Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use the extended prompt. #25

Closed
wants to merge 22 commits into from
Closed
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Reformats gdbinit to use submodules
The old layout is difficult to maintain due to the size of gdbinit and the fact that it is difficult to identify various components. The file has now been broken up into multiple submodules which are loaded by the main gdbinit file. .gdb and .gdbinit has to be symbolically linked to the users home directory for this to work.
dholm committed Oct 21, 2012
commit 7b341563f583ba211dc03720f52770dab83e102d
458 changes: 458 additions & 0 deletions .gdb/arm

Large diffs are not rendered by default.

121 changes: 121 additions & 0 deletions .gdb/breakpoints
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
define bpl
info breakpoints
end
document bpl
List all breakpoints.
end


define bp
if $argc != 1
help bp
else
break $arg0
end
end
document bp
Set breakpoint.
Usage: bp LOCATION
LOCATION may be a line number, function name, or "*" and an address.
To break on a symbol you must enclose symbol name inside "".
Example:
bp "[NSControl stringValue]"
Or else you can use directly the break command (break [NSControl stringValue])
end


define bpc
if $argc != 1
help bpc
else
clear $arg0
end
end
document bpc
Clear breakpoint.
Usage: bpc LOCATION
LOCATION may be a line number, function name, or "*" and an address.
end


define bpe
if $argc != 1
help bpe
else
enable $arg0
end
end
document bpe
Enable breakpoint with number NUM.
Usage: bpe NUM
end


define bpd
if $argc != 1
help bpd
else
disable $arg0
end
end
document bpd
Disable breakpoint with number NUM.
Usage: bpd NUM
end


define bpt
if $argc != 1
help bpt
else
tbreak $arg0
end
end
document bpt
Set a temporary breakpoint.
This breakpoint will be automatically deleted when hit!.
Usage: bpt LOCATION
LOCATION may be a line number, function name, or "*" and an address.
end


define bpm
if $argc != 1
help bpm
else
awatch $arg0
end
end
document bpm
Set a read/write breakpoint on EXPRESSION, e.g. *address.
Usage: bpm EXPRESSION
end


define bhb
if $argc != 1
help bhb
else
hb $arg0
end
end
document bhb
Set hardware assisted breakpoint.
Usage: bhb LOCATION
LOCATION may be a line number, function name, or "*" and an address.
end


define bht
if $argc != 1
help bht
else
thbreak $arg0
end
end
document bht
Set a temporary hardware breakpoint.
This breakpoint will be automatically deleted when hit!
Usage: bht LOCATION
LOCATION may be a line number, function name, or "*" and an address.
end
534 changes: 534 additions & 0 deletions .gdb/cpu

Large diffs are not rendered by default.

121 changes: 121 additions & 0 deletions .gdb/data
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
# __________hex/ascii dump an address_________
define ascii_char
if $argc != 1
help ascii_char
else
# thanks elaine :)
set $_c = *(unsigned char *)($arg0)
if ($_c < 0x20 || $_c > 0x7E)
printf "."
else
printf "%c", $_c
end
end
end
document ascii_char
Print ASCII value of byte at address ADDR.
Print "." if the value is unprintable.
Usage: ascii_char ADDR
end


define hex_quad
if $argc != 1
help hex_quad
else
printf "%02X %02X %02X %02X %02X %02X %02X %02X", \
*(unsigned char*)($arg0), *(unsigned char*)($arg0 + 1), \
*(unsigned char*)($arg0 + 2), *(unsigned char*)($arg0 + 3), \
*(unsigned char*)($arg0 + 4), *(unsigned char*)($arg0 + 5), \
*(unsigned char*)($arg0 + 6), *(unsigned char*)($arg0 + 7)
end
end
document hex_quad
Print eight hexadecimal bytes starting at address ADDR.
Usage: hex_quad ADDR
end


define hexdump
if $argc == 1
hexdump_aux $arg0
else
if $argc == 2
set $_count = 0
while ($_count < $arg1)
set $_i = ($_count * 0x10)
hexdump_aux $data_addr+$_i
set $_count++
end
else
help hexdump
end
end
end
document hexdump
Display a 16-byte hex/ASCII dump of memory starting at address ADDR.
Optional parameter is the number of lines to display if you want more than one.
Usage: hexdump ADDR [nr lines]
end


define hexdump_aux
if $argc != 1
help hexdump_aux
else
echo \033[1m
if ($64BITS == 1)
printf "0x%016lX : ", $arg0
else
printf "0x%08X : ", $arg0
end
echo \033[0m
hex_quad $arg0
echo \033[1m
printf " - "
echo \033[0m
hex_quad $arg0+8
printf " "
echo \033[1m
ascii_char $arg0+0x0
ascii_char $arg0+0x1
ascii_char $arg0+0x2
ascii_char $arg0+0x3
ascii_char $arg0+0x4
ascii_char $arg0+0x5
ascii_char $arg0+0x6
ascii_char $arg0+0x7
ascii_char $arg0+0x8
ascii_char $arg0+0x9
ascii_char $arg0+0xA
ascii_char $arg0+0xB
ascii_char $arg0+0xC
ascii_char $arg0+0xD
ascii_char $arg0+0xE
ascii_char $arg0+0xF
echo \033[0m
printf "\n"
end
end
document hexdump_aux
Display a 16-byte hex/ASCII dump of memory at address ADDR.
Usage: hexdump_aux ADDR
end


define search
set $start = (char *) $arg0
set $end = (char *) $arg1
set $pattern = (short) $arg2
set $p = $start
while $p < $end
if (*(short *) $p) == $pattern
printf "pattern 0x%hx found at 0x%x\n", $pattern, $p
end
set $p++
end
end
document search
Search for the given pattern beetween $start and $end address.
Usage: search <start> <end> <pattern>
end
101 changes: 101 additions & 0 deletions .gdb/datawin
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
# _______________data window__________________
define ddump
if $argc != 1
help ddump
else
echo \033[34m
if ($64BITS == 1)
printf "[0x%04X:0x%016lX]", $ds, $data_addr
else
printf "[0x%04X:0x%08X]", $ds, $data_addr
end
echo \033[34m
printf "------------------------"
printf "-------------------------------"
if ($64BITS == 1)
printf "-------------------------------------"
end
echo \033[1;34m
printf "[data]\n"
echo \033[0m
set $_count = 0
while ($_count < $arg0)
set $_i = ($_count * 0x10)
hexdump $data_addr+$_i
set $_count++
end
end
end
document ddump
Display NUM lines of hexdump for address in $data_addr global variable.
Usage: ddump NUM
end


