GDB problem solved!

Hi!

I have found a way of making gdb run without disabling guard.dll.

You have to add gdb to the Image Execution Control exclusion list.

You do this Comodo->Defense±>Advanced->Image Execution Control Settings->Exclusions->Add->Browse…
Select gdb.exe and your problems are gone. GDB should now work perfectly…

P.S. If there is already a similar topic, I’ll remove this one.

Does anyone know if this is still amongst the possibilities in CIS 5? The only way I can get to run gdb is to permanently disable D+, which is not what I would call an optimal solution (maybe, if it didn’t require a reboot to set or unset that setting, but now…)

Hey there :slight_smile:

Peki, you have good solution and the only one if something is giving buffer overflow. I have looked at the manual and I would recommend you, Jasper, to look what each option in monitor means (this where you find it CIS —> Defense+ —> Defense+ Settings —> Monitoring Settings).

the manual

I hope this will help Jasper

Have a nice day!

Regards,
Valentin

Jasper. From your topic:

Let me rephrase the question I originally asked:

As this was written for another version, the options described aren’t there in CIS 5. However, I have found something that looks similar, but doesn’t solve the problem for me.
Can someone verify if this doesn’t work on CIS5? And if it does work, could that person tell me what he or she did, so I can do the same?

Hey Jasper :slight_smile:

I have googled abit and I haven’t really understood what this exe file is. could you to tell what it is. I ask because I want to see if I can give you more accurate information.

Thanks understanding.

Regards,
Valentin

GCC is the compiler collection that powers basically any Linux distribution (actually, it’s the GNU Compiler Collection and what’s commonly referred to as Linux is actually the linux kernell in combination with GNU). It is widely used and few compilers enjoy as much use. A windows port exists by the name of MinGW.

GDB is the debugger that goes with GCC. Basically, when you write a program, if you compile it with GCC, you can use GDB to find out why it’s crashing. (But yeah, I suppose you do know what a compiler does). So it does indeed have some deep hooks into the programs you are running - but this is exactly what you want your debugger to do.

I think I have found the solution - you shouldn’t add gdb to the “Image Execution Control exclusion list” but you should add the executable you are trying to debug to the list. This lets you debug it without a problem.

Note also that the execution list is path-based, which means that you can recompile and then debug your new executable without the need to change your exception list.

Jasper, you are right. I had these problems - Program received signal SIGSEGV, Segmentation fault. – when my compiler, actually Lazarus, uses GDB as debugger.

Then I have put lazarous.exe, gdb.exe and the fullpath to my projects folder in the Exclusions list of Image Execution Control Settings in the Defense+ configurations. My version of Comodo is 5.0 (up to date).

Everything is OK now.

Posted by: peki      on: 07-11-2009, 16:10:46 
Name: peki Posts: [b]1[/b] (0.002 per day) Position: Newbie Date Registered: 07-11-2009, 16:02:36 Last Active: [b]28-11-2009[/b], 07:12:01

I recently reinstalled my OS (Win7x64). Never had Problems so far… but now my GDB gets Segmentation Fault due to the guard32.dll, which is in jected in every Process.

Now Im trying to fix this, but somehow cannot find this Image-Execution optin in my Defense+ Tab…
Is there some Expert-Mode I need to activate previously?
I use 5.3.176[…]

Thanks!

Hey and warm welcome to comodo forums tester90!

Here is where you find here CIS —> Defense+ —> Defense+ Settings —> Execution control Settings —> Detect shellcode injections (i.e. Buffer overflow protection) —> Exclusions —> Add —> Browse….

if this doesn’t help let me know.

Regards,
Valentin N

Thanks very much for your fast answer. I added gdb, codeblocks and console_runner to the exclusions and restarted my system. Sadly I still encounter the same problem. And I cannot find the mentioned “lazarous.exe” neither in my Codeblocks nor in my System directory.
Any Ideas?.. :confused:

I will come the next post with an other solution.

