Connect to an lldb/gdb server

[NeoZ16]

I'm trying to use the debugger to connect to an lldb or gdb server.
Does not really matter which one at the moment.
Server is running in a Android VM and connecting with a lldb or gdb session does work.

I tried using the local agent via GADP/TCP option with the Agent interface adress and Agent TCP port set to the values that I used for testing if connecting works at all.
But this does not work. Even if I do not start the remote server it crashes with this message: Could not connect: java.lang.RuntimeException: Agent terminated with error: (DebuggerConnectDialog).
I feel like I'm misunderstanding something here. Is connecting to a debugging server even possible?

[d-millar]

@NeoZ16 It is possible, but not in the way that you're attempting. The option names confuse a lot of people, and we're open to suggestions as to how to make it clearer if you have any....

So, just by way of background, the purpose of the GADP agents is two-fold: (1) to prevent crashes in the native debugger clients from taking down the Ghidra Java VM, and (2) to enable scenarios where the host platform on which you're running Ghidra proper does not support the native libraries required by the debugger. For example, you could run Ghidra locally on a macos host and connect to a Ghidra agent that wraps the dbgeng API on a remote Windows machine.

Your scenario is not actually that. Why - because the lldb or gdb server you're starting up in the Android VM does not speak GADP, which is our custom protocol. Gdbserver, the lldb debugserver, and lldb-server all speak variants of Remote Serial Protocol (RSP), a protocol developed originally for gdb only but adopted by various platforms. We have atttempted direct comms using RSP in the past, but that road is fraught with peril to say the least. RSP is basically a suggestion, not a standard, and the variations in its implementation make direct RSP comms unmanageable.

That said, you have several options that should work, although I will caveat this with the comment that many of the lldb options, in particular, have bugs in the current release. You may be better off building from source if that is an option.

So,options:
(1) for gdb, use the Targets window to start a gdb session. (IN-VM is the slightly less complicated and possibly more performant option if you're not worried about crashing your VM.) This should launch an Interpreter window. From there, use the normal CLI for a remote connection, e.g. "target remote host:port". Make sure when you connect that the Targets dialog is pointing to a version of gdb that supports Android, e.g. gdb-multiarch or the equivalent.
(2) for lldb, use the Targets windows to start lldb, open the Connector node in Objects, select "Connect to server", and then launch using the "Launch (X)" button. If "Auto" is selected in that dialog, lldb will attempt to use the host and port specified to connect immediately. Alternatively, leave it unselected, wait for the Intepreter window to open, and issue the command "gdb-remote host:port". NB: the state upon connect may be a little weird. You may need to try setting the "Async" button on or off, you may need to send an interrupt after connecting, and you may need to "Force all memory" from the Regions window to get the Dynamic View to work.
(3) if you have a variant of gdb that you know connects correctly to your target, you can use "gdb vis ssh" to launch an instance of that gdb without the need for a intervening Ghidra agent, and then connect via "target remote".

We have done some preliminary work on a JDWP client for Dalvik, but it's definitely in need of some care and feeding, so caveat emptor there.

Let us know if you run into trouble with any of the above. We're interested in this as a use case and eager to iron out bugs.

[NeoZ16]

@d-millar
First of all thanks for the quick answer! Now it works perfectly fine! If I run into any crashes or bugs I'll let you know.
I'll probably try lldb first and if that is to buggy switch to gdb.

As for the names, yes I think that I was confused me.
The IN-VM option made it sound to me as if it somehow just used a gdb instance IN-VM to debug it on the local machine. But I'm really not sure how this could be changed for more clarity.
Maybe the GADP/TCP options could be a bit more detailed, that they connect against another server that runs GADP.

I just reread the documentation and if I would've read it a little bit more carefully I think I could've avoided that mistake.
It might be a good idea to explain the different options and what they do in the documentation?

Also maybe having some example that shows the how using the IN-VM option and the interpreter could help. Maybe I overlooked it, but I couldn't really find any examples or tutorials for this.

[d-millar]

Agreed - the docs could definitely stand more detailed examples. Appreciate the feedback!

