Annotation of /trunk/gdb/gdb_init.txt
Parent Directory | Revision Log
Revision 144 -
(hide annotations)
(download)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File MIME type: text/plain
File size: 21460 byte(s)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File MIME type: text/plain
File size: 21460 byte(s)
-import
1 | niro | 144 | # INSTRUCTIONS: save as ~/.gdbinit |
2 | # | ||
3 | # DESCRIPTION: A user-friendly gdb configuration file. | ||
4 | # | ||
5 | # REVISION : 6.1-gentoo | ||
6 | # | ||
7 | # CONTRIBUTORS: mammon_, elaine, pusillus, mong | ||
8 | # | ||
9 | # FEEDBACK: http://board.anticrack.de/viewforum.php?f=35 | ||
10 | # SOURCE: http://www.eccentrix.com/members/mammon/gdb_init.txt | ||
11 | # NOTES: 'help user' in gdb will list the commands/descriptions in this file | ||
12 | # 'context on' now enables auto-display of context screen | ||
13 | # | ||
14 | # CHANGELOG: | ||
15 | # Version 6.1-gentoo | ||
16 | # made gas the default. some content censored to be *cough* | ||
17 | # politically correct. -solar | ||
18 | # Version 6.1 | ||
19 | # fixed filename in step_to_call so it points to /dev/null | ||
20 | # changed location of logfiles from /tmp to ~ | ||
21 | # Version 6 | ||
22 | # added print_insn_type, get_insn_type, context-on, context-off commands | ||
23 | # added trace_calls, trace_run, step_to_call commands | ||
24 | # changed hook-stop so it checks $SHOW_CONTEXT variable | ||
25 | # Version 5 | ||
26 | # added bpm, dump_bin, dump_hex, bp_alloc commands | ||
27 | # added 'assemble' by elaine, 'gas_asm' by mong | ||
28 | # added Tip Topics for aspiring *cough* ;) | ||
29 | # Version 4 | ||
30 | # added eflags-changing insns by pusillus | ||
31 | # added bp, nop, null, and int3 patch commands, also hook-stop | ||
32 | # Version 3 | ||
33 | # incorporated elaine's if/else goodness into the hex/ascii dump | ||
34 | # Version 2 | ||
35 | # radix bugfix by elaine | ||
36 | # TODO: | ||
37 | # * add global vars to allow user to control stack,data,code win sizes | ||
38 | # * add dump, append, set write, etc commands | ||
39 | # * more tips! | ||
40 | |||
41 | |||
42 | # ______________breakpoint aliases_____________ | ||
43 | define bpl | ||
44 | info breakpoints | ||
45 | end | ||
46 | document bpl | ||
47 | List breakpoints | ||
48 | end | ||
49 | |||
50 | define bp | ||
51 | set $SHOW_CONTEXT = 1 | ||
52 | break * $arg0 | ||
53 | end | ||
54 | document bp | ||
55 | Set a breakpoint on address | ||
56 | Usage: bp addr | ||
57 | end | ||
58 | |||
59 | define bpc | ||
60 | clear $arg0 | ||
61 | end | ||
62 | document bpc | ||
63 | Clear breakpoint at function/address | ||
64 | Usage: bpc addr | ||
65 | end | ||
66 | |||
67 | define bpe | ||
68 | enable $arg0 | ||
69 | end | ||
70 | document bpe | ||
71 | Enable breakpoint # | ||
72 | Usage: bpe num | ||
73 | end | ||
74 | |||
75 | define bpd | ||
76 | disable $arg0 | ||
77 | end | ||
78 | document bpd | ||
79 | Disable breakpoint # | ||
