Who is it for?
1) beginner reverse engineers who know the peculiarities of reverse engineering and want to learn a debugger like GDB
2) as a hint to those who constantly work with IDA, Ghidra or any other powerful and reliable tool, but due to certain circumstances, it is easier and faster to solve the problem using GDB, and I don't really want to go into the official documentation and remember everything again
Basic commands
Running
General syntax for selecting an executable for analysis
gdb program_name
Start program execution
run | r
Join gdbserver
target remote host:port
Join the process, disconnect from it
attach PID / detach
Quit gdb
quit | q CTRL + D
Static analysis
set disassembly-flavor intel/att
,
info file
info functions | i func
asm-
disas func_name disas address
( -g3 gcc) ,
list func_name
set args show args
info proc mappings
registers
step | s
next | n
,
until | u number_of_list_string until | u *func_name+offset until | u *address
, ( , )
info args info locals info frame
info threads thread number
breakpoints
b func_name b *func_name+offset b *address
, , breakpoint
info break disable/enable breakpoint_number delete breakpoint_number ignore breakpoint_number n // n
breakpoint-
continue | c
telescope telescope $rsp+64
x, "/"
x/i - x/x - hex x/s - x/a -
x/b - 8-bit x/h - 16-bit x/w - 32-bit x/g - 64-bit
x/64bx x/i $pc
run $(python -c "print('A'*32 + '\xde\xad')") run $(echo "asdf\\xde\xad")
run <<< $(python -c "print('A1'*3)") run <<< $(echo "asdf\xde\xad")
Gdb
gdb
gdbserver host:port program
Reverse Debug
, , CFG .. , gdb Reverse Debug, .
, gdb, reverse debug
record
reverse-step reverse-next
( )
dump memory output_file start_addr end_addr
, display
display/5i $pc display/g $rax display/g $rbx display/g $rcx
GEF
gdb gef, , , . .
aslr, /
aslr aslr on/off
ASLR, Canary, PIE ..
checksec
heap chunks
,
canary
, info proc mappings
vmmap
View the register of flags and change them
flags flags -Flag_name +Flag_name
Help for finding format string vulnerabilities (setting breakpoints on them, information on found functions)
format-string-helper
Creating a pattern and finding it
pattern create 128 pattern search 0x61616167 pattern search $rbp
Search for strings by pattern
search-pattern pattern
Patching
patch byte/word/dword/qword address value
Printing an array in a format convenient for copying in python code. B parameter must be 8/16/32/64, l controls the length of the array
Example
print-format -b 64 -l 1 $rsp
To search for shellcode by pattern
shellcode search pattern shellcode get shellcode_number
Xorim values ββin memory and registers
xor display address/register size xor_key xor patch address/register size xor_key