GDB, the GNU project debugger, allows you to see what is going on inside another program while it executes, or what said program was doing at the moment it crashed. GDB supports Ada, Assembly, C, C++, D, Frotan, Go, Objective-C, OpenCL, Modula-2, Pascal and Rust. For more information, click here.
However, GDB is very old school, so we will use GEF to enhance the usage of gdb, it is a set of commands for x86/64, ARM, MIPS,PowerPC and SPARC that provides additional features to GDB using the Python API to assist during the dynamic analysis and exploit development. For more information, click here.
To install gdb you can find it in most repositories of popular linux distributions:
#Arch Linux:
[ 192.168.0.18/24 ] [ /dev/pts/15 ] [~]
→ pacman -Ss gdb
extra/gdb 10.1-4
The GNU Debugger
[ 192.168.0.18/24 ] [ /dev/pts/15 ] [~]
→ pacman -S gdb
#Kali / Debian:
[ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
→ apt search gdb
gdb/kali-rolling,now 10.1-1.7 amd64 [installed]
GNU Debugger
[ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
→ apt install gdb -y
To install GEF we will follow the instructions from the main website:
[ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
→ sh -c "$(wget http://gef.blah.cat/sh -O -)"
--2021-02-21 16:20:00-- http://gef.blah.cat/sh
Resolving gef.blah.cat (gef.blah.cat)... 40.121.232.30
Connecting to gef.blah.cat (gef.blah.cat)|40.121.232.30|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://github.com/hugsy/gef/raw/master/scripts/gef.sh [following]
--2021-02-21 16:20:01-- https://github.com/hugsy/gef/raw/master/scripts/gef.sh
Resolving github.com (github.com)... 140.82.121.4
Connecting to github.com (github.com)|140.82.121.4|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.githubusercontent.com/hugsy/gef/master/scripts/gef.sh [following]
--2021-02-21 16:20:01-- https://raw.githubusercontent.com/hugsy/gef/master/scripts/gef.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.109.133, 185.199.108.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 565 [text/plain]
Saving to: ‘STDOUT’
- 100%[=================================================================================================================================================================>] 565 --.-KB/s in 0s
2021-02-21 16:20:01 (49.8 MB/s) - written to stdout [565/565]
sh: 6: test: unexpected operator
[ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
→ ls -lash ~/.gdbinit
4.0K -rw-r--r-- 1 nothing nothing 58 Feb 21 16:20 /home/nothing/.gdbinit
Now when you try to launch gdb, you see that you are correctly launching gef:
If you get any errors as you launch gdb - gef for the first time, just run the required pip install commands:
gef➤ q
[ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
→ sudo apt install python3-pip -y
[ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
→ pip3 install keystone-engine unicorn ropper
Collecting keystone-engine
Downloading keystone_engine-0.9.2-py2.py3-none-manylinux1_x86_64.whl (1.8 MB)
|████████████████████████████████| 1.8 MB 2.3 MB/s
Collecting unicorn
Downloading unicorn-1.0.2-py2.py3-none-manylinux1_x86_64.whl (8.1 MB)
|████████████████████████████████| 8.1 MB 6.3 MB/s
Collecting ropper
Downloading ropper-1.13.6.tar.gz (71 kB)
|████████████████████████████████| 71 kB 2.2 MB/s
Collecting filebytes>=0.10.0
Downloading filebytes-0.10.2.tar.gz (20 kB)
Building wheels for collected packages: ropper, filebytes
Building wheel for ropper (setup.py) ... done
Created wheel for ropper: filename=ropper-1.13.6-py3-none-any.whl size=99735 sha256=2f90a4e8a5b14f1c8c3abd0700b1e56ff8dbc7f3d165a5f69790c31cedd8948b
Stored in directory: /home/nothing/.cache/pip/wheels/77/a4/5d/a4bc1b653bdcce30a17b5cdda8f19da11444bb8640d03ab678
Building wheel for filebytes (setup.py) ... done
Created wheel for filebytes: filename=filebytes-0.10.2-py3-none-any.whl size=27853 sha256=17cf4812a6b16ee7c92a4ba259326c61fbfab4cf3c05ace2cb627a0de892d27f
Stored in directory: /home/nothing/.cache/pip/wheels/c2/51/58/98925d75705ee4df10da42a098d956183bb70661698fd07753
Successfully built ropper filebytes
Installing collected packages: keystone-engine, unicorn, filebytes, ropper
WARNING: The script ropper is installed in '/home/nothing/.local/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed filebytes-0.10.2 keystone-engine-0.9.2 ropper-1.13.6 unicorn-1.0.2
Once you're here, you're good to go
text
text
text