From 392811864e4fc54c43d29ce2eadf8efb024963a5 Mon Sep 17 00:00:00 2001 From: FreeArtMan Date: Sat, 21 Nov 2015 18:35:44 +0000 Subject: Merged using 'Using gdb' notes --- md/writeup/using_gdb.md | 97 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 md/writeup/using_gdb.md (limited to 'md/writeup') diff --git a/md/writeup/using_gdb.md b/md/writeup/using_gdb.md new file mode 100644 index 0000000..9f2cbcb --- /dev/null +++ b/md/writeup/using_gdb.md @@ -0,0 +1,97 @@ +# Using GDB + +GDB is gnu debugger that excists for years and it work on any linux/bsd + supported platform. And time to time there is situation when you definetly +whant debuger, just becouse of our favorite segfaults or just becose whant +to solve at weekends evening some crackme. If you hace used some before +some DOS debugers like Borland Turbo Debuger or just debug then comparing +to gdb this are easy to use tools, and if you compare to OllyDbg then gdb is +just nightmare =]. But yea there is no other choice then that +([ald](http://ald.sourceforge.net/)). + +Will add main points that are need to know to run/debug programm. With time +more stuff will added + +## Run + +```bash +gdb [PROGRAM] +``` + +``` +(gdb) run [CMD LINE PARAMS TO PROGRAM] +``` + +## Setting breakpoints + +Setting breakpoint on speific address + +```bash +(gdb) break *0x800000 +``` + +on specific function + +```bash +(gdb) break _start +``` + +Here is more breakpoint types [Link1](http://ftp.gnu.org/old-gnu/Manuals/gdb/html_node/gdb_28.html) and [Link2](http://www.unknownroad.com/rtfm/gdbtut/gdbbreak.html) + +## Print registers + +### Intel platform + +General purpose register values + +```bash +(gdb) p $eax +(gdb) p $ebx +(gdb) p $ebp +``` + +print value in hex + +```bash +(gdb) p/x $eax +``` + + + +## Print memory + +print one byte in specific adress +```bash +(gdb) x/u *0x808080 +``` + +print array of 16 bytes in hex +```bash +gdb) x/16xu *0xffffd310 +``` + + +from register value + +```bash +(gdb) x/4xb $ebp-0xc +``` + +## Print current position instruction + +```bash +(gdb) x/i $pc +``` + +## Step + +```bash +(gdb) step +(gdb) next +``` + +### Links + +1. [http://althing.cs.dartmouth.edu/secref/resources/plt-got.txt](http://althing.cs.dartmouth.edu/secref/resources/plt-got.txt) +2. [http://ftp.gnu.org/old-gnu/Manuals/gdb/html_node/gdb_28.html](http://ftp.gnu.org/old-gnu/Manuals/gdb/html_node/gdb_28.html) +3. [http://www.unknownroad.com/rtfm/gdbtut/gdbbreak.html](http://www.unknownroad.com/rtfm/gdbtut/gdbbreak.html) \ No newline at end of file -- cgit v1.2.3