15.5.1. gdb¶
15.5.1.1. gdb¶
- BreakPoint 断点
break [PROBE_MODIFIER] [LOCATION] [thread THREADNUM] [if CONDITION]- 设置断点
break *0x080483d0在内存0x080483d0处下断点break <func name>在函数处下断点break *<func name> + 4在函数偏移处下断点
- 相关操作
c从断点处继续运行d[elete] 1删除断点1d 1 2删除断点1 2d删除所有断点dis[able] 1Disable breakpoint 1en[able] 1Enable breakpoint 1
c[ontinue]运行至下一个断点或程序结束command设置断点的命令disas <func name>反汇编函数fin[ish]跳出当前函数 / 循环iinfoi bbreakpoints infoi fframe infoi sstack info
ignore <break_list> countbreak_list所指定的断点号将被忽略count次
n/next单步运行p <func name>找函数地址r <param>从头开始运行s/step单步运行 遇到调用时深入file加载文件x/nfu address打印内存n表示要显示的内存单元的个数f表示显示方式x按十六进制格式显示变量。d按十进制格式显示变量。u按十进制格式显示无符号整型。o按八进制格式显示变量。t按二进制格式显示变量。a按十六进制格式显示变量。i指令地址格式c按字符格式显示变量。f按浮点数格式显示变量。
u表示一个地址单元的长度b表示单字节h表示双字节w表示四字节g表示八字节
地址可以是内存地址或者是寄存器
15.5.1.2. gdb-peda¶
aslrshow aslr settingchecksecCheck for various security options of binarydumpargsDisplay arguments passed to a function when stopped at a call instructiondumpropDump all ROP gadgets in specific memory rangeelfheaderGet headers information from debugged ELF fileelfsymbolGet non-debugging symbol information from an ELF filelookupSearch for all addresses/references to addresses which belong to a memory rangepatchPatch memory start at an address with string/hexstring/intpatternGenerate, search, or write a cyclic pattern to memorypattern_create 200生成一段长度为200的字符串pattern_offset 0x223333在0x223333的位置根据匹配找溢出的字节数
procinfoDisplay various info from /proc/pid/pshowShow various PEDA options and other settingspsetSet various PEDA options and other settingsreadelfGet headers information from an ELF fileropgadgetGet common ROP gadgets of binary or libraryropsearchSearch for ROP gadgets in memorysearchmem|findSearch for a pattern in memory; support regex searchshellcodeGenerate or download common shellcodes.skeletonGenerate python exploit code templatevmmapGet virtual mapping address ranges of section(s) in debugged processxormemXOR a memory region with a key