basic commands
b <label>
b *<addr>
ni
stepidynamic reveng
x/16xg memaddr
info registers
info functions
p <function> # get address of function
p/x $register # get hex in register
disassem [function] # no params will disassem main/current func
setflag ZF 0/1
set $rdi = 4input data
run <ARGV>
set args # clear args
run < in.bin # pipe into stdinflush stdout
call fflush(0)
python buffer overflow generation
with open('in.bin', 'wb') as f:
f.write(b'A' * 13)
t = 0x555555555169
f.write(t.to_bytes(8, byteorder='little'))modifying program flow with args
set $rdi=2
j get_flag # same as set rip + continuegdb compilation with no safety
gcc -Og -fno-stack-protector -z execstack -o bufferoverflow bufferoverflow.c
# optionally, `-g` adds debugging symbols
# the other commands ensure there is no stack canary and allow stack overflows