An introduction to GDB

-
Hey guys, this is my first post and pardon me for any errors if I make any errors. Hope you know about x86 architecture, assembly language, stack, etc. If not then head over to security tube to learn a bit about it. So let's begin.

GDB, the GNU Project debugger, allows you to see what is going on `inside' another program while it executes -- or what another program was doing at the moment it crashed.
GDB can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act:
  • Start your program, specifying anything that might affect its behavior.
  • Make your program stop on specified conditions.
  • Examine what has happened, when your program has stopped.
  • Change things in your program, so you can experiment with correcting the effects of one bug and go on to learn about another.
So I just copied that piece of text from gnu.org  :p .

Basically what it does is show us the assembly code for a program which is really really helpful and furthermore it allows us to set breakpoints and see the value stored by each register.

So let's begin.
First go to the directory in which the binary you want to open is present and then type gdb filename to open the file in gdb.
You can type file filename before opening gdb to get some information about the file.


So the first thing we usually do is, type info functions to see the entire list of functions. This will only work if the binary is not stripped. Stripping a binary is usually a way to remove all the function names and stuff of the sort. So we'll assume that the binary isn't stripped for now.

The next usual step is to enter disas main, this is actually short for disassemble main and it gives the assembly code for the main function.


So you might notice that the assembly seems a little bit weird. Fear not, just enter set disassembly-flavor intel  and it'll come to a much more friendly format.

There ya go.
So moving on, you can set breakpoints by typing b *address where you should enter the address of the step where you want the program to stop. For example, b *0x0804841e will break the program at the compare function.


Now we can type r or run to run the program and it'll stop the execution there.

NOTE: The breakpoint actually changes the last bytes of a certain address and it is using these that certain programs implement anti-debugging measures.

So, moving on,

I enter r (for run) and hit enter and the program starts running. And it stops execution at the breakpoint I set.

So there are various steps we take at this point.
One of them is ni and this is the shortened form for next instruction and it jumps the execution to the next statement. If there is a function call in the program, it simply steps over, i.e : it doesn't go into the function, it merely goes to the next statement in the main function.
If you want to step into a function, then enter si to step inside the function.
Another keyword we use is i r


And it is used to display the value inside all the registers.

So I hope you had a good introduction to GDB and I will continue with more info on how to use gdb in the coming posts and if you have any doubts please don't hesitate to contact me, I will be available most of the time. Thanks for spending your time on my blog :D .
Visit Again..

Comments

Post a Comment

Popular posts from this blog

SharifCTF Runme Writeup

-
Image
So Sharif CTF was overall a good CTF and it had quite a few windows reversing questions. Runme was to run the program by modifying it, in the least possible way. And then we had to find the MD5 hash of the file. On analyzing the binary, there were some messed up header information and stuff of the sort. So I used the tool called LORDPE to edit the headers. After comparing with other binaries, I noticed that the subsystem number was set to 1 which is not usually the subsystem number for an ordinary executable. So I changed it to 2 and voila! it worked.  Thanks for reading. :)
Read more