gdb

GDB notes & commands

  • layout next

  • break *main

  • run

  • next, nexti

  • info registers

  • x/i $pc

  • refresh

  • start (break *main && run)

  • b 7 (add breakpoint at line 7)

  • del 1 (deletes 1st breakpoint)

  • x/10i 0x11a9 (examine 10 lines from that address)

  • print $sp (print stack pointer)

  • ctrl+x A (TUI mode)

  • ctrl+l (refresh)

  • ctrl+x 2 (multiple windows)

  • ctrl+x 1 (go back)

  • ctrl+p (previous command)

  • ctrl+n (next command)

  • ctrl+x o (switch panels)

  • python (python interpreter)

    • python print (gdb.breakpoints())

    • python print (gdb.breakpoints()[0].location)

    • python gdb.Breakpoint('8')

  • info proc mappings (look at memory map when the process in running)

Finding main() in stripped binaries:

  • to find the offset : find the entry point and examine few lines after that, where you can recognize the main functions prologue (or) use Ghidra to find the offset of the main function.

  • to set a breakpoint at main : load the binary into memory by setting a breakpoint at _start and then use "info proc mappings" to find the entry point base address. now add the base address and offset and set a breakpoint at main().

Memory mappings in proc:

cat /proc/pidof main_stripped/maps

Disable ASLR

echo 0 > sudo /proc/sys/kernel/randomize_va_space

PreviousMalware Analysis - 13cubedNextCCNA notes

Last updated