gdb notes

Table of Contents

Other Command Lists

gdb (and ddd) guide
Useful GDB commands · blacksphere/blackmagic Wiki · GitHub
Basic gdb with OpenOCD – STM32/ARM Cortex-M3 HOWTO

Remote Debugging

target extended-remote <port>

USB

target extended-remote /dev/cu.usbmodemE2C0C4C6

TCP

target extended-remote localhost:3333
arm-none-eabi-gdb -ex "target extended-remote /dev/cu.usbmodemC2D9BBC1"

dump memory

dump binary memory test.bin 0x08000000 0x080FFFFF

Program Movement

load firmware.elf – Load program to Remote chip
run – Start program
step – steps single instruction
next – steps single instruction skips lines in a subroutine
kill – Kill the program being debugged

Break points

break *main

show information

info locals – Variables in context
info registers – system registers
info proc mappings – memory mappings
info frame – information about the current stack frame
info line foo.c:42 – show PC for line
info line * $pc – show line begin/end for the current program counter
p &a – find the memory address of variable ‘a’
p/x variable – Print variable in HEX
p/t variable – Print Variable in Binary
Hook – run commands when break hit

define hook-stop
 info registers l curr registers
 x/24wx $esp ; stack
 x/2i $eip ; next 2 instruction
 end

TUI

TUI Key Bindings

Debugging with GDB: TUI

The TUI installs several key bindings in the readline keymaps (see Command Line Editing). The following key bindings are installed for both TUI mode and the gdb standard mode.

C-x C-a, C-x a or C-x A Enter or leave the TUI mode. When leaving the TUI mode, the curses window management stops and gdb operates using its standard mode, writing on the terminal directly. When reentering the TUI mode, control is given back to the curses windows. The screen is then refreshed.
C-x 1 Use a TUI layout with only one window. The layout will either be ‘source’ or ‘assembly’. When the TUI mode is not active, it will switch to the TUI mode.
C-x 2 Use a TUI layout with at least two windows. When the current layout already has two windows, the next layout with two windows is used. When a new layout is chosen, one window will always be common to the previous layout and the new one.
C-x o Change the active window. The TUI associates several key bindings (like scrolling and arrow keys) with the active window. This command gives the focus to the next TUI window.
C-x s Switch in and out of the TUI SingleKey mode that binds single keys to gdb commands (see TUI Single Key Mode).
The following key bindings only work in the TUI mode:
<PgUp> Scroll the active window one page up.
<PgDn> Scroll the active window one page down.
<Up> Scroll the active window one line up.
<Down> Scroll the active window one line down.
<Left> Scroll the active window one column left.
<Right> Scroll the active window one column right.
C-L Refresh the screen.

Because the arrow keys scroll the active window in the TUI mode, they are not available for their normal use by readline unless the command window has the focus. When another window is active, you must use other readline key bindings such as C-p, C-n, C-b and C-f to control the command window.

Layout options

info win – List and give the size of all displayed windows.
layout next – Display the next layout.
layout prev – Display the previous layout.
layout src – Display the source window only.
layout asm – Display the assembly window only.
layout split – Display the source and assembly window.
layout regs -Display the register window together with the source or assembly window.
tui reg general – Show the general registers in the register window.
start – auto breakpoint at main and continue

TUI Single Key Mode

The TUI also provides a SingleKey mode, which binds several frequently used gdb commands to single keys. Type C-x s to switch into this mode, where the following key bindings are used:

c continue
d down
f finish
n next
q exit the SingleKey mode.
r run
s step
u up
v info locals
w where

Other keys temporarily switch to the gdb command prompt. The key that was pressed is inserted in the editing buffer so that it is possible to type most gdb commands without interaction with the TUI SingleKey mode. Once the command is entered the TUI SingleKey mode is restored. The only way to permanently leave this mode is by typing q or C-x s.

misc

set disassembly-flavor intel
disassemble main
x/wx $esp < show stack pointer
x/24wx $esp stack
x/2i $eip next two commands
$ebp base pointer variable
$eip instruction pointer variable
$esp Stack pointer variable

tbreak – temporary breakpoint
rbreak – reg-ex breakpoint
break xxx if yyy – conditionally break at xxx if condition yyy holds
commands – list of commands to be executed when a breakpoint is hit
silent – special command to suppress output when a breakpoint is hit
save breakpoints – save a list of breakpoints to a script
save history – save the history of executed gdb commands
call – call a function in the inferior
watch -l – watchpoint based on the address (location)
rwatch – read watchpoint
thread apply all bt – backtrace for every threaddprintf – dynamic printf

That was amazing!! You have a brilliant mind man. I started in InfoSec late in life unfortunately, and now in…

The problema is the fuc**** iOS App. Download the Android App, use the same account that you have on the…

[…] is the second in a series looking at part of the Revil malware. The first post covered a triage…

[…] to HERE, HERE and HERE in recent Ryuk sample the persistence happens by modifying the very well know registry…

Hello, thanks for your post. You have done a great analysis! While sniffing the packets that this alarm sends, I…