GDB
GNU Debugger
Basic Commands
Quiet mode
gdb -q <binary>Set a break point
b <functionName>Run execution
rContinue execution
cShows the current values of all CPU registers
info registersExamine 20 memory addresses starting at rsp
x/20x $rspDisassemble the main function
disassemble maindisassemble function
disass <functionName>Set Return Instruction Pointer
set $rip = <memoryAddress>Examine memory and display it as a string
x/s 0x601040PEDA - Python Exploit Development Assistance
Setting Up
Download it
git clone https://github.com/longld/peda.git ~/pedaOpen /Create your initialization file
nano ~/.gdbinitAdd the following line to load PEDA on every GDB start:
source ~/peda/peda.pyList the Procedure Linkage Table
pltFinding String Constants in Binary Comparisons
The Pattern to Look For
mov $0x3,%edx # Set comparison length to 3 characters
lea 0xcd2(%rip),%rsi # Load hardcoded string address (GDB shows computed address)
mov %rax,%rdi # Move user input pointer to first argument
call strncmp@plt # Compare stringsExamine the string at the computed address
x/s 0xADDRESSFor longer strings or multiple strings
x/10s 0xADDRESSCheck raw bytes if string has special characters
x/20bx 0xADDRESSDynamic Analysis
If you want to see the comparison in action:
Set breakpoint at the strncmp call
break *0xSTRNCMP_ADDRESSRun with test input
run TESTINPUTWhen breakpoint hits, examine the arguments:
First string (user input)
x/s $rdiSecond string (hardcoded)
x/s $rsiComparison length
info registers rdxContinue execution
cSkip Illegal instructions by patching UD2 with NOP
Start Program and Hit First ud2
run test_inputCurrent crash location shows the ud2 address
Program received signal SIGILL, Illegal instruction.
0x00005555555552e6 in main ()Patch the ud2 Instruction
set {unsigned short}0x5555555552e6 = 0x9090Continue and Repeat
cKeep going:
patch→continue→patch→continueOnce all ud2s are patched, program runs without crashes
You can now analyze the actual program logic
disassemble mainLast updated