define dd
if $argc != 1
help dd
else
set $data_addr = $arg0
ddump 0x10
end
end
document dd
Display 16 lines of a hex dump of address starting at ADDR.
Usage: dd ADDR
end


define datawin
if $ARM == 1
if ((($r0 >> 0x18) == 0x40) || (($r0 >> 0x18) == 0x08) || (($r0 >> 0x18) == 0xBF))
set $data_addr = $r0
else
if ((($r1 >> 0x18) == 0x40) || (($r1 >> 0x18) == 0x08) || (($r1 >> 0x18) == 0xBF))
set $data_addr = $r1
else
if ((($r2 >> 0x18) == 0x40) || (($r2 >> 0x18) == 0x08) || (($r2 >> 0x18) == 0xBF))
set $data_addr = $r2
else
set $data_addr = $sp
end
end
end
################################# X86
else
if ($64BITS == 1)
if ((($rsi >> 0x18) == 0x40) || (($rsi >> 0x18) == 0x08) || (($rsi >> 0x18) == 0xBF))
set $data_addr = $rsi
else
if ((($rdi >> 0x18) == 0x40) || (($rdi >> 0x18) == 0x08) || (($rdi >> 0x18) == 0xBF))
set $data_addr = $rdi
else
if ((($rax >> 0x18) == 0x40) || (($rax >> 0x18) == 0x08) || (($rax >> 0x18) == 0xBF))
set $data_addr = $rax
else
set $data_addr = $rsp
end
end
end
else
if ((($esi >> 0x18) == 0x40) || (($esi >> 0x18) == 0x08) || (($esi >> 0x18) == 0xBF))
set $data_addr = $esi
else
if ((($edi >> 0x18) == 0x40) || (($edi >> 0x18) == 0x08) || (($edi >> 0x18) == 0xBF))
set $data_addr = $edi
else
if ((($eax >> 0x18) == 0x40) || (($eax >> 0x18) == 0x08) || (($eax >> 0x18) == 0xBF))
set $data_addr = $eax
else
set $data_addr = $esp
end
end
end
end
end
ddump $CONTEXTSIZE_DATA
end
document datawin
Display valid address from one register in data window.
Registers to choose are: esi, edi, eax, or esp.
end
412 changes: 412 additions & 0 deletions .gdb/dumpjump

Large diffs are not rendered by default.

164 changes: 164 additions & 0 deletions .gdb/gdbinit
Original file line number Diff line number Diff line change
@@ -0,0 +1,164 @@
# ____________________misc____________________
# bunch of semi-useless commands

# enable and disable shortcuts for stop-on-solib-events fantastic trick!
define enablesolib
set stop-on-solib-events 1
printf "Stop-on-solib-events is enabled!\n"
end
document enablesolib
Shortcut to enable stop-on-solib-events trick.
end


define disablesolib
set stop-on-solib-events 0
printf "Stop-on-solib-events is disabled!\n"
end
document disablesolib
Shortcut to disable stop-on-solib-events trick.
end


# enable commands for different displays
define enableobjectivec
set $SHOWOBJECTIVEC = 1
end
document enableobjectivec
Enable display of objective-c information in the context window.
end


define enablecpuregisters
set $SHOWCPUREGISTERS = 1
end
document enablecpuregisters
Enable display of cpu registers in the context window.
end


define enablestack
set $SHOWSTACK = 1
end
document enablestack
Enable display of stack in the context window.
end


define enabledatawin
set $SHOWDATAWIN = 1
end
document enabledatawin
Enable display of data window in the context window.
end


# disable commands for different displays
define disableobjectivec
set $SHOWOBJECTIVEC = 0
end
document disableobjectivec
Disable display of objective-c information in the context window.
end


define disablecpuregisters
set $SHOWCPUREGISTERS = 0
end
document disablecpuregisters
Disable display of cpu registers in the context window.
end


define disablestack
set $SHOWSTACK = 0
end
document disablestack
Disable display of stack information in the context window.
end


define disabledatawin
set $SHOWDATAWIN = 0
end
document disabledatawin
Disable display of data window in the context window.
end


define 32bits
set $64BITS = 0
if $X86FLAVOR == 0
set disassembly-flavor intel
else
set disassembly-flavor att
end
end
document 32bits
Set gdb to work with 32bits binaries.
end


define 64bits
set $64BITS = 1
if $X86FLAVOR == 0
set disassembly-flavor intel
else
set disassembly-flavor att
end
end
document 64bits
Set gdb to work with 64bits binaries.
end


define arm
if $ARMOPCODES == 1
set arm show-opcode-bytes 1
else
set arm show-opcode-bytes 1
end
set $ARM = 1
set $64BITS = 0
end
document arm
Set gdb to work with ARM binaries.
end


define enablelib
set stop-on-solib-events 1
end
document enablelib
Activate stop-on-solib-events.
end


define disablelib
set stop-on-solib-events 0
end
document disablelib
Deactivate stop-on-solib-events.
end


define intelsyntax
if $ARM == 0
set disassembly-flavor intel
set $X86FLAVOR = 0
end
end
document intelsyntax
Change disassembly syntax to intel flavor.
end


define attsyntax
if $ARM == 0
set disassembly-flavor att
set $X86FLAVOR = 1
end
end
document attsyntax
Change disassembly syntax to at&t flavor.
end
93 changes: 93 additions & 0 deletions .gdb/info
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
define stack
if $argc == 0
info stack
end
if $argc == 1
info stack $arg0
end
if $argc > 1
help stack
end
end
document stack
Print backtrace of the call stack, or innermost COUNT frames.
Usage: stack <COUNT>
end


