To make changes permanent, write it in the .gdbinit file
ASLR is turned off by default in GDB. To turn it on: set disable-randomization off
Default displays assembly in AT&T notation. To display assembly in Intel notation: set disassembly-flavor intel

-x Option: puts the list of commands you want GDB to run when GDB starts in a file and run GDB with the -x option
```
gdb -x command_file program_to_debug
```
Hooks: user-defined command. When command ? is ran, user-defined command 'hook-?' will be executed (if it exists)
- When reversing, it could be useful to hook on breakpoints by using hook-stop
- How to define a hook:
```
(gdb) define hook-?
> ...commands...
> end
(gdb)
```
display <arg>: display content of <arg> everytime GDB stops (either due to single-stepping or breakpoints). <arg> can be either a convenience variable, memory location, or register

Software Breakpoint:
```
(gdb) break *0x8048479
```
- shortcut: if the instruction pointer is at the address that you wanted to break at, simply type b or break and a breakpoint will be set there
Hardware Breakpoint:
```
(gdb) hbreak *0x8048479
```

Watchpoint:

(gdb) watch *0x8048560  #break on write
(gdb) rwatch *0x8048560 #break on read
(gdb) awatch *0x8048560 #break on read/write

Catchpoint:

(gdb) catch syscall #break at every call/return from a system call

apropos <arg> command searches through all GDB commands/documentations for <arg> and displays matched command/documentation pairs

_{GDB output from 'apropos mapping'}

i (info) command displays information on the item specified to the right of it
- i proc mappings: shows mapped address spaces
- i b: shows all breakpoints
- i r: shows the values in general purpose, flag, and segment registers at that point of execution
- i all r: shows the values in all registers at that point of execution, such as FPU and XMM registers
x (examine) command displays memory contents at a given address in the specified format
- Since disas command won't work on stripped binary, x command can come in handy to display instructions from current program counter: x/14i $pc
set command can be used to set convenience variable, change value in memory, or change value in register : set $<name> = <value>
- From user code, one can't directly access the instruction pointer; instruction pointer can only be edited through JMP, CALL, or RET. It's a different story when the program is under GDB though. Instruction pointer can be easily changed using the set command: set $eip = <address>
- It is useful to be able to change a flag in FLAGS/EFLAGS/RFLAGS (status register) to see how taking the unintended branch for a JCC instruction will affect later program behavior. To update a flag, you just need to know the bit position of the flag you wanted to change
  - To set the zero flag:
```
(gdb) set $ZF = 6                #bit position 6 in EFLAGS is zero flag
(gdb) set $eflags |= (1 << $ZF)  #use that variable to set the zero flag bit
```

_{each available flag and its corresponding bit position in the EFLAGS register}

call command allows one to call any function (local or library functions) in the debuggee's address space and see the return value of that function. The argument to call command can be symbol for a function or in the case of a stripped local function, an address

Provide feedback

Saved searches