GDB Commands Cheatsheet


# Open a file with GDB
gdb ./file

gdb -q .file
#run the process

#run a process
r -c 1 

#run PID; -q is for quiet mode 
gdb -q -p 1200

#List the functions
info functions

#find functions using readelf; you can find "Entry point address:"
shell readelf -h DataTypes

#shows disassembly 
disas [func name]

#setup breakpoint
break *0xaddress
break _start
break _functionName

#set a break point after a number of instructions of the function
break *&_start +59
break *&_FunctionName +LineNumber

#display content; func name, registers or variable
print [obj name]

#displays info about register
info [name]

#step over: into a program until it reaches next source line 

#stepinto  - step into exactly one instruction 

#Single step into program with just enter key

#display memory locations
x/[number of units][data type][location name]
w= double word

#displays 20 words strating from where esi points to 
x/20w $esi
#displays 10 instructions starting fromwhere EIP points to 
x/10i $eip

#change syntax high lighting
set disassembly-flavor intel

#run an exec with its core dump
 gdb -q ./vuln ./core

#view ecx
display /x $ecx
display /x $cx
display /x $cl

#view registers info
info registers

#show all registers
info all-registers

#list variables
info variables

#show memory processes mappings
break main 
info proc mappings

#Get value of an address
x/s 0x80490a4
x/xb 0x80490a4
x/xb &var1

#Get sequence of 3 bytes
x/3xb &var1

#get the address of a variable/register
print &var1
print/x $eax
#Execute a set of commands automatically in GDB

#Execute commands whenever the program stops
define hook-stop
print/x $eax
print/x $ebx
print/x $ecx
x/8xb &sample
disassemble $eip,+10

x/8xb $esp
x/4xh $esp
x/2xw $esp
disassemble $eip,+1

#use display to print a set of instructions everytime a program stops
#display shows the register/lable name unlike print and not required to define hook
display/x $eax
display/x $ebx
display/x $ecx

define hook-stop 
>print/x $eax
>x/xb &var1
>x/xh &var2
>x/xw &var3
>print $eflags
>disassemble $eip,+10
#Get all shellcode on binary file from objdump
objdump -d ./PROGRAM |grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/ /\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g'

Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Security Analyst, Blogger, Web Developer and a Mechanical Engineer. He Enjoys writing articles, Blogging, Debugging Errors and Capture the Flags. Enjoy Learning; There is Nothing Like Absolute Defeat - Try and try until you Succeed.

No comments:

Post a Comment