TODO write short tutorial
i blist breakpointsd 1remove first breakpointb *mainrrunp $rip+0xe9cx $rip+0xe9cct(gef) after ctrl-lfinrun until returnnstep over (don't descend into functions)$ 0x80evaluate expressionchecksecx/a $rspget current stack pointer addr.bt 2last 2 stack frames (stack 2 -> neuer rip)
GDB looks for a local configuration file under ~/.gdbinit. Here's a minimal example:
# Use intel syntax for assembly instead of the default AT&T one:
set disassembly-flavor intelIt uses the same syntax as the set command inside GDB.
For a full list of settings and explanations run help set in GDB.
Unfortunately there's no option to remove the wall of text when starting up GDB.
You can create an alias to achieve the same though:
# .bashrc, .zshrc or similar.
alias gdb="gdb -q"GDB on its own is great, if not very pretty and user-friendly for novices. The following are two plugins that extend its functionality while adding a couple of very useful features that will make your life easier.
Both plugins are highly customizable.
Voltron provides "views" into certain aspects of the debugger (not just GDB). My favorite is the stack view. You can quickly scroll through the memory near the current frame (both ways).
Voltron views can be displayed in any TTY but they really shine when you use them in tmux (or screen).
This is an example of running Voltron in a tmux split under GEF:
voltron.jpg
GDB Enhanced Features
This plugin is aimed at exploit developers and reverse-engineers. It extends GDB using the Python API (2/3),
so you need a reasonably recent version of GDB (>=7). It adds more than 50 commands but even if you stick
to the default GDB set it is extremely useful by presenting you with a summary context after each command
that saves you a lot of typing.
Any changes in registers or memory since the last instruction are color coded.
gdb-gef.jpg