80 | Usage: bpd num | ||
81 | end | ||
82 | |||
83 | define bpt | ||
84 | set $SHOW_CONTEXT = 1 | ||
85 | tbreak $arg0 | ||
86 | end | ||
87 | document bpt | ||
88 | Set a temporary breakpoint on address | ||
89 | Usage: bpt addr | ||
90 | end | ||
91 | |||
92 | define bpm | ||
93 | set $SHOW_CONTEXT = 1 | ||
94 | awatch $arg0 | ||
95 | end | ||
96 | document bpm | ||
97 | Set a read/write breakpoint on address | ||
98 | Usage: bpm addr | ||
99 | end | ||
100 | |||
101 | # ______________process information____________ | ||
102 | define argv | ||
103 | show args | ||
104 | end | ||
105 | document argv | ||
106 | Print program arguments | ||
107 | end | ||
108 | |||
109 | define stack | ||
110 | info stack | ||
111 | end | ||
112 | document stack | ||
113 | Print call stack | ||
114 | end | ||
115 | |||
116 | define frame | ||
117 | info frame | ||
118 | info args | ||
119 | info locals | ||
120 | end | ||
121 | document frame | ||
122 | Print stack frame | ||
123 | end | ||
124 | |||
125 | define flags | ||
126 | if (($eflags >> 0xB) & 1 ) | ||
127 | printf "O " | ||
128 | else | ||
129 | printf "o " | ||
130 | end | ||
131 | if (($eflags >> 0xA) & 1 ) | ||
132 | printf "D " | ||
133 | else | ||
134 | printf "d " | ||
135 | end | ||
136 | if (($eflags >> 9) & 1 ) | ||
137 | printf "I " | ||
138 | else | ||
139 | printf "i " | ||
140 | end | ||
141 | if (($eflags >> 8) & 1 ) | ||
142 | printf "T " | ||
143 | else | ||
144 | printf "t " | ||
145 | end | ||
146 | if (($eflags >> 7) & 1 ) | ||
147 | printf "S " | ||
148 | else | ||
149 | printf "s " | ||
150 | end | ||
151 | if (($eflags >> 6) & 1 ) | ||
152 | printf "Z " | ||
153 | else | ||
154 | printf "z " | ||
155 | end | ||
156 | if (($eflags >> 4) & 1 ) | ||
157 | printf "A " | ||
158 | else | ||
159 | printf "a " | ||
160 | end | ||
161 | if (($eflags >> 2) & 1 ) | ||
162 | printf "P " | ||
163 | else | ||
164 | printf "p " | ||
165 | end | ||
166 | if ($eflags & 1) | ||
167 | printf "C " | ||
168 | else | ||
169 | printf "c " | ||
170 | end | ||
171 | printf "\n" | ||
172 | end | ||
173 | document flags | ||
174 | Print flags register | ||
175 | end | ||
176 | |||
177 | define eflags | ||
178 | printf " OF <%d> DF <%d> IF <%d> TF <%d>",\ | ||
179 | (($eflags >> 0xB) & 1 ), (($eflags >> 0xA) & 1 ), \ | ||
180 | (($eflags >> 9) & 1 ), (($eflags >> 8) & 1 ) | ||
181 | printf " SF <%d> ZF <%d> AF <%d> PF <%d> CF <%d>\n",\ | ||
182 | (($eflags >> 7) & 1 ), (($eflags >> 6) & 1 ),\ | ||
183 | (($eflags >> 4) & 1 ), (($eflags >> 2) & 1 ), ($eflags & 1) | ||
184 | printf " ID <%d> VIP <%d> VIF <%d> AC <%d>",\ | ||
185 | (($eflags >> 0x15) & 1 ), (($eflags >> 0x14) & 1 ), \ | ||
186 | (($eflags >> 0x13) & 1 ), (($eflags >> 0x12) & 1 ) | ||
187 | printf " VM <%d> RF <%d> NT <%d> IOPL <%d>\n",\ | ||
188 | (($eflags >> 0x11) & 1 ), (($eflags >> 0x10) & 1 ),\ | ||
189 | (($eflags >> 0xE) & 1 ), (($eflags >> 0xC) & 3 ) | ||
190 | end | ||
191 | document eflags | ||
