Skip to content

Instantly share code, notes, and snippets.

@rodnt

rodnt/gdb.md

Created September 11, 2023 10:36
Show Gist options
  • Save rodnt/46585e73658ec6f90fbf8ea7c9f7324c to your computer and use it in GitHub Desktop.
Save rodnt/46585e73658ec6f90fbf8ea7c9f7324c to your computer and use it in GitHub Desktop.
Download ZIP
gdb - basics
Raw
gdb.md

How to use GDB (Basics)

  • Load the program
    • gdb <program>
  • Run the program
    • run
    • run with arguments
      • run arga argb argc ..
  • Breakpoint
    • break *main
    • list the breakpoints
      • info break
    • delete break point
      • del break 1
    • breakpoint to a memory location
      • break *0x0001310101

set breakpoints on raw memory locations is not a god practice. Because, of ASRL. Instead, you can specify the location of functions by the offset. Example, if the name of the function if foo, you can reference using break *foo + the address

  • Set variables

    • set $my_var = $rsi
    • p $my_var
    • set $rax = 0 ( we can set values in the debugger)

  • Take a look of registers

    • info reg
    • Just look the assembly instructions run it, just one register
      • p $rax
    • Exame the register, you can "deference" the value given to a register
      • x/i $rip (x - exame | i - instruction)
      • Exame 10(ten) instructions on $rip ( get the assembly code )
        • x/10i $rip

  • disassemble main

    • get all assembly code at main
      • disas main
    • disassemble only one function
      • disas <function_name>

  • Step into

    • si (get into the functions)

  • Next instruction

    • ni (not get into the functions)

  • Finish

    • runs the functions at the current address

  • You can get information using the minus (-) notation. To ge the address from instructions that have already executed

    • x/8i $rip - 0x10

  • You can call the funtions directly with

    • call (void)foo()

  • Change the display of instructions using the display command

    • display x/4i $rip
      • exame 4 instructions of $rip

  • Print giant hex values

    • x/4gx $rsp

  • Print sign numbers

    • x/4d $rsp

  • Print unsing numbers

    • x/4u $rsp

  • Print address begging on $rsp

    • x/4a $rsp

  • Print $rsp as a number

    • p/d $rsp

  • Print $rsp as a address

    • p/d $rsp

  • deference a value using print, to get a value p *(long *) $rsp

    • p/a *(long *) $rsp

  • GDB store the value of things that you print as variable with $ printf "%lx\n", $3

Running scripts with GDB

You can create a file in you $HOME called .gdbinit and set yout configuration like:

set disassembly-flavor intel

  • Run scripts

    gdb -x script.gdb <program>

  • File: script.gdb

        b* main
        run foo
  • You can execute a serie of commands when the breakpoints are hit (condtional hook)
b *main
commands
    silent
    p $rip
end
run foo

You can install plugins like GEF (https://github.com/hugsy/gef)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment