Feeds:
Posts
Comments

Archive for July, 2020

You can set breakpoint with a condition. This is very useful if want to observe a certain location and stop it if the condition is reach.

In this tutorial I use:
-Xubuntu 18.04
-GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
-NASM version 2.13.02
-GNU ld (GNU Binutils for Ubuntu) 2.30

Use the simple assembly code below:

1  section .text
2  global _start
3
4  _start:
5
6      mov rax,3
7      mov rbx,2
8      add rax,rbx
9      sub rbx,1
10
11     ;Exit
12     mov eax,1
13     mov ebx,0
14     int 0x80

(more…)

Read Full Post »

This is one of my favorite function in gdb. It will make your life easier instead of typing repetition commands. Hook is a user defined command but you have to combine with a pseudo-command that already exist.

For example, you want to disassemble a program code and display the value of the program register every time you stop the process. Instead of typing 2 commands every time its stop, you can define it into one command with hook.

(gdb) define hook-stop

Type commands for definition of “hook-stop”.
End with a line saying just “end”.
>disassemble _start
>info reg $rax $rbx
>end

Let’s try.
In this tutorial I use:
-Xubuntu 18.04
-GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
-NASM version 2.13.02
-GNU ld (GNU Binutils for Ubuntu) 2.30

Use the simple assembly code below:

1 section .text
2 global _start
3
4 _start:
5
6      mov rax,3
7      mov rbx,2
8      add rax,rbx
9      sub rbx,1
10
11     ;Exit
12     mov eax,1
13     mov ebx,0
14     int 0x80

Compile it with nasm.

darklinux@darklinuxpc:~$ nasm -f elf64 -g reg.asm -o reg.o
darklinux@darklinuxpc:~$ ld reg.o -o reg
darklinux@darklinuxpc:~$ gdb -silent reg

Reading symbols from reg…done.

(gdb) break _start
Breakpoint 1 at 0x400080
(gdb) set disassembly-flavor intel

Define the hook-stop with 2 commands, disassemble _start and info reg $rax $rbx, close with ‘end’.
(gdb) define hook-stop
Type commands for definition of “hook-stop”.
End with a line saying just “end”.
>disassemble _start
>info reg $rax $rbx
>end

(more…)

Read Full Post »

You can use Watchpoint to watch variable’s value changes by single stepping your program.
In this tutorial I use:
-Xubuntu 18.04
-GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
-NASM version 2.13.02
-GNU ld (GNU Binutils for Ubuntu) 2.30

Let’s try with a simple assembly code.

1 section .text
2 global _start
3
4 _start:
5
6      mov rax,3
7      mov rbx,2
8      add rax,rbx
9      sub rbx,1
10
11     ;Exit
12     mov eax,1
13     mov ebx,0
14     int 0x80

This program will add 3 to rax register, 2 to rbx register, so rax value will be 3 and rax value will be 2.

Then add rbx register value to rax register value, mean 2+3 =5. The rax register value will be 5.

Subtract rabx register with 1. The rbx register value will be 1 (2-1=1).
Finally, exit the program normally.

Compile it with nasm.

darklinux@darklinuxpc:~$ nasm -f elf64 -g reg.asm -o reg.o
darklinux@darklinuxpc:~$ ld reg.o -o reg

(more…)

Read Full Post »