192 | Print entire eflags register | ||
193 | end | ||
194 | |||
195 | define reg | ||
196 | printf " eax:%08X ebx:%08X ecx:%08X ", $eax, $ebx, $ecx | ||
197 | printf " edx:%08X eflags:%08X\n", $edx, $eflags | ||
198 | printf " esi:%08X edi:%08X esp:%08X ", $esi, $edi, $esp | ||
199 | printf " ebp:%08X eip:%08X\n", $ebp, $eip | ||
200 | printf " cs:%04X ds:%04X es:%04X", $cs, $ds, $es | ||
201 | printf " fs:%04X gs:%04X ss:%04X ", $fs, $gs, $ss | ||
202 | flags | ||
203 | end | ||
204 | document reg | ||
205 | Print CPU registers | ||
206 | end | ||
207 | |||
208 | define func | ||
209 | info functions | ||
210 | end | ||
211 | document func | ||
212 | Print functions in target | ||
213 | end | ||
214 | |||
215 | define var | ||
216 | info variables | ||
217 | end | ||
218 | document var | ||
219 | Print variables (symbols) in target | ||
220 | end | ||
221 | |||
222 | define lib | ||
223 | info sharedlibrary | ||
224 | end | ||
225 | document lib | ||
226 | Print shared libraries linked to target | ||
227 | end | ||
228 | |||
229 | define sig | ||
230 | info signals | ||
231 | end | ||
232 | document sig | ||
233 | Print signal actions for target | ||
234 | end | ||
235 | |||
236 | define thread | ||
237 | info threads | ||
238 | end | ||
239 | document thread | ||
240 | Print threads in target | ||
241 | end | ||
242 | |||
243 | define u | ||
244 | info udot | ||
245 | end | ||
246 | document u | ||
247 | Print kernel 'user' struct for target | ||
248 | end | ||
249 | |||
250 | define dis | ||
251 | disassemble $arg0 | ||
252 | end | ||
253 | document dis | ||
254 | Disassemble address | ||
255 | Usage: dis addr | ||
256 | end | ||
257 | |||
258 | # ________________hex/ascii dump an address______________ | ||
259 | define ascii_char | ||
260 | # thanks elaine :) | ||
261 | set $_c=*(unsigned char *)($arg0) | ||
262 | if ( $_c < 0x20 || $_c > 0x7E ) | ||
263 | printf "." | ||
264 | else | ||
265 | printf "%c", $_c | ||
266 | end | ||
267 | end | ||
268 | document ascii_char | ||
269 | Print the ASCII value of arg0 or '.' if value is unprintable | ||
270 | end | ||
271 | |||
272 | define hex_quad | ||
273 | printf "%02X %02X %02X %02X %02X %02X %02X %02X", \ | ||
274 | *(unsigned char*)($arg0), *(unsigned char*)($arg0 + 1), \ | ||
275 | *(unsigned char*)($arg0 + 2), *(unsigned char*)($arg0 + 3), \ | ||
276 | *(unsigned char*)($arg0 + 4), *(unsigned char*)($arg0 + 5), \ | ||
277 | *(unsigned char*)($arg0 + 6), *(unsigned char*)($arg0 + 7) | ||
278 | end | ||
279 | document hex_quad | ||
280 | Print eight hexadecimal bytes starting at arg0 | ||
281 | end | ||
282 | |||
283 | define hexdump | ||
284 | printf "%08X : ", $arg0 | ||
285 | hex_quad $arg0 | ||
286 | printf " - " | ||
287 | hex_quad ($arg0+8) | ||
288 | printf " " | ||
289 | |||
290 | ascii_char ($arg0) | ||
291 | ascii_char ($arg0+1) | ||
292 | ascii_char ($arg0+2) | ||
293 | ascii_char ($arg0+3) | ||
294 | ascii_char ($arg0+4) | ||
295 | ascii_char ($arg0+5) | ||
296 | ascii_char ($arg0+6) | ||
297 | ascii_char ($arg0+7) | ||
298 | ascii_char ($arg0+8) | ||
299 | ascii_char ($arg0+9) | ||
300 | ascii_char ($arg0+0xA) | ||
301 | ascii_char ($arg0+0xB) | ||
302 | ascii_char ($arg0+0xC) | ||
303 | ascii_char ($arg0+0xD) | ||
304 | ascii_char ($arg0+0xE) | ||
305 | ascii_char ($arg0+0xF) | ||
306 | |||
307 | printf "\n" | ||
308 | end | ||
309 | document hexdump | ||
310 | Display a 16-byte hex/ASCII dump of arg0 | ||
311 | end | ||
312 | |||
313 | # ________________data window__________________ | ||
314 | define ddump | ||
315 | printf "[%04X:%08X]------------------------", $ds, $data_addr | ||
316 | printf "---------------------------------[ data]\n" | ||
317 | set $_count=0 | ||
318 | while ( $_count < $arg0 ) | ||
319 | set $_i=($_count*0x10) | ||
320 | hexdump ($data_addr+$_i) | ||
321 | set $_count++ | ||
322 | end | ||
323 | end | ||
324 | document ddump | ||
325 | Display $arg0 lines of hexdump for address $data_addr | ||
326 | end | ||
327 | |||
328 | define dd | ||
329 | if ( ($arg0 & 0x40000000) || ($arg0 & 0x08000000) || ($arg0 & 0xBF000000) ) | ||
330 | set $data_addr=$arg0 | ||
331 | ddump 0x10 | ||
332 | else | ||
333 | printf "Invalid address: %08X\n", $arg0 | ||
334 | end | ||
335 | end | ||
336 | document dd | ||
337 | Display 16 lines of a hex dump for $arg0 | ||
338 | end | ||
339 | |||
340 | define datawin | ||
341 | if ( ($esi & 0x40000000) || ($esi & 0x08000000) || ($esi & 0xBF000000) ) | ||
342 | set $data_addr=$esi | ||
343 | else | ||
344 | if ( ($edi & 0x40000000) || ($edi & 0x08000000) || ($edi & 0xBF000000) ) | ||
345 | set $data_addr=$edi | ||
346 | else | ||
347 | if ( ($eax & 0x40000000) || ($eax & 0x08000000) || \ | ||
348 | ($eax & 0xBF000000) ) | ||
349 | |||
350 | set $data_addr=$eax | ||
351 | else | ||
352 | set $data_addr=$esp | ||
353 | end | ||
354 | end | ||
355 | end | ||
356 | ddump 2 | ||
357 | end | ||
358 | document datawin | ||
359 | Display esi, edi, eax, or esp in data window | ||
360 | end | ||
361 | |||
362 | # ________________process context______________ | ||
363 | define context | ||
364 | printf "_______________________________________" | ||
365 | printf "________________________________________\n" | ||
366 | reg | ||
367 | printf "[%04X:%08X]------------------------", $ss, $esp | ||
368 | printf "---------------------------------[stack]\n" | ||
369 | hexdump $sp+0x30 | ||
370 | hexdump $sp+0x20 | ||
371 | hexdump $sp+0x10 | ||
372 | hexdump $sp | ||
373 | datawin | ||
374 | printf "[%04X:%08X]------------------------", $cs, $eip | ||
375 | printf "---------------------------------[ code]\n" | ||
376 | x /6i $pc | ||
377 | printf "---------------------------------------" | ||
378 | printf "---------------------------------------\n" | ||
379 | end | ||
380 | document context | ||
381 | Print regs, stack, ds:esi, and disassemble cs:eip | ||
382 | end | ||
383 | |||
384 | define context-on | ||
385 | set $SHOW_CONTEXT = 1 | ||
386 | end | ||