  1. CIS → Defense+ → Computer Security Policy → Protected Files and Folders → Groups → Add → New Group… Now click once on “add files here” and Add then Add → Select Fromand → Browse… and add find the wanted folder

  2. CIS → Defense+ → Computer Security Policy → Add → Select → File Groups and make mark “Use a Predefined Policy” and select “Trusted program”

  3. CIS → Defense+ → Computer Security Policy → select Comodo Internet Securiy and press edit → Customize → Interprocess Memory Accesses → Modify → Add → File Groups → select the wanted group.

=====================================================================================

Look if they are in trusted files (CIS—> Defense+ —> Trusted files). If they aren’t then add them.

=====================================================================================

Regards,
Valentin N

oookay did it (even though I added every file in my C::B-Folder to Trusted files by myself).
Sadly I was unable to perform step 3 - since im using the Firewall only (with “optimized” Defense+ settings).
Still debugging leads to a segmentation fault in guard32.dll. :-[
Im testing if i can attach gdb manually to the process…

//edit:
I can execute the programs, but i have to jump over the segmentation fault… so im able to work, but its kind of annoying, to click before i reach the breakpoint i’ve set.

Maybe there is an other way to fix this.

You don’t need to add any of those. The catch is that instead, you should add the file you are trying to debug.

edit: nor do you need any of the trusted settings. All you need is the file you are debugging on the list so it doesn’t get injected.

I was guessing, that this would be a solution. But there must be a way to automate this process…!?
Before re-setting-up my OS i never had this Problem - it might have been a older Comodo-version though…

Hello to Jasper, Valentin, Migueal, tester…

I also have problem with SIGSEGV message when running a new program with gdb.exe under lazarus.
I then ran gdb.exe through windows cmd.exe, and found out the dgb.exe detected problem with guard32.dll. (Running dgb.exe under lazarus does not show this level of detail).

I tried all of your suggestions, and I have come up with the following steps that works for me.
I am using Comodo version 5.3.

Step 1. (Make a group of folder that contains the gdb’s working directory, and your program’s directory). This is the most elaborate part).

CIS → Defense+ → Computer Security Policy → Protected Files and Folders → Groups.

You are now in File Groups. Click Add → A New Group.

Give the new group a name (I used “lazarus GDB” but you can name it anything you want). Click Apply.

You are back in File Groups. Find the new group in the list and select “add files here” underneath. Then Click Add → Browse.

Find the gdb.exe directory in the treeview presented and select it. (In my case, I selected “c:\lazarus\mingw\bin*”). Do not select gdb.exe itself.

Find the directory of your program that dgb.exe debugs and select it. Do not select the program itself. For example, I have “c:\lazarus-projects*”, I did not select “c:\larazus-projects\project1.exe”.

Click Apply. Now you have a group of folders (not group of files).

Step 2. Add the group you have created to “Protected Files and Folders”.

CIS → Defense+ → Computer Security Policy → Protected Files and Folders → Add → File Groups.

You should be able to find the Group of Folders that you just created (In my case, “Lazarus GDB”).

Select it, so that you can go to Step 3.

Step 3. (Add to the Exclusion List). The Image Execution Control Settings have been relocated and renamed. In my version of Comodo, it is under…

CIS → Defense+ → Defense+ Settings → Execution Control Settings.

There is a button “Exclusions” next to “Detect Shellcode Injections (i.e. Buffer Overflow Protection)”. Click it.

The Exclusion list comes up. Click Add → File Groups. Pick the Group of Folders you created. Click Apply.

Back in Defense+ Settings. Click OK.

All done.

With this I have no problem with SIGSEGV … so far. Hope it helps.

If it works, credit goes to all of you who have all supplied the bits of information that led to this.
I have attached a pdf of the forum for you to see my comments. No disrepect intended, and I appreciate your comments / feedbacks.

[attachment deleted by admin]

Roland2011: If that works for you, that’s great. However, from what I gather you are doing a lot of things of which exactly one is equivalent to what I did (except for the fact that you used a folder instead of just the executable - as my projects don’t necessarily reside in the same place it was little extra effort to add every new executable I want to debug).

Basically, adding "c:\larazus-projects" to the Image Execution Control exclusions you should get the exact same result you are getting now, it’s basically one of the things you do this way and as far as I know, it’s the job that does the trick.