define frame
info frame
info args
info locals
end
document frame
Print stack frame.
end


define func
if $argc == 0
info functions
end
if $argc == 1
info functions $arg0
end
if $argc > 1
help func
end
end
document func
Print all function names in target, or those matching REGEXP.
Usage: func <REGEXP>
end


define var
if $argc == 0
info variables
end
if $argc == 1
info variables $arg0
end
if $argc > 1
help var
end
end
document var
Print all global and static variable names (symbols), or those matching REGEXP.
Usage: var <REGEXP>
end


define lib
info sharedlibrary
end
document lib
Print shared libraries linked to target.
end


define sig
if $argc == 0
info signals
end
if $argc == 1
info signals $arg0
end
if $argc > 1
help sig
end
end
document sig
Print what debugger does when program gets various signals.
Specify a SIGNAL as argument to print info on that signal only.
Usage: sig <SIGNAL>
end


define threads
info threads
end
document threads
Print threads in target.
end
255 changes: 255 additions & 0 deletions .gdb/patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,255 @@
# ____________________patch___________________
# the usual nops are mov r0,r0 for arm (0xe1a00000)
# and mov r8,r8 in Thumb (0x46c0)
# armv7 has other nops
# FIXME: make sure that the interval fits the 32bits address for arm and 16bits for thumb
# status: works, fixme
define nop
if ($argc > 2 || $argc == 0)
help nop
end

if $ARM == 1
if ($argc == 1)
if ($cpsr->t &1)
# thumb
set *(short *)$arg0 = 0x46c0
else
# arm
set *(int *)$arg0 = 0xe1a00000
end
else
set $addr = $arg0
if ($cpsr->t & 1)
# thumb
while ($addr < $arg1)
set *(short *)$addr = 0x46c0
set $addr = $addr + 2
end
else
# arm
while ($addr < $arg1)
set *(int *)$addr = 0xe1a00000
set $addr = $addr + 4
end
end
end
else
if ($argc == 1)
set *(unsigned char *)$arg0 = 0x90
else
set $addr = $arg0
while ($addr < $arg1)
set *(unsigned char *)$addr = 0x90
set $addr = $addr + 1
end
end
end
end
document nop
Usage: nop ADDR1 [ADDR2]
Patch a single byte at address ADDR1, or a series of bytes between ADDR1 and ADDR2 to a NOP (0x90) instruction.
ARM or Thumb code will be patched accordingly.
end


define null
if ( $argc >2 || $argc == 0)
help null
end

if ($argc == 1)
set *(unsigned char *)$arg0 = 0
else
set $addr = $arg0
while ($addr < $arg1)
set *(unsigned char *)$addr = 0
set $addr = $addr +1
end
end
end
document null
Usage: null ADDR1 [ADDR2]
Patch a single byte at address ADDR1 to NULL (0x00), or a series of bytes between ADDR1 and ADDR2.
end

# FIXME: thumb breakpoint ?
define int3
if $argc != 1
help int3
else
if $ARM == 1
set $ORIGINAL_INT3 = *(unsigned int *)$arg0
set $ORIGINAL_INT3ADDRESS = $arg0
set *(unsigned int*)$arg0 = 0xe7ffdefe
else
# save original bytes and address
set $ORIGINAL_INT3 = *(unsigned char *)$arg0
set $ORIGINAL_INT3ADDRESS = $arg0
# patch
set *(unsigned char *)$arg0 = 0xCC
end
end
end
document int3
Patch byte at address ADDR to an INT3 (0xCC) instruction or the equivalent software breakpoint for ARM.
Usage: int3 ADDR
end


define rint3
if $ARM == 1
set *(unsigned int *)$ORIGINAL_INT3ADDRESS = $ORIGINAL_INT3
set $pc = $ORIGINAL_INT3ADDRESS
else
set *(unsigned char *)$ORIGINAL_INT3ADDRESS = $ORIGINAL_INT3
if $64BITS == 1
set $rip = $ORIGINAL_INT3ADDRESS
else
set $eip = $ORIGINAL_INT3ADDRESS
end
end
end
document rint3
Restore the original byte previous to int3 patch issued with "int3" command.
end


# original by Tavis Ormandy (http://my.opera.com/taviso/blog/index.dml/tag/gdb) (great fix!)
# modified to work with Mac OS X by fG!
# seems nasm shipping with Mac OS X has problems accepting input from stdin or heredoc
# input is read into a variable and sent to a temporary file which nasm can read
define assemble
# dont enter routine again if user hits enter
dont-repeat
if ($argc)
if (*$arg0 = *$arg0)
# check if we have a valid address by dereferencing it,
# if we havnt, this will cause the routine to exit.
end
printf "Instructions will be written to %#x.\n", $arg0
else
printf "Instructions will be written to stdout.\n"
end
printf "Type instructions, one per line."
echo \033[1m
printf " Do not forget to use NASM assembler syntax!\n"
echo \033[0m
printf "End with a line saying just \"end\".\n"

