Gen­er­al pur­pose debugger.

Hint: gbd dis­ables ASRL by default. 

Commands

• Gen­er­al
  • set disassembly-flavor intel/att
• Process han­dling
  • run runs a pro­gramm with­out parameters
  • run `python -c 'print("a")'‘ runs a pro­gram with a parameter
  • run < <(python -c 'print("a")') runs a pro­gram and enters the giv­en string into STDIN
  • c continue
  • si step one instruction
• Break­points
  • break $f or break *$address
  • del breakpoints
  • info breakpoints
• Dis­as­sem­bling
  • disass <$function | $address> dis­as­sem­bles a func­tion or mem­o­ry address
    • shows with para­me­ter -r the opcodes
  • print or info prints con­tent of reg­is­ters and variables
    • info func shows all functions
  • x/$numi $address prints $num entries from address $address on
    • x/32wx $esp-32 (x86) or x/32gw $rsp-32 (x64) for show­ing the mem­o­ry at the stack pointer.
      • Impor­tant: remem­ber to decrese the address from the stack point­er because the stack is above it…
    • x/32s $esp-32 (x86) or x/32s $rsp-32 (x64) for show­ing the mem­o­ry at the stack point­er as strings.
  • backtrace prints the return pointer
  • info functions shows all functions
  • bt back­trace — Shows where the cur­rent address is references.

Peda

Peda is a exten­sion for gdb which pro­vides use­ful addi­tion­al commands.

• Gen­er­al information
  • checksec prints the secu­ri­ty options
  • aslr prints whether aslr is active
• (Cross-) ref­er­enc­ing
  • xrefs $function shows all ref­er­ences to the giv­en function.
    • Note that gdb’s bt shows ref­er­ences to an address and Peda’s xrefs to a func­tion (=start address of a function)
• Pay­load creation
  • pattern_create n cre­ats a string pat­tern like msfvenom
  • jmpcall search­es for jmp calls