GDB

Breakpoints

break *0x8049bd7

break on execution

awatch *0xfeedface

break on read/write access

watch *0x08049340

break on write access

rwatch *0x80123454

break on read access

info breakpoints

list breakpoints

del 2

delete breakpoint 2

del breakpoints

delete all breakpoints

disable 1

disable breakpoint 1

Hook stop

Run command after every breakpoint:

define hook-stop
>info registers
>x/4i $eip

Run specific command for a specific breakpoint is hit:

command <breakpoint number>
>info registers
>x/4i $eip

Info

info proc mappings

show mapped memory addresses (stack, heap, libc location, etc)

info functions test

show all functions with regex: test

Convenience variables

set $dat_84 = 0x303042

set local variable dat_84. Has no impact on program. Just convenience

x/bx $dat_84+4

Print out value at @0x303046

Missing Entry Point

Launch program in GDB. Set breakpoint on __libc_start_main. Relaunch the program in GDB and retrieve main from RDI.

Control flow

Step Into one instruction

Next instruction (one step)

Next source code line

finish

Execute until selected stack frame returns

thread

switch threads

jump *decrypt

Jump to address.

jump ch12.c:32

Jump to line of code (when binary compiled with -g)

backtrace / inspect stack to see sequence of function calls

Modify data

set $eax=0

set ($eflags)|=0x42

set zero flag

set $eflags &= ~(1 << 6)

unset zero flag

set *(char*)0x080480d9 = 0x90

Modify Code

Find Data

find 0x8048000,0x804b000,"accept()"

find string between starting and end address

list main.c:34

list source code at line 34

GDB run

run <<< $(python -c "print('B'*300)")

standard input

run $(python -c "print('A','B'*227)")

command line argument

#printf('5\n2\n\x41') > input.txt gdb: run < input.txt

Run multiple commands. Eg. replacement for: printf('5\n2\n\x41') | ./app.bin

GDB Scripting

PWNDBG

pwndbg

List all pwndbg commands

entry

Set breakpoint at first instruction

set context-sessions

Set context to display

ctx-watch BUF

Add Watch expression to context view

ctx-watch execute "x/20x $rsp"

Add watch expression (gdb command) to context view

ctx-unwatch 2

Remote watch expression 2

nextcall

Jump to next call

asm ADD EBP,EBP

Assemble shellcode into bytes

piebase

Retrieve relocated binary base address

nextcall

Jump to next call

distance 0x001043a0 0x10449f

calculate distance between two addresses

xuntil 0x0123123

Continue untill address

context

Display context window

env

Show all environment variables and addresses

set environment variable value

Set a environment variable from within GDB

search "Enter"

Search for string in memory

search 0xffff80cd -t dword

Search for dword in memory

checksec

Show security features (stack canaries, nx, pie, etc)

NextCalc.exe

Last updated 3 months ago

PWNDBG

pwndbg

List all pwndbg commands

entry

Set breakpoint at first instruction

set context-sessions

Set context to display

ctx-watch BUF

Add Watch expression to context view

ctx-watch execute "x/20x $rsp"

Add watch expression (gdb command) to context view

ctx-unwatch 2

Remote watch expression 2

nextcall

Jump to next call

asm ADD EBP,EBP

Assemble shellcode into bytes

piebase

Retrieve relocated binary base address

nextcall

Jump to next call

distance 0x001043a0 0x10449f

calculate distance between two addresses

xuntil 0x0123123

Continue untill address

context

Display context window

env

Show all environment variables and addresses

set environment variable value

Set a environment variable from within GDB

search "Enter"

Search for string in memory

search 0xffff80cd -t dword

Search for dword in memory

checksec

Show security features (stack canaries, nx, pie, etc)