GNU Debugger (GDB)

Debugger. Reverse engineering.

💡 See example from NorthSec 2020 – CTF-101 Workshop

Plugin gef.

Usage

Debug program

gdb <program name>

Set program arguments

Setting arguments after the program is started will not take effect until the program is restarted.

set args value1 value2 value3 ...

set args 'Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A'

Run the program

run

When the program crashes, find who called the method that crashed. Shows the stack?

backtrace

Examine a specific address (example below)

x <address>

x 0xffbef014

Breakpoints

break <function name>
run

break main
run

Execute one line at a time

step

To execute step again, press Enter. Enter executes the last command.

💡 The debugger steps into functions that are called. If you do not want this behavior, use “next” instead of “step”.

Print address of system()

print system

$1 = {<text variable, no debug info>} 0xf7e0d000 <system>

Show register values

Value for one register (eip):

info registers eip

eip            0x62413762          0x62413762

All registers:

info registers

eax            0x64                100
ecx            0x0                 0
edx            0x0                 0
ebx            0xffffd140          -11968
esp            0xffffd110          0xffffd110
ebp            0x41366241          0x41366241
esi            0xf7fad000          -134557696
edi            0xf7fad000          -134557696
eip            0x62413762          0x62413762
eflags         0x10282             [ SF IF RF ]
cs             0x23                35
ss             0x2b                43
ds             0x2b                43
es             0x2b                43
fs             0x0                 0
gs             0x63                99

Disassemble function

disass <function>

disass main

Exit gdb

quit