diff options
Diffstat (limited to 'md')
| -rw-r--r-- | md/writeup.md | 1 | ||||
| -rw-r--r-- | md/writeup/using_gdb.md | 97 |
2 files changed, 98 insertions, 0 deletions
diff --git a/md/writeup.md b/md/writeup.md index 554c7b6..136b7ed 100644 --- a/md/writeup.md +++ b/md/writeup.md @@ -5,6 +5,7 @@ [Using RTLSDR](writeup/rtlsdr_usage.md) [Using mitmproxy](writeup/mitmproxy.md) [Linux syscall table](notes/syscalls.md) +[Using GDB](writeup/using_gdb.md) # Archive [Create ELF file from scratch](http://archive.main.lv/writeup/create_elf_file_from_scratch.html) diff --git a/md/writeup/using_gdb.md b/md/writeup/using_gdb.md new file mode 100644 index 0000000..9f2cbcb --- /dev/null +++ b/md/writeup/using_gdb.md @@ -0,0 +1,97 @@ +# Using GDB + +GDB is gnu debugger that excists for years and it work on any linux/bsd + supported platform. And time to time there is situation when you definetly +whant debuger, just becouse of our favorite segfaults or just becose whant +to solve at weekends evening some crackme. If you hace used some before +some DOS debugers like Borland Turbo Debuger or just debug then comparing +to gdb this are easy to use tools, and if you compare to OllyDbg then gdb is +just nightmare =]. But yea there is no other choice then that +([ald](http://ald.sourceforge.net/)). + +Will add main points that are need to know to run/debug programm. With time +more stuff will added + +## Run + +```bash +gdb [PROGRAM] +``` + +``` +(gdb) run [CMD LINE PARAMS TO PROGRAM] +``` + +## Setting breakpoints + +Setting breakpoint on speific address + +```bash +(gdb) break *0x800000 +``` + +on specific function + +```bash +(gdb) break _start +``` + +Here is more breakpoint types [Link1](http://ftp.gnu.org/old-gnu/Manuals/gdb/html_node/gdb_28.html) and [Link2](http://www.unknownroad.com/rtfm/gdbtut/gdbbreak.html) + +## Print registers + +### Intel platform + +General purpose register values + +```bash +(gdb) p $eax +(gdb) p $ebx +(gdb) p $ebp +``` + +print value in hex + +```bash +(gdb) p/x $eax +``` + + + +## Print memory + +print one byte in specific adress +```bash +(gdb) x/u *0x808080 +``` + +print array of 16 bytes in hex +```bash +gdb) x/16xu *0xffffd310 +``` + + +from register value + +```bash +(gdb) x/4xb $ebp-0xc +``` + +## Print current position instruction + +```bash +(gdb) x/i $pc +``` + +## Step + +```bash +(gdb) step +(gdb) next +``` + +### Links + +1. [http://althing.cs.dartmouth.edu/secref/resources/plt-got.txt](http://althing.cs.dartmouth.edu/secref/resources/plt-got.txt) +2. [http://ftp.gnu.org/old-gnu/Manuals/gdb/html_node/gdb_28.html](http://ftp.gnu.org/old-gnu/Manuals/gdb/html_node/gdb_28.html) +3. [http://www.unknownroad.com/rtfm/gdbtut/gdbbreak.html](http://www.unknownroad.com/rtfm/gdbtut/gdbbreak.html)
\ No newline at end of file |