Send input pipe to GDB at a breakpoint rather than initially

I researched this question and the closest answer I could find is this. gdb - debug with input stream (no arguments)

I need to do exactly what this person asked, however I need to be able to send input AFTER I have already viewed a part of my program.

This is the code I am looking at in GDB

#define SECRET1 0x44
#define SECRET2 0x55

int main(int argc, char *argv[])
{
char user_input[100];

int *secret;
int int_input;
int a, b, c, d; /* other variables, not used here.*/

/* The secret value is stored on the heap */
secret = (int *) malloc(2*sizeof(int));

/* getting the secret */
secret[0] = SECRET1; secret[1] = SECRET2;

printf("The variable secret’s address is 0x%8x (on stack)\n", &secret);
printf("The variable secret’s value is 0x%8x (on heap)\n", secret);
printf("secret[0]’s address is 0x%8x (on heap)\n", &secret[0]);
printf("secret[1]’s address is 0x%8x (on heap)\n", &secret[1]);

printf("Please enter a decimal integer\n");
scanf("%d", &int_input);  /* getting an input from user */

printf("Please enter a string\n");
scanf("%s", user_input); /* getting a string from user */

/* Vulnerable place */
printf(user_input);
printf("\n");

/* Verify whether your attack is successful */
printf("The original secrets: 0x%x -- 0x%x\n", SECRET1, SECRET2);
printf("The new secrets:      0x%x -- 0x%x\n", secret[0], secret[1]);

return 0;
}

      

        
        
        
      

    

I am trying to perform a format string attack on my virtual machine. To do this, I need to know which address is kept secret. The program tells me this through the output with these lines

  printf("The variable secret’s address is 0x%8x (on stack)\n", &secret);
  printf("The variable secret’s value is 0x%8x (on heap)\n", secret);
  printf("secret[0]’s address is 0x%8x (on heap)\n", &secret[0]);
  printf("secret[1]’s address is 0x%8x (on heap)\n", &secret[1]);

      

        
        
        
      

    

The nature of the attack requires me to send non-ASCII hex values ​​as input for the second scanf, so I can't just type the input myself. I have done my input setup using perl here,

ramtest@ramtest-VirtualBox:/tmp$ perl -e 'print "5\x0a"; print "\x08\xb0\x04\x08%x.%x.%x.%x.%x.%x.%x";' > /tmp/input

      

        
        
        
      

    

Then I ran

$gdb ./vul_prog < /tmp/input

      

        
        
        
      

    

I got my method to work in an environment where memory randomization is disabled, since I can run the program once, look at the memory addresses, then change the perl script and just run it again. However, with memory randomization, I cannot know where the addresses will be before running it, so I will need to see the part of the program that tells me the addresses are being run before I create and submit my input.

I tried to do it in the way that seemed the most intuitive, but I just get a syntax error.

Starting program: /home/ramtest/Downloads/vulprog 
The variable secret’s address is 0xbfffefd8 (on stack)
The variable secret’s value is 0x 804b008 (on heap)
secret[0]’s address is 0x 804b008 (on heap)
secret[1]’s address is 0x 804b00c (on heap)
Please enter a decimal integer
1
Please enter a string

Breakpoint 2, 0x0804858f in main ()
(gdb) c > /tmp/input
A syntax error in expression, near `> /tmp/input'.
(gdb) c < /tmp/input
A syntax error in expression, near `< /tmp/input'.

      

        
        
        
      

    

Is it possible to set a breakpoint in GDB before I am prompted for input and then send the / tmp / input information as input?

If so, how can I do this?

Any help would be appreciated.