GDB Error trying to run Adobe Reader opening a PDF file

aleff

New Member
Joined
Sep 13, 2022
Messages
12
Reaction score
0
Credits
120
Hello dear, I'm trying to use GDB (GNU Debbugger) to debug the execution of Adobe Reader 8 installed on Windows XP SP3 through GDB installaed with MinGW.
I tried to open the file using adobe reader in the cmd with the intent to fine a command line valid for gdb and i found the following:
"C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe" "C:\Documents and Settings\aleff\Desktop\malicious.pdf"

That works becouse it will open correctly the file using Adobe Reader, but if i try to use this command into gdb invocation it will crash.
At the moment I'm using the following command line:
C:\MinGW\bin\gdb.exe "C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe"

Then i use set args malicious.pdf that permite me to pass the malicious file (the pdf) as an argument readable from Adobe Reader at execution time.

The output that i receive is the following
6 - error.png


Then i see an Adobe Reader window but not loaded completly.
The pdf file is generated with the use of metasploit exploit exploit/windows/fileformat/adobe_utilprintf
 


This seems to have nothing to do with Linux.
I fear that you have posted to the wrong forum.
You would be better to go to a Windows forum.
 
This seems to have nothing to do with Linux.
I fear that you have posted to the wrong forum.
You would be better to go to a Windows forum.
yeah it is true that i am working on windows but i thought someone could help me since i'm working with gdb... however i understand that i'm in the wrong place :-/
 
Usually after a program has crashed in gdb you’d issue the bt command to get a back-trace. (Or bt full , for a complete back-trace). Then you can see the call stack at the time of the crash and investigate the state of the stack frames and the variables inside.

However, as the application is Adobe reader AND the crash appears to be occurring in the visual studio C++ runtime AND you don’t have the source code to either of those binaries, you’re going to be dealing purely with assembly/machine code. So debugging the problem isn’t going to be easy!

The crash is occurring in a call to memset in the Visual C++ runtime. So it looks like a memory allocation error that is causing a segmentation fault.

But if you look at the call stack, you’ll need to find the last stack frame that references Adobe Reader. That’s the part of the Adobe Reader binary that is causing the crash.

I haven’t done a huge amount of debugging without source-code available. But from the little I have done - it’s pretty challenging!
 

Members online


Latest posts

Top