *) 0x7fffe44faec0
No type "smb" within class or namespace "suricata".
(gdb) p (0x7fffe44faec0 as *mut SMBState)
A syntax error in expression, near `as *mut SMBState)'.
(gdb) frame 1
#1  suricata::smb::smb::rs_smb_state_tx_free (state=0x7fffe44faec0, tx_id=0) at src/smb/smb.rs:1999
1999        state.free_tx(tx_id);
(gdb) p (0x7fffe44faec0 as *mut SMBState)
$21 = (suricata::smb::smb::SMBState *) 0x7fffe44faec0
(gdb) p (0x7fffe44faec0 as *mut SMBState).transactions.len
$22 = 4
(gdb)

In frame 1, the type of "state" is correctly known as it's rust code. In frame 2, if I want to cast the memory at address 0x7fffe44faec0 to SMBState, so that I can walk the datastructures, how would I do it? The following does not work in frame 2 (but works in frame 1)

gdb) p (0x7fffe44faec0 as *mut SMBState)
A syntax error in expression, near `as *mut SMBState)'.

Thanks in advance for any help.

Reference:

github.com

OISF/suricata/blob/master/rust/src/smb/smb.rs

/* Copyright (C) 2017-2020 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/* TODO
 * - check all parsers for calls on non-SUCCESS status
 */

This file has been truncated. show original

srini38 · August 2, 2021, 5:58am

srini38:

In frame 1, the type of "state" is correctly known as it's rust code. In frame 2, if I want to cast the memory at address 0x7fffe44faec0 to SMBState, so that I can walk the datastructures, how would I do it? The following does not work in frame 2 (but works in frame 1)
gdb) p (0x7fffe44faec0 as *mut SMBState)
A syntax error in expression, near `as *mut SMBState)'.
Thanks in advance for any help.

I was able to use "set language rust" to force GDB to decode the memory as a rust object. Hope this helps others

(gdb) set language rust
Warning: the current language does not match this frame.
(gdb) p (0x7fffe44faec0 as *mut suricata::smb::smb::SMBState).transactions.len
$31 = 4
(gdb) p (0x7fffe44faec0 as *mut suricata::smb::smb::SMBState).transactions
$32 = alloc::vec::Vecsuricata::smb::smb::SMBTransaction {buf: alloc::raw_vec::RawVec<suricata::smb::smb::SMBTransaction, alloc::alloc::Global> {ptr: core::ptr::unique::Uniquesuricata::smb::smb::SMBTransaction {pointer: 0x7fffe44fb3a0, _marker: core::marker::PhantomDatasuricata::smb::smb::SMBTransaction}, cap: 4, alloc: alloc::alloc::Global}, len: 4}
(gdb)

system · October 31, 2021, 5:59am

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.

Topic		Replies	Views
Getting rust pretty-printer to work in a process core that used both C and rust programming language help	1	221	September 10, 2023
Trying to cast memory address as rust HashMap in gdb help	3	386	September 5, 2023
Debugging a code produced by rustc with GDB help	8	4904	January 12, 2023
Learning Rust by writing a Z80 emulator (blog post series) announcements	18	7155	January 12, 2023
Emacs, gdb and Rust tutorial? help	1	692	January 12, 2023

Casting C memory to rust data structure in a core using rust-gdb

Related Topics