if ($argc)
if ($64BITS == 1)
# argument specified, assemble instructions into memory at address specified.
shell ASMOPCODE="$(while read -ep '>' r && test "$r" != end ; do echo -E "$r"; done)" ; GDBASMFILENAME=$RANDOM; \
echo -e "BITS 64\n$ASMOPCODE" >/tmp/$GDBASMFILENAME ; /usr/local/bin/nasm -f bin -o /dev/stdout /tmp/$GDBASMFILENAME | /usr/bin/hexdump -ve '1/1 "set *((unsigned char *) $arg0 + %#2_ax) = %#02x\n"' >/tmp/gdbassemble ; /bin/rm -f /tmp/$GDBASMFILENAME
source /tmp/gdbassemble
# all done. clean the temporary file
shell /bin/rm -f /tmp/gdbassemble
else
# argument specified, assemble instructions into memory at address specified.
shell ASMOPCODE="$(while read -ep '>' r && test "$r" != end ; do echo -E "$r"; done)" ; GDBASMFILENAME=$RANDOM; \
echo -e "BITS 32\n$ASMOPCODE" >/tmp/$GDBASMFILENAME ; /usr/bin/nasm -f bin -o /dev/stdout /tmp/$GDBASMFILENAME | /usr/bin/hexdump -ve '1/1 "set *((unsigned char *) $arg0 + %#2_ax) = %#02x\n"' >/tmp/gdbassemble ; /bin/rm -f /tmp/$GDBASMFILENAME
source /tmp/gdbassemble
# all done. clean the temporary file
shell /bin/rm -f /tmp/gdbassemble
end
else
if ($64BITS == 1)
# no argument, assemble instructions to stdout
shell ASMOPCODE="$(while read -ep '>' r && test "$r" != end ; do echo -E "$r"; done)" ; GDBASMFILENAME=$RANDOM; \
echo -e "BITS 64\n$ASMOPCODE" >/tmp/$GDBASMFILENAME ; /usr/local/bin/nasm -f bin -o /dev/stdout /tmp/$GDBASMFILENAME | /usr/local/bin/ndisasm -i -b64 /dev/stdin ; \
/bin/rm -f /tmp/$GDBASMFILENAME
else
# no argument, assemble instructions to stdout
shell ASMOPCODE="$(while read -ep '>' r && test "$r" != end ; do echo -E "$r"; done)" ; GDBASMFILENAME=$RANDOM; \
echo -e "BITS 32\n$ASMOPCODE" >/tmp/$GDBASMFILENAME ; /usr/bin/nasm -f bin -o /dev/stdout /tmp/$GDBASMFILENAME | /usr/bin/ndisasm -i -b32 /dev/stdin ; \
/bin/rm -f /tmp/$GDBASMFILENAME
end
end
end
document assemble
Assemble instructions using nasm.
Type a line containing "end" to indicate the end.
If an address is specified, insert/modify instructions at that address.
If no address is specified, assembled instructions are printed to stdout.
Use the pseudo instruction "org ADDR" to set the base address.
end


define asm
if $argc == 1
assemble $arg0
else
assemble
end
end
document asm
Shortcut to the asssemble command.
end


define assemble_gas
printf "\nType code to assemble and hit Ctrl-D when finished.\n"
printf "You must use GNU assembler (AT&T) syntax.\n"

shell filename=$(mktemp); \
binfilename=$(mktemp); \
echo -e "Writing into: ${filename}\n"; \
cat > $filename; echo ""; \
as -o $binfilename < $filename; \
objdump -d -j .text $binfilename; \
rm -f $binfilename; \
rm -f $filename; \
echo -e "temporaly files deleted.\n"
end
document assemble_gas
Assemble instructions to binary opcodes. Uses GNU as and objdump.
Usage: assemble_gas
end


define dump_hexfile
dump ihex memory $arg0 $arg1 $arg2
end
document dump_hexfile
Write a range of memory to a file in Intel ihex (hexdump) format.
The range is specified by ADDR1 and ADDR2 addresses.
Usage: dump_hexfile FILENAME ADDR1 ADDR2
end


define dump_binfile
dump memory $arg0 $arg1 $arg2
end
document dump_binfile
Write a range of memory to a binary file.
The range is specified by ADDR1 and ADDR2 addresses.
Usage: dump_binfile FILENAME ADDR1 ADDR2
end


define dumpmacho
if $argc != 2
help dumpmacho
end
set $headermagic = *$arg0
# the || operator isn't working as it should, wtf!!!
if $headermagic != 0xfeedface
if $headermagic != 0xfeedfacf
printf "[Error] Target address doesn't contain a valid Mach-O binary!\n"
help dumpmacho
end
end
set $headerdumpsize = *($arg0+0x14)
if $headermagic == 0xfeedface
dump memory $arg1 $arg0 ($arg0+0x1c+$headerdumpsize)
end
if $headermagic == 0xfeedfacf
dump memory $arg1 $arg0 ($arg0+0x20+$headerdumpsize)
end
end
document dumpmacho
Dump the Mach-O header to a file.
You need to input the start address (use info shared command to find it).
Usage: dumpmacho STARTADDRESS FILENAME
end
7 changes: 7 additions & 0 deletions .gdb/process
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# ______________process information____________
define argv
show args
end
document argv
Print program arguments.
end
100 changes: 100 additions & 0 deletions .gdb/tips
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
# _________________user tips_________________
# The 'tips' command is used to provide tutorial-like info to the user
define tips
printf "Tip Topic Commands:\n"
printf "\ttip_display : Automatically display values on each break\n"
printf "\ttip_patch : Patching binaries\n"
printf "\ttip_strip : Dealing with stripped binaries\n"
printf "\ttip_syntax : AT&T vs Intel syntax\n"
end
document tips
Provide a list of tips from users on various topics.
end


define tip_patch
printf "\n"
printf " PATCHING MEMORY\n"
printf "Any address can be patched using the 'set' command:\n"
printf "\t`set ADDR = VALUE` \te.g. `set *0x8049D6E = 0x90`\n"
printf "\n"
printf " PATCHING BINARY FILES\n"
printf "Use `set write` in order to patch the target executable\n"
printf "directly, instead of just patching memory\n"
printf "\t`set write on` \t`set write off`\n"
printf "Note that this means any patches to the code or data segments\n"
printf "will be written to the executable file\n"
printf "When either of these commands has been issued,\n"
printf "the file must be reloaded.\n"
printf "\n"
end
document tip_patch
Tips on patching memory and binary files.
end


define tip_strip
printf "\n"
printf " STOPPING BINARIES AT ENTRY POINT\n"
printf "Stripped binaries have no symbols, and are therefore tough to\n"
printf "start automatically. To debug a stripped binary, use\n"
printf "\tinfo file\n"
printf "to get the entry point of the file\n"
printf "The first few lines of output will look like this:\n"
printf "\tSymbols from '/tmp/a.out'\n"
printf "\tLocal exec file:\n"
printf "\t `/tmp/a.out', file type elf32-i386.\n"
printf "\t Entry point: 0x80482e0\n"
printf "Use this entry point to set an entry point:\n"
printf "\t`tbreak *0x80482e0`\n"
printf "The breakpoint will delete itself after the program stops as\n"
printf "the entry point\n"
printf "\n"
end
document tip_strip
Tips on dealing with stripped binaries.
end