387 | document context-on | ||
388 | Enable display of context on every program stop | ||
389 | end | ||
390 | |||
391 | define context-off | ||
392 | set $SHOW_CONTEXT = 1 | ||
393 | end | ||
394 | document context-on | ||
395 | Disable display of context on every program stop | ||
396 | end | ||
397 | |||
398 | # ________________process control______________ | ||
399 | define n | ||
400 | ni | ||
401 | end | ||
402 | document n | ||
403 | Step one instruction | ||
404 | end | ||
405 | |||
406 | define go | ||
407 | stepi $arg0 | ||
408 | end | ||
409 | document go | ||
410 | Step # instructions | ||
411 | end | ||
412 | |||
413 | define pret | ||
414 | finish | ||
415 | end | ||
416 | document pret | ||
417 | Step out of current call | ||
418 | end | ||
419 | |||
420 | define init | ||
421 | set $SHOW_CONTEXT = 1 | ||
422 | set $SHOW_NEST_INSN=0 | ||
423 | tbreak _init | ||
424 | r | ||
425 | end | ||
426 | document init | ||
427 | Run program; break on _init() | ||
428 | end | ||
429 | |||
430 | define start | ||
431 | set $SHOW_CONTEXT = 1 | ||
432 | set $SHOW_NEST_INSN=0 | ||
433 | tbreak _start | ||
434 | r | ||
435 | end | ||
436 | document start | ||
437 | Run program; break on _start() | ||
438 | end | ||
439 | |||
440 | define sstart | ||
441 | set $SHOW_CONTEXT = 1 | ||
442 | set $SHOW_NEST_INSN=0 | ||
443 | tbreak __libc_start_main | ||
444 | r | ||
445 | end | ||
446 | document sstart | ||
447 | Run program; break on __libc_start_main(). Useful for stripped executables. | ||
448 | end | ||
449 | |||
450 | define main | ||
451 | set $SHOW_CONTEXT = 1 | ||
452 | set $SHOW_NEST_INSN=0 | ||
453 | tbreak main | ||
454 | r | ||
455 | end | ||
456 | document main | ||
457 | Run program; break on main() | ||
458 | end | ||
459 | |||
460 | # ________________eflags commands_______________ | ||
461 | define cfc | ||
462 | if ($eflags & 1) | ||
463 | set $eflags = $eflags&~1 | ||
464 | else | ||
465 | set $eflags = $eflags|1 | ||
466 | end | ||
467 | end | ||
468 | document cfc | ||
469 | change Carry Flag | ||
470 | end | ||
471 | |||
472 | define cfp | ||
473 | if (($eflags >> 2) & 1 ) | ||
474 | set $eflags = $eflags&~0x4 | ||
475 | else | ||
476 | set $eflags = $eflags|0x4 | ||
477 | end | ||
478 | end | ||
479 | document cfp | ||
480 | change Carry Flag | ||
481 | end | ||
482 | |||
483 | define cfa | ||
484 | if (($eflags >> 4) & 1 ) | ||
485 | set $eflags = $eflags&~0x10 | ||
486 | else | ||
487 | set $eflags = $eflags|0x10 | ||
488 | end | ||
489 | end | ||
490 | document cfa | ||
491 | change Auxiliary Carry Flag | ||
492 | end | ||
493 | |||
494 | define cfz | ||
495 | if (($eflags >> 6) & 1 ) | ||
496 | set $eflags = $eflags&~0x40 | ||
497 | else | ||
498 | set $eflags = $eflags|0x40 | ||
499 | end | ||
500 | end | ||
501 | document cfz | ||
502 | change Zero Flag | ||
503 | end | ||
504 | |||
505 | define cfs | ||
506 | if (($eflags >> 7) & 1 ) | ||
507 | set $eflags = $eflags&~0x80 | ||
508 | else | ||