[NeoZ16]

@d-millar
Hey I was just playing around a bit and apparently if I try to start an IN-VM lldb session, I get the following exception:

Could not initialize class jdk.proxy2.$Proxy52
java.lang.NoClassDefFoundError: Could not initialize class jdk.proxy2.$Proxy52
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
	at java.base/java.lang.reflect.Proxy.newProxyInstance(Proxy.java:1053)
	at java.base/java.lang.reflect.Proxy.newProxyInstance(Proxy.java:1039)
	at ghidra.util.datastruct.ListenerMap.<init>(ListenerMap.java:212)
	at ghidra.util.datastruct.ListenerSet$1.<init>(ListenerSet.java:59)
	at ghidra.util.datastruct.ListenerSet.<init>(ListenerSet.java:59)
	at ghidra.util.datastruct.ListenerSet.<init>(ListenerSet.java:49)
	at agent.lldb.manager.impl.LldbManagerImpl.<init>(LldbManagerImpl.java:96)
	at agent.lldb.manager.LldbManager.newInstance(LldbManager.java:58)
	at agent.lldb.model.impl.LldbModelImpl.<init>(LldbModelImpl.java:70)
	at agent.lldb.LldbInJvmDebuggerModelFactory.build(LldbInJvmDebuggerModelFactory.java:41)
	at ghidra.app.plugin.core.debug.service.model.DebuggerConnectDialog.connect(DebuggerConnectDialog.java:242)
	at java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1972)
	at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2313)
	at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405)
	at java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262)
	at java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:279)
	at java.desktop/java.awt.Component.processMouseEvent(Component.java:6626)
	at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3389)
	at java.desktop/java.awt.Component.processEvent(Component.java:6391)
	at java.desktop/java.awt.Container.processEvent(Container.java:2266)
	at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5001)
	at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2324)
	at java.desktop/java.awt.Component.dispatchEvent(Component.java:4833)
	at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4948)
	at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4575)
	at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4516)
	at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2310)
	at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2780)
	at java.desktop/java.awt.Component.dispatchEvent(Component.java:4833)
	at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:773)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:722)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:716)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:97)
	at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:746)
	at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:744)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
	at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:743)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:117)
	at java.desktop/java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:191)
	at java.desktop/java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:236)
	at java.desktop/java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:234)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
	at java.desktop/java.awt.WaitDispatchSupport.enter(WaitDispatchSupport.java:234)
	at java.desktop/java.awt.Dialog.show(Dialog.java:1080)
	at java.desktop/java.awt.Component.show(Component.java:1728)
	at java.desktop/java.awt.Component.setVisible(Component.java:1675)
	at java.desktop/java.awt.Window.setVisible(Window.java:1036)
	at java.desktop/java.awt.Dialog.setVisible(Dialog.java:1016)
	at docking.DockingDialog.setVisible(DockingDialog.java:353)
	at docking.DockingWindowManager.lambda$doShowDialog$6(DockingWindowManager.java:1769)
	at ghidra.util.Swing.doRun(Swing.java:292)
	at ghidra.util.Swing.runNow(Swing.java:208)
	at ghidra.util.Swing.runNow(Swing.java:163)
	at docking.DockingWindowManager.doShowDialog(DockingWindowManager.java:1773)
	at docking.DockingWindowManager.showDialog(DockingWindowManager.java:1722)
	at docking.AbstractDockingTool.showDialog(AbstractDockingTool.java:158)
	at ghidra.app.plugin.core.debug.service.model.DebuggerModelServicePlugin.doShowConnectDialog(DebuggerModelServicePlugin.java:694)
	at ghidra.app.plugin.core.debug.service.model.DebuggerModelServiceProxyPlugin.showConnectDialog(DebuggerModelServiceProxyPlugin.java:273)
	at ghidra.app.services.DebuggerModelService.showConnectDialog(DebuggerModelService.java:357)
	at ghidra.app.plugin.core.debug.gui.target.DebuggerTargetsProvider$ConnectAction.actionPerformed(DebuggerTargetsProvider.java:110)
	at docking.menu.ToolBarItemManager.lambda$actionPerformed$0(ToolBarItemManager.java:129)
	at java.desktop/java.awt.event.InvocationEvent.dispatch$$$capture(InvocationEvent.java:318)
	at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java)
	at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:771)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:722)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:716)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
	at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:741)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
	at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

---------------------------------------------------
Build Date: 2022-Nov-15 1249 EST
Ghidra Version: 10.2.2
Java Home: /usr/lib/jvm/java-17-openjdk-amd64
JVM Version: Private Build 17.0.5
OS: Linux 5.19.0-29-generic amd64

Any idea what the reason for this could be?

[d-millar]

@NeoZ16 Hmmm, that's almost but not quite the error in #4884. Did you get any errors during the swig build process (see Ghidra/Debug/Debugger-swig-lldb/InstructionsForBuildingLLDBInterface.txt)?

[NeoZ16]

@d-millar Im not building myself. I downloaded 10.2.2 from the GitHub Release.

