mirror of
http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/hacking-blogposts.git
synced 2025-05-16 04:16:59 +00:00
144 lines
5.5 KiB
Markdown
144 lines
5.5 KiB
Markdown
---
|
||
search:
|
||
exclude: true
|
||
---
|
||
# GDB + GEF
|
||
|
||
GDB, the GNU project debugger, allows you to see what is going on inside another program while it executes, or what said program was doing at the moment it crashed. GDB supports Ada, Assembly, C, C++, D, Frotan, Go, Objective-C, OpenCL, Modula-2, Pascal and Rust. For more information, click [here](https://www.gnu.org/software/gdb/).
|
||
|
||
However, GDB is very old school, so we will use GEF to enhance the usage of gdb, it is a set of commands for x86/64, ARM, MIPS,PowerPC and SPARC that provides additional features to GDB using the Python API to assist during the dynamic analysis and exploit development. For more information, click [here](https://github.com/hugsy/gef).
|
||
|
||
## Installation
|
||
|
||
To install gdb you can find it in most repositories of popular linux distributions:
|
||
|
||
|
||
#Arch Linux:
|
||
[ 192.168.0.18/24 ] [ /dev/pts/15 ] [~]
|
||
→ pacman -Ss gdb
|
||
extra/gdb 10.1-4
|
||
The GNU Debugger
|
||
|
||
[ 192.168.0.18/24 ] [ /dev/pts/15 ] [~]
|
||
→ pacman -S gdb
|
||
|
||
|
||
#Kali / Debian:
|
||
[ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
|
||
→ apt search gdb
|
||
gdb/kali-rolling,now 10.1-1.7 amd64 [installed]
|
||
GNU Debugger
|
||
|
||
[ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
|
||
→ apt install gdb -y
|
||
|
||
|
||
To install GEF we will follow the instructions from the main website:
|
||
|
||
|
||
|
||
[ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
|
||
→ sh -c "$(wget http://gef.blah.cat/sh -O -)"
|
||
--2021-02-21 16:20:00-- http://gef.blah.cat/sh
|
||
Resolving gef.blah.cat (gef.blah.cat)... 40.121.232.30
|
||
Connecting to gef.blah.cat (gef.blah.cat)|40.121.232.30|:80... connected.
|
||
HTTP request sent, awaiting response... 301 Moved Permanently
|
||
Location: https://github.com/hugsy/gef/raw/master/scripts/gef.sh [following]
|
||
--2021-02-21 16:20:01-- https://github.com/hugsy/gef/raw/master/scripts/gef.sh
|
||
Resolving github.com (github.com)... 140.82.121.4
|
||
Connecting to github.com (github.com)|140.82.121.4|:443... connected.
|
||
HTTP request sent, awaiting response... 302 Found
|
||
Location: https://raw.githubusercontent.com/hugsy/gef/master/scripts/gef.sh [following]
|
||
--2021-02-21 16:20:01-- https://raw.githubusercontent.com/hugsy/gef/master/scripts/gef.sh
|
||
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.109.133, 185.199.108.133, ...
|
||
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
|
||
HTTP request sent, awaiting response... 200 OK
|
||
Length: 565 [text/plain]
|
||
Saving to: ‘STDOUT’
|
||
|
||
- 100%[=================================================================================================================================================================>] 565 --.-KB/s in 0s
|
||
|
||
2021-02-21 16:20:01 (49.8 MB/s) - written to stdout [565/565]
|
||
|
||
sh: 6: test: unexpected operator
|
||
|
||
[ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
|
||
→ ls -lash ~/.gdbinit
|
||
4.0K -rw-r--r-- 1 nothing nothing 58 Feb 21 16:20 /home/nothing/.gdbinit
|
||
|
||
|
||
|
||
Now when you try to launch gdb, you see that you are correctly launching gef:
|
||
|
||
|
||
|
||
If you get any errors as you launch gdb - gef for the first time, just run the required pip install commands:
|
||
|
||
|
||
|
||
|
||
gef➤ q
|
||
|
||
[ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
|
||
→ sudo apt install python3-pip -y
|
||
|
||
[ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
|
||
→ pip3 install keystone-engine unicorn ropper
|
||
Collecting keystone-engine
|
||
Downloading keystone_engine-0.9.2-py2.py3-none-manylinux1_x86_64.whl (1.8 MB)
|
||
|████████████████████████████████| 1.8 MB 2.3 MB/s
|
||
Collecting unicorn
|
||
Downloading unicorn-1.0.2-py2.py3-none-manylinux1_x86_64.whl (8.1 MB)
|
||
|████████████████████████████████| 8.1 MB 6.3 MB/s
|
||
Collecting ropper
|
||
Downloading ropper-1.13.6.tar.gz (71 kB)
|
||
|████████████████████████████████| 71 kB 2.2 MB/s
|
||
Collecting filebytes>=0.10.0
|
||
Downloading filebytes-0.10.2.tar.gz (20 kB)
|
||
Building wheels for collected packages: ropper, filebytes
|
||
Building wheel for ropper (setup.py) ... done
|
||
Created wheel for ropper: filename=ropper-1.13.6-py3-none-any.whl size=99735 sha256=2f90a4e8a5b14f1c8c3abd0700b1e56ff8dbc7f3d165a5f69790c31cedd8948b
|
||
Stored in directory: /home/nothing/.cache/pip/wheels/77/a4/5d/a4bc1b653bdcce30a17b5cdda8f19da11444bb8640d03ab678
|
||
Building wheel for filebytes (setup.py) ... done
|
||
Created wheel for filebytes: filename=filebytes-0.10.2-py3-none-any.whl size=27853 sha256=17cf4812a6b16ee7c92a4ba259326c61fbfab4cf3c05ace2cb627a0de892d27f
|
||
Stored in directory: /home/nothing/.cache/pip/wheels/c2/51/58/98925d75705ee4df10da42a098d956183bb70661698fd07753
|
||
Successfully built ropper filebytes
|
||
Installing collected packages: keystone-engine, unicorn, filebytes, ropper
|
||
WARNING: The script ropper is installed in '/home/nothing/.local/bin' which is not on PATH.
|
||
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
|
||
Successfully installed filebytes-0.10.2 keystone-engine-0.9.2 ropper-1.13.6 unicorn-1.0.2
|
||
|
||
|
||
|
||
|
||
Once you're here, you're good to go
|
||
|
||
|
||
|
||
## Title
|
||
|
||
text
|
||
|
||
|
||
|
||
|
||
` ![]()
|
||
|
||
## Title
|
||
|
||
text
|
||
|
||
|
||
|
||
|
||
` ![]()
|
||
|
||
## Title
|
||
|
||
text
|
||
|
||
|
||
|
||
|
||
` ![]()
|
||
|