509 | set $eflags = $eflags|0x80 | ||
510 | end | ||
511 | end | ||
512 | document cfs | ||
513 | change Sign Flag | ||
514 | end | ||
515 | |||
516 | define cft | ||
517 | if (($eflags >>8) & 1 ) | ||
518 | set $eflags = $eflags&100 | ||
519 | else | ||
520 | set $eflags = $eflags|100 | ||
521 | end | ||
522 | end | ||
523 | document cft | ||
524 | change Trap Flag | ||
525 | end | ||
526 | |||
527 | define cfi | ||
528 | if (($eflags >> 9) & 1 ) | ||
529 | set $eflags = $eflags&~0x200 | ||
530 | else | ||
531 | set $eflags = $eflags|0x200 | ||
532 | end | ||
533 | end | ||
534 | document cfi | ||
535 | change Interrupt Flag | ||
536 | end | ||
537 | |||
538 | define cfd | ||
539 | if (($eflags >>0xA ) & 1 ) | ||
540 | set $eflags = $eflags&~0x400 | ||
541 | else | ||
542 | set $eflags = $eflags|0x400 | ||
543 | end | ||
544 | end | ||
545 | document cfd | ||
546 | change Direction Flag | ||
547 | end | ||
548 | |||
549 | define cfo | ||
550 | if (($eflags >> 0xB) & 1 ) | ||
551 | set $eflags = $eflags&~0x800 | ||
552 | else | ||
553 | set $eflags = $eflags|0x800 | ||
554 | end | ||
555 | end | ||
556 | document cfo | ||
557 | change Overflow Flag | ||
558 | end | ||
559 | |||
560 | # --------------------patch--------------------- | ||
561 | define nop | ||
562 | set * (unsigned char *) $arg0 = 0x90 | ||
563 | end | ||
564 | document nop | ||
565 | Patch byte at address arg0 to a NOP insn | ||
566 | Usage: nop addr | ||
567 | end | ||
568 | |||
569 | define null | ||
570 | set * (unsigned char *) $arg0 = 0 | ||
571 | end | ||
572 | document null | ||
573 | Patch byte at address arg0 to NULL | ||
574 | Usage: null addr | ||
575 | end | ||
576 | |||
577 | define int3 | ||
578 | set * (unsigned char *) $arg0 = 0xCC | ||
579 | end | ||
580 | document int3 | ||
581 | Patch byte at address arg0 to an INT3 insn | ||
582 | Usage: int3 addr | ||
583 | end | ||
584 | |||
585 | # --------------------cflow--------------------- | ||
586 | define print_insn_type | ||
587 | if ($arg0 == 0) | ||
588 | printf "UNKNOWN"; | ||
589 | end | ||
590 | if ($arg0 == 1) | ||
591 | printf "JMP"; | ||
592 | end | ||
593 | if ($arg0 == 2) | ||
594 | printf "JCC"; | ||
595 | end | ||
596 | if ($arg0 == 3) | ||
597 | printf "CALL"; | ||
598 | end | ||
599 | if ($arg0 == 4) | ||
600 | printf "RET"; | ||
601 | end | ||
602 | if ($arg0 == 5) | ||
603 | printf "INT"; | ||
604 | end | ||
605 | end | ||
606 | document print_insn_type | ||
607 | This prints the human-readable mnemonic for the instruction typed passed as | ||
608 | a parameter (usually $INSN_TYPE). | ||
609 | end | ||
610 | |||
611 | define get_insn_type | ||
612 | set $INSN_TYPE = 0 | ||
613 | set $_byte1=*(unsigned char *)$arg0 | ||
614 | if ($_byte1 == 0x9A || $_byte1 == 0xE8 ) | ||
615 | # "call" | ||
616 | set $INSN_TYPE=3 | ||
617 | end | ||
618 | if ($_byte1 >= 0xE9 && $_byte1 <= 0xEB) | ||
619 | # "jmp" | ||
620 | set $INSN_TYPE=1 | ||
621 | end | ||
622 | if ($_byte1 >= 0x70 && $_byte1 <= 