[d-millar]

@NeoZ16 For lldb to work, you HAVE to build the code yourself unless your version is an exact match for the liblldb.dylib and lldb installed on your box.

[d-millar]

more specifically, you have to run "gradle generateSwig" and "gradle build" in Ghidra/Debug/Debugger-swig-lldb after setting the relevant environment variables.

[NeoZ16]

@d-millar
Now I'm trying to build it by myself. My LLVM_HOME points to /usr/lib/llvm-15 which was installed via apt. I cloned the project from GitHub and started with gradle -I gradle/support/fetchDependencies.gradle init .
When I run gradle generateSwig I get following error:

> Configure project :
OS: Linux
Arch: amd64 (gradle: x86-64)
Using platform: linux_x86_64

> Task :Debugger-swig-lldb:generateSwig FAILED
Debugger-swig-lldb: using LLVM_HOME=/usr/lib/llvm-15
/ghidra/ghidra/Ghidra/Debug/Debugger-swig-lldb/src/llvm-project/lldb/bindings/java/java.swig:13: Error: Unable to find 'macros.swig'
/ghidra/ghidra/Ghidra/Debug/Debugger-swig-lldb/src/llvm-project/lldb/bindings/java/java.swig:14: Error: Unable to find 'headers.swig'
/ghidra/ghidra/Ghidra/Debug/Debugger-swig-lldb/src/llvm-project/lldb/bindings/java/java.swig:21: Error: Unable to find 'interfaces.swig'

FAILURE: Build failed with an exception.

* Where:
Script '/ghidra/ghidra/Ghidra/Debug/Debugger-swig-lldb/buildNatives.gradle' line: 41

[d-millar]

@NeoZ16 Apologies - I definitely need to learn to be more explicit in my answers....

First off, you do NOT need to rebuild Ghidra from source to get the lldb interface working, but you DO need to build the JNI wrapper, i.e. you need to build the portion of Ghidra that lives in Ghidra/Debug/Debugger-swig-lldb. That said, if you wish to build Ghidra from source, I would do that first, i.e. don't set LLVM_HOME, run "gradle -I gradle/support/fetchDependencies init", run "gradle build", and make sure everything else is working first.

Before building the lldb piece, I would also recommend reading the InstructionsForBuildingLLDBInterface.txt file a couple of times (it's a little confusing) and maybe looking through some of the relevant posts in Issues and Discussions, e.g. #4937.

To your specific case, LLVM_HOME needs to be set to the source repository for lldb. You do NOT have to build llvm/lldb, but I would highly recommend cloning the relevant repos, checking out "release/14.x", and setting LLVM_HOME to the root of that project. LLVM_BUILD can point either to a local build of lldb or any install via apt or brew, but should be where "lib/liblldb.so" or "lib/liblldb.dylib" lives. JAVA_HOME, of course, should point to where Java lives, on Linux typically something like "/usr/lib/jvm/java-17-openjdk-amd64", i.e. it contains "bin/java".

Once you have the env variables set, you need to run "gradle generateSwig", copy or move the resulting files per the instructions (depending on whether you're in a distro or source), and the "gradle build".

Let us know if you get stuck!

[NeoZ16]

@d-millar
I actually did not know that there were instructions for that, but it was quite easy the follow them!

So the library is compiled now and I actually got the IN-VM lldb session.
I tried to Connect to server as described by you in an earlier answer.

(2) for lldb, use the Targets windows to start lldb, open the Connector node in Objects, select "Connect to server", and then launch using the "Launch (X)" button. 

But this option does not even show for me. Is this a version problem? (I'm still using build 10.2.2 downloaded from the releases page.)

[d-millar]

@NeoZ16 Hmmm, yes, I had thought the option made it into 10.2.2, but apparently not. 10.2.3 is imminent (for some definition of imminent), or, if you're feeling brave, you can build from Ghidra from the current source (which has the option added). The big issue is that, unlike with gdb, you have to do a little finagling to get the Interpreter started for a remote connection, and without that you have no way of starting the connection. If you want to go the build route, the instructions on the GitHub page are pretty straightforward - certainly clearer than the SWIG instructions which you've already survived! :)

[d-millar]

sigh - I think I was wrong about the changes making it into 10.2.3. You may have to try the source.

[NeoZ16]

Ok thanks, then I'll probably try and do that!

[d-millar]

Just to confirm, 10.2.3 won't resolve the problem (10.3 should, but...). You will probably have to build from source to get the benefit of recent changes. This is pretty straightforward, but yell if you get stuck.