define tip_syntax
printf "\n"
printf "\t INTEL SYNTAX AT&T SYNTAX\n"
printf "\tmnemonic dest, src, imm mnemonic src, dest, imm\n"
printf "\t[base+index*scale+disp] disp(base, index, scale)\n"
printf "\tregister: eax register: %%eax\n"
printf "\timmediate: 0xFF immediate: $0xFF\n"
printf "\tdereference: [addr] dereference: addr(,1)\n"
printf "\tabsolute addr: addr absolute addr: *addr\n"
printf "\tbyte insn: mov byte ptr byte insn: movb\n"
printf "\tword insn: mov word ptr word insn: movw\n"
printf "\tdword insn: mov dword ptr dword insn: movd\n"
printf "\tfar call: call far far call: lcall\n"
printf "\tfar jump: jmp far far jump: ljmp\n"
printf "\n"
printf "Note that order of operands in reversed, and that AT&T syntax\n"
printf "requires that all instructions referencing memory operands \n"
printf "use an operand size suffix (b, w, d, q)\n"
printf "\n"
end
document tip_syntax
Summary of Intel and AT&T syntax differences.
end


define tip_display
printf "\n"
printf "Any expression can be set to automatically be displayed every time\n"
printf "the target stops. The commands for this are:\n"
printf "\t`display expr' : automatically display expression 'expr'\n"
printf "\t`display' : show all displayed expressions\n"
printf "\t`undisplay num' : turn off autodisplay for expression # 'num'\n"
printf "Examples:\n"
printf "\t`display/x *(int *)$esp` : print top of stack\n"
printf "\t`display/x *(int *)($ebp+8)` : print first parameter\n"
printf "\t`display (char *)$esi` : print source string\n"
printf "\t`display (char *)$edi` : print destination string\n"
printf "\n"
end
document tip_display
Tips on automatically displaying values when a program stops.
end
326 changes: 326 additions & 0 deletions .gdb/tracing
Original file line number Diff line number Diff line change
@@ -0,0 +1,326 @@
# used by ptraceme/rptraceme
set $ptrace_bpnum = 0

# _______________process control______________
define n
if $argc == 0
nexti
end
if $argc == 1
nexti $arg0
end
if $argc > 1
help n
end
end
document n
Step one instruction, but proceed through subroutine calls.
If NUM is given, then repeat it NUM times or till program stops.
This is alias for nexti.
Usage: n <NUM>
end


define go
if $argc == 0
stepi
end
if $argc == 1
stepi $arg0
end
if $argc > 1
help go
end
end
document go
Step one instruction exactly.
If NUM is given, then repeat it NUM times or till program stops.
This is alias for stepi.
Usage: go <NUM>
end


define pret
finish
end
document pret
Execute until selected stack frame returns (step out of current call).
Upon return, the value returned is printed and put in the value history.
end


define init
set $SHOW_NEST_INSN = 0
tbreak _init
r
end
document init
Run program and break on _init().
end


define start
set $SHOW_NEST_INSN = 0
tbreak _start
r
end
document start
Run program and break on _start().
end


define sstart
set $SHOW_NEST_INSN = 0
tbreak __libc_start_main
r
end
document sstart
Run program and break on __libc_start_main().
Useful for stripped executables.
end


define main
set $SHOW_NEST_INSN = 0
tbreak main
r
end
document main
Run program and break on main().
end


# FIXME64
#### WARNING ! WARNING !!
#### More more messy stuff starting !!!
#### I was thinking about how to do this and then it ocurred me that it could be as simple as this ! :)
define stepoframework
if $ARM == 1
stepoframeworkarm
else
stepoframeworkx86
end
end
document stepoframework
Auxiliary function to stepo command.
end

define stepo
stepoframework 0
end
document stepo
Step over calls (interesting to bypass the ones to msgSend).
This function will set a temporary breakpoint on next instruction after the call so the call will be bypassed.
You can safely use it instead nexti or n since it will single step code if it's not a call instruction (unless you want to go into the call function).
end


define stepoh
stepoframework 1
end
document stepoh
Same as stepo command but uses temporary hardware breakpoints.
end


# FIXME: ARM
define skip
x/2i $pc
set $instruction_size = (int)($_ - $pc)
set $pc = $pc + $instruction_size
if ($SKIPEXECUTE == 1)
if ($SKIPSTEP == 1)
stepo
else
stepi
end
else
context
end
end
document skip
Skip over the instruction located at EIP/RIP. By default, the instruction will not be executed!
Some configurable options are available on top of gdbinit to override this.
end


define step_to_call
set $_saved_ctx = $SHOW_CONTEXT
set $SHOW_CONTEXT = 0
set $SHOW_NEST_INSN = 0

set logging file /dev/null
set logging redirect on
set logging on

set $_cont = 1
while ($_cont > 0)
stepi
get_insn_type $pc
if ($INSN_TYPE == 3)
set $_cont = 0
end
end

set logging off

if ($_saved_ctx > 0)
context
end

set $SHOW_CONTEXT = $_saved_ctx
set $SHOW_NEST_INSN = 0

set logging file ~/gdb.txt
set logging redirect off
set logging on

printf "step_to_call command stopped at:\n "
x/i $pc
printf "\n"
set logging off

end
document step_to_call
Single step until a call instruction is found.
Stop before the call is taken.
Log is written into the file ~/gdb.txt.
end


define trace_calls

printf "Tracing...please wait...\n"

set $_saved_ctx = $SHOW_CONTEXT
set $SHOW_CONTEXT = 0
set $SHOW_NEST_INSN = 0
set $_nest = 1
set listsize 0

set logging overwrite on
set logging file ~/gdb_trace_calls.txt
set logging on
set logging off
set logging overwrite off

while ($_nest > 0)
get_insn_type $pc
# handle nesting
if ($INSN_TYPE == 3)
set $_nest = $_nest + 1
else
if ($INSN_TYPE == 4)
set $_nest = $_nest - 1
end
end
# if a call, print it
if ($INSN_TYPE == 3)
set logging file ~/gdb_trace_calls.txt
set logging redirect off
set logging on

