GDB
GNU Debugger
Basic Commands
Quiet mode
gdb -q <binary>
Set a break point
b <functionName>
Run execution
r
Continue execution
c
Shows the current values of all CPU registers
info registers
Examine 20 memory addresses starting at rsp
x/20x $rsp
Disassemble the main function
disassemble main
disassemble function
disass <functionName>
Set Return Instruction Pointer
set $rip = <memoryAddress>
Examine memory and display it as a string
x/s 0x601040
PEDA
- Python Exploit Development Assistance
Setting Up
Download it
git clone https://github.com/longld/peda.git ~/peda
Open /Create your initialization file
nano ~/.gdbinit
Add the following line to load PEDA on every GDB start:
source ~/peda/peda.py
List the Procedure Linkage Table
plt
Finding String Constants in Binary Comparisons
The Pattern to Look For
mov $0x3,%edx # Set comparison length to 3 characters
lea 0xcd2(%rip),%rsi # Load hardcoded string address (GDB shows computed address)
mov %rax,%rdi # Move user input pointer to first argument
call strncmp@plt # Compare strings
Examine the string at the computed address
x/s 0xADDRESS
For longer strings or multiple strings
x/10s 0xADDRESS
Check raw bytes if string has special characters
x/20bx 0xADDRESS
Dynamic Analysis
If you want to see the comparison in action:
Set breakpoint at the strncmp call
break *0xSTRNCMP_ADDRESS
Run with test input
run TESTINPUT
When breakpoint hits, examine the arguments:
First string (user input)
x/s $rdi
Second string (hardcoded)
x/s $rsi
Comparison length
info registers rdx
Continue execution
c
Skip Illegal instructions by patching UD2 with NOP
Start Program and Hit First ud2
run test_input
Current crash location shows the ud2 address
Program received signal SIGILL, Illegal instruction.
0x00005555555552e6 in main ()
Patch the ud2 Instruction
set {unsigned short}0x5555555552e6 = 0x9090
Continue and Repeat
c
Keep going:
patch
→continue
→patch
→continue
Once all ud2s are patched, program runs without crashes
You can now analyze the actual program logic
disassemble main
Last updated