add documentation, detection, and auto-magic solution for ASLR crash launching drrun under gdb

[derekbruening]

Split from #47: see the comment there about crashing when we launch inside gdb with early injection and how we have to run "set disable-randomization off". This issue covers adding docs, auto-detecting in the child and warning and exiting before we crash, auto-detecting in the parent and warning, and ideally an auto-magic solution (via the gdb python script?)

[derekbruening]

For reference:

** DONE i#1676: add documentation, detection, and auto-magic solution for ASLR crash launching drrun under gdb
   CLOSED: [2015-04-09 Thu 21:14]
   - State "DONE"       from "TODO"       [2015-04-09 Thu 21:14]

# gdb --args bin64/drrun -debug -- ls
GNU gdb (GDB) Fedora 7.7.1-21.fc20
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from bin64/drrun...done.
(gdb) run
Starting program: /work/dr/git/build_x64_dbg/bin64/drrun -debug -- ls
process 4185 is executing new program: /work/dr/git/build_x64_dbg/lib64/debug/libdynamorio.so.5.0
Loading gdb scripts for debugging DynamoRIO...
Error parsing gdb version (Fedora 7.7.1-21.fc20)
This version of gdb does not support breakpoints from Python.  Libraries loaded by DynamoRIO will not be automatically registered with gdb.

Program received signal SIGSEGV, Segmentation fault.
0x000055555584cc18 in privload_early_inject (sp=0x7fffffffdf60, old_libdr_base=0x0, old_libdr_size=0)
    at /work/dr/git/src/core/unix/loader.c:1614
1614        dynamo_options.early_inject = true;
(gdb) p &dynamo_options.early_inject
$1 = (bool *) 0x555555b323ab <dynamo_options+5035>

Ah, it's the ASLR thing.  Quoting from above (and i#47):

  The solution is to run 'set disable-randomization off'. When ELF early
  injection is more prevalent, this should go into our .gdbinit file and
  HowToDebug.

[derekbruening]

Further info:

Program received signal SIGSEGV, Segmentation fault.
0x000055555584ff78 in privload_early_inject (sp=0x7fffffffdf90, old_libdr_base=0x0, old_libdr_size=0)
    at /work/dr/git/src/core/unix/loader.c:1781
1781        dynamo_options.early_inject = true;
=> 0x55555584ff78 <privload_early_inject+103>:  movb   $0x1,0x13b3(%rax)
(gdb) x/8wx $rax+0x13b3
0x715e33b3:     Cannot access memory at address 0x715e33b3

it is holding the wrong address
it has the addr assuming preferred base of 0x71*
when dr is at:
555555554000-555555911000 r-xp 00000000 fd:03 2237232 /work/dr/git/build_x64_dbg/lib64/debug/libdynamorio.so.5.0

proof that gdb's address is no help here:

(gdb) p &dynamo_options
$3 = (options_t *) 0x555555b36000 <dynamo_options>

   0x000055555584ff71 <+96>:    mov    0x2e4ed0(%rip),%rax        # 0x555555b34e48
=> 0x000055555584ff78 <+103>:   movb   $0x1,0x13b3(%rax)
(gdb) x/4wx 0x555555b34e48
0x555555b34e48: 0x715e2000      0x00000000      0x711adcc0      0x00000000

GOT abs addr deref