set $x = $_nest - 2
while ($x > 0)
printf "\t"
set $x = $x - 1
end
x/i $pc
end

set logging off
set logging file /dev/null
set logging redirect on
set logging on
stepi
set logging redirect off
set logging off
end

set $SHOW_CONTEXT = $_saved_ctx
set $SHOW_NEST_INSN = 0

printf "Done, check ~/gdb_trace_calls.txt\n"
end
document trace_calls
Create a runtime trace of the calls made by target.
Log overwrites(!) the file ~/gdb_trace_calls.txt.
end


define trace_run

printf "Tracing...please wait...\n"

set $_saved_ctx = $SHOW_CONTEXT
set $SHOW_CONTEXT = 0
set $SHOW_NEST_INSN = 1
set logging overwrite on
set logging file ~/gdb_trace_run.txt
set logging redirect on
set logging on
set $_nest = 1

while ( $_nest > 0 )

get_insn_type $pc
# jmp, jcc, or cll
if ($INSN_TYPE == 3)
set $_nest = $_nest + 1
else
# ret
if ($INSN_TYPE == 4)
set $_nest = $_nest - 1
end
end
stepi
end

printf "\n"

set $SHOW_CONTEXT = $_saved_ctx
set $SHOW_NEST_INSN = 0
set logging redirect off
set logging off

# clean up trace file
shell grep -v ' at ' ~/gdb_trace_run.txt > ~/gdb_trace_run.1
shell grep -v ' in ' ~/gdb_trace_run.1 > ~/gdb_trace_run.txt
shell rm -f ~/gdb_trace_run.1
printf "Done, check ~/gdb_trace_run.txt\n"
end
document trace_run
Create a runtime trace of target.
Log overwrites(!) the file ~/gdb_trace_run.txt.
end

#define ptraceme
# catch syscall ptrace
# commands
# if ($64BITS == 0)
# if ($ebx == 0)
# set $eax = 0
# continue
# end
# else
# if ($rdi == 0)
# set $rax = 0
# continue
# end
# end
# end
# set $ptrace_bpnum = $bpnum
#end
#document ptraceme
#Hook ptrace to bypass PTRACE_TRACEME anti debugging technique
#end

define rptraceme
if ($ptrace_bpnum != 0)
delete $ptrace_bpnum
set $ptrace_bpnum = 0
end
end
document rptraceme
Remove ptrace hook.
end
46 changes: 46 additions & 0 deletions .gdb/window
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# ______________window size control___________
define contextsize-stack
if $argc != 1
help contextsize-stack
else
set $CONTEXTSIZE_STACK = $arg0
end
end
document contextsize-stack
Set stack dump window size to NUM lines.
Usage: contextsize-stack NUM
end


define contextsize-data
if $argc != 1
help contextsize-data
else
set $CONTEXTSIZE_DATA = $arg0
end
end
document contextsize-data
Set data dump window size to NUM lines.
Usage: contextsize-data NUM
end


define contextsize-code
if $argc != 1
help contextsize-code
else
set $CONTEXTSIZE_CODE = $arg0
end
end
document contextsize-code
Set code window size to NUM lines.
Usage: contextsize-code NUM
end


define cls
shell clear
end
document cls
Clear screen.
end
564 changes: 564 additions & 0 deletions .gdb/x86

Large diffs are not rendered by default.

300 changes: 300 additions & 0 deletions .gdbinit
Original file line number Diff line number Diff line change
@@ -0,0 +1,300 @@
# INSTALL INSTRUCTIONS: save as ~/.gdbinit
#
# DESCRIPTION: A user-friendly gdb configuration file, for x86/x86_64 and ARM platforms.
#
# REVISION : 8.0.2 (31/07/2012)
#
# CONTRIBUTORS: mammon_, elaine, pusillus, mong, zhang le, l0kit,
# truthix the cyberpunk, fG!, gln
#
# FEEDBACK: http://reverse.put.as - reverser@put.as
#
# NOTES: 'help user' in gdb will list the commands/descriptions in this file
# 'context on' now enables auto-display of context screen
#
# MAC OS X NOTES: If you are using this on Mac OS X, you must either attach gdb to a process
# or launch gdb without any options and then load the binary file you want to analyse with "exec-file" option
# If you load the binary from the command line, like $gdb binary-name, this will not work as it should
# For more information, read it here http://reverse.put.as/2008/11/28/apples-gdb-bug/
#
# UPDATE: This bug can be fixed in gdb source. Refer to http://reverse.put.as/2009/08/10/fix-for-apples-gdb-bug-or-why-apple-forks-are-bad/
# and http://reverse.put.as/2009/08/26/gdb-patches/ (if you want the fixed binary for i386)
#
# An updated version of the patch and binary is available at http://reverse.put.as/2011/02/21/update-to-gdb-patches-fix-a-new-bug/
#
# iOS NOTES: iOS gdb from Cydia (and Apple's) suffer from the same OS X bug.
# If you are using this on Mac OS X or iOS, you must either attach gdb to a process
# or launch gdb without any options and then load the binary file you want to analyse with "exec-file" option
# If you load the binary from the command line, like $gdb binary-name, this will not work as it should
# For more information, read it here http://reverse.put.as/2008/11/28/apples-gdb-bug/
#
# CHANGELOG: (older changes at the end of the file)
#
# Version 8.0.2 (31/07/2012)
# - Merge pull request from mheistermann to support local modifications in a .gdbinit.local file
# - Add a missing opcode to the stepo command
#
# Version 8.0.1 (23/04/2012)
# - Small bug fix to the attsyntax and intelsyntax commands (changing X86 flavor variable was missing)
#
# Version 8.0 (13/04/2012)
# - Merged x86/x64 and ARM versions
# - Added commands intelsyntax and attsyntax to switch between x86 disassembly flavors
# - Added new configuration variables ARM, ARMOPCODES, and X86FLAVOR
# - Code cleanups and fixes to the indentation
# - Bug fixes to some ARM related code
# - Added the dumpmacho command to memory dump the mach-o header to a file
#
# TODO:
#

# __________________gdb options_________________

# set to 1 to have ARM target debugging as default, use the "arm" command to switch inside gdb
set $ARM = 0
# set to 1 to enable 64bits target by default (32bits is the default)
set $64BITS = 1

if $64BITS == 1
printf "64-bit mode is default. Use the 32bits command if your target is 32 bits.\n"
printf "Edit the $64BITS variable in your .gdbinit file to switch to default 32-bit mode.\n"
else
printf "32-bit mode is default. Use the 64bits command if your target is 64 bits.\n"
printf "Edit the $64BITS variable in your .gdbinit file to switch to default 64-bit mode.\n"
end
# set to 0 if you have problems with the colorized prompt - reported by Plouj with Ubuntu gdb 7.2
set $COLOUREDPROMPT = 1
# Colour the first line of the disassembly - default is green, if you want to change it search for
# SETCOLOUR1STLINE and modify it :-)
set $SETCOLOUR1STLINE = 0
# set to 0 to remove display of objectivec messages (default is 1)
set $SHOWOBJECTIVEC = 1
# set to 0 to remove display of cpu registers (default is 1)
set $SHOWCPUREGISTERS = 1
# set to 1 to enable display of stack (default is 0)
set $SHOWSTACK = 0
# set to 1 to enable display of data window (default is 0)
set $SHOWDATAWIN = 0
# set to 0 to disable coloured display of changed registers
set $SHOWREGCHANGES = 1
# set to 1 so skip command to execute the instruction at the new location
# by default it EIP/RIP will be modified and update the new context but not execute the instruction
set $SKIPEXECUTE = 0
# if $SKIPEXECUTE is 1 configure the type of execution
# 1 = use stepo (do not get into calls), 0 = use stepi (step into calls)
set $SKIPSTEP = 1
# show the ARM opcodes - change to 0 if you don't want such thing (in x/i command)
set $ARMOPCODES = 1
# x86 disassembly flavor: 0 for Intel, 1 for AT&T
set $X86FLAVOR = 0

set $displayobjectivec = 0

set confirm off
set verbose off

set output-radix 0x10
set input-radix 0x10

# These make gdb never pause in its output
set height 0
set width 0

set $SHOW_CONTEXT = 1
set $SHOW_NEST_INSN = 0

set $CONTEXTSIZE_STACK = 6
set $CONTEXTSIZE_DATA = 8
set $CONTEXTSIZE_CODE = 8

# __________________end gdb options_________________
#

if $COLOUREDPROMPT == 1
set prompt \033[31mgdb$ \033[0m
end

source ~/.gdb/window
source ~/.gdb/cpu
source ~/.gdb/data
source ~/.gdb/process
source ~/.gdb/datawin
source ~/.gdb/dumpjump
source ~/.gdb/patch
source ~/.gdb/tracing
source ~/.gdb/misc
source ~/.gdb/info
source ~/.gdb/tips

# Configuration options specific to local machine. This file is not in the
# repository.
source ~/.gdbinit.local

#EOF

# Older change logs:
#
# Version 7.4.4 (02/01/2012)
# - Added the "skip" command. This will jump to the next instruction after EIP/RIP without executing the current one.
# Thanks to @bSr43 for the tip to retrieve the current instruction size.
#
# Version 7.4.3 (04/11/2011)
# - Modified "hexdump" command to support a variable number of lines (optional parameter)
# - Removed restrictions on type of addresses in the "dd" command - Thanks to Plouj for the warning :-)
# I don't know what was the original thinking behind those :-)
# - Modified the assemble command to support 64bits - You will need to recompile nasm since the version shipped with OS X doesn't supports 64bits (www.nasm.us).
# Assumes that the new binary is installed at /usr/local/bin - modify the variable at the top if you need so.
# It will assemble based on the target arch being debugged. If you want to use gdb for a quick asm just use the 32bits or 64bits commands to set your target.
# Thanks to snare for the warning and original patch :-)
# - Added "asm" command - it's a shortcut to the "assemble" command.
# - Added configuration variable for colorized prompt. Plouj reported some issues with Ubuntu's gdb 7.2 if prompt is colorized.
#
# Version 7.4.2 (11/08/2011)
# Small fix to a weird bug happening on FreeBSD 8.2. It doesn't like a "if(" instruction, needs to be "if (". Weird!
# Many thanks to Evan for reporting and sending the patch :-)
# Added the ptraceme/rptraceme commands to bypass PTRACE_TRACME anti-debugging technique.
# Grabbed this from http://falken.tuxfamily.org/?p=171
# It's commented out due to a gdb problem in OS X (refer to http://reverse.put.as/2011/08/20/another-patch-for-apples-gdb-the-definecommands-problem/ )
# Just uncomment it if you want to use in ptrace enabled systems.
#
# Version 7.4.1 (21/06/2011) - fG!
# Added patch sent by sbz, more than 1 year ago, which I forgot to add :-/
# This will allow to search for a given pattern between start and end address.
# On sbz words: "It's usefull to find call, ret or everything like that." :-)
# New command is "search"
#
# Version 7.4 (20/06/2011) - fG!
# When registers change between instructions the colour will change to red (like it happens in OllyDBG)
# This is the default behavior, if you don't like it, modify the variable SHOWREGCHANGES
# Added patch sent by Philippe Langlois
# Colour the first disassembly line - change the setting below on SETCOLOUR1STLINE - by default it's disabled
#
# Version 7.3.2 (21/02/2011) - fG!
# Added the command rint3 and modified the int3 command. The new command will restore the byte in previous int3 patch.
#
# Version 7.3.1 (29/06/2010) - fG!
# Added enablelib/disablelib command to quickly set the stop-on-solib-events trick
# Implemented the stepoh command equivalent to the stepo but using hardware breakpoints
# More fixes to stepo
#
# Version 7.3 (16/04/2010) - fG!
# Support for 64bits targets. Default is 32bits, you should modify the variable or use the 32bits or 64bits to choose the mode.
# I couldn't find another way to recognize the type of binary… Testing the register doesn't work that well.
# TODO: fix objectivec messages and stepo for 64bits
# Version 7.2.1 (24/11/2009) - fG!
# Another fix to stepo (0xFF92 missing)
#
# Version 7.2 (11/10/2009) - fG!
# Added the smallregisters function to create 16 and 8 bit versions from the registers EAX, EBX, ECX, EDX
# Revised and fixed all the dumpjump stuff, following Intel manuals. There were some errors (thx to rev who pointed the jle problem).
# Small fix to stepo command (missed a few call types)
#
# Version 7.1.7 - fG!
# Added the possibility to modify what's displayed with the context window. You can change default options at the gdb options part. For example, kernel debugging is much slower if the stack display is enabled...
# New commands enableobjectivec, enablecpuregisters, enablestack, enabledatawin and their disable equivalents (to support realtime change of default options)
# Fixed problem with the assemble command. I was calling /bin/echo which doesn't support the -e option ! DUH ! Should have used bash internal version.
# Small fixes to colours...
# New commands enablesolib and disablesolib . Just shortcuts for the stop-on-solib-events fantastic trick ! Hey... I'm lazy ;)
# Fixed this: Possible removal of "u" command, info udot is missing in gdb 6.8-debian . Doesn't exist on OS X so bye bye !!!
# Displays affected flags in jump decisions
#
# Version 7.1.6 - fG!
# Added modified assemble command from Tavis Ormandy (further modified to work with Mac OS X) (shell commands used use full path name, working for Leopard, modify for others if necessary)
# Renamed thread command to threads because thread is an internal gdb command that allows to move between program threads
#
# Version 7.1.5 (04/01/2009) - fG!
# Fixed crash on Leopard ! There was a If Else condition where the else had no code and that made gdb crash on Leopard (CRAZY!!!!)
# Better code indention
#
# Version 7.1.4 (02/01/2009) - fG!
# Bug in show objective c messages with Leopard ???
# Nop routine support for single address or range (contribution from gln [ghalen at hack.se])
# Used the same code from nop to null routine
#
# Version 7.1.3 (31/12/2008) - fG!
# Added a new command 'stepo'. This command will step a temporary breakpoint on next instruction after the call, so you can skip over
# the call. Did this because normal commands not always skip over (mainly with objc_msgSend)
#
# Version 7.1.2 (31/12/2008) - fG!
# Support for the jump decision (will display if a conditional jump will be taken or not)
#
# Version 7.1.1 (29/12/2008) - fG!
# Moved gdb options to the beginning (makes more sense)
# Added support to dump message being sent to msgSend (easier to understand what's going on)
#
# Version 7.1
# Fixed serious (and old) bug in dd and datawin, causing dereference of
# obviously invalid address. See below:
# gdb$ dd 0xffffffff
# FFFFFFFF : Cannot access memory at address 0xffffffff
#
# Version 7.0
# Added cls command.
# Improved documentation of many commands.
# Removed bp_alloc, was neither portable nor usefull.
# Checking of passed argument(s) in these commands:
# contextsize-stack, contextsize-data, contextsize-code
# bp, bpc, bpe, bpd, bpt, bpm, bhb,...
# Fixed bp and bhb inconsistencies, look at * signs in Version 6.2
# Bugfix in bhb command, changed "break" to "hb" command body
# Removed $SHOW_CONTEXT=1 from several commands, this variable
# should only be controlled globally with context-on and context-off
# Improved stack, func, var and sig, dis, n, go,...
# they take optional argument(s) now
# Fixed wrong $SHOW_CONTEXT assignment in context-off
# Fixed serious bug in cft command, forgotten ~ sign
# Fixed these bugs in step_to_call:
# 1) the correct logging sequence is:
# set logging file > set logging redirect > set logging on
# 2) $SHOW_CONTEXT is now correctly restored from $_saved_ctx
# Fixed these bugs in trace_calls:
# 1) the correct logging sequence is:
# set logging file > set logging overwrite >
# set logging redirect > set logging on
# 2) removed the "clean up trace file" part, which is not needed now,
# stepi output is properly redirected to /dev/null
# 3) $SHOW_CONTEXT is now correctly restored from $_saved_ctx
# Fixed bug in trace_run:
# 1) $SHOW_CONTEXT is now correctly restored from $_saved_ctx
# Fixed print_insn_type -- removed invalid semicolons!, wrong value checking,
# Added TODO entry regarding the "u" command
# Changed name from gas_assemble to assemble_gas due to consistency
# Output from assemble and assemble_gas is now similar, because i made
# both of them to use objdump, with respect to output format (AT&T|Intel).
# Whole code was checked and made more consistent, readable/maintainable.
#
# Version 6.2
# Add global variables to allow user to control stack, data and code window sizes
# Increase readability for registers
# Some corrections (hexdump, ddump, context, cfp, assemble, gas_asm, tips, prompt)
#
# Version 6.1-color-user
# Took the Gentoo route and ran sed s/user/user/g
#
# Version 6.1-color
# Added color fixes from
# http://gnurbs.blogsome.com/2006/12/22/colorizing-mamons-gdbinit/
#
# Version 6.1
# Fixed filename in step_to_call so it points to /dev/null
# Changed location of logfiles from /tmp to ~
#
# Version 6
# Added print_insn_type, get_insn_type, context-on, context-off commands
# Added trace_calls, trace_run, step_to_call commands
# Changed hook-stop so it checks $SHOW_CONTEXT variable
#
# Version 5
# Added bpm, dump_bin, dump_hex, bp_alloc commands
# Added 'assemble' by elaine, 'gas_asm' by mong
# Added Tip Topics for aspiring users ;)
#
# Version 4
# Added eflags-changing insns by pusillus
# Added bp, nop, null, and int3 patch commands, also hook-stop
#
# Version 3
# Incorporated elaine's if/else goodness into the hex/ascii dump
#
# Version 2
# Radix bugfix by elaine
File renamed without changes.
3,512 changes: 0 additions & 3,512 deletions gdbinit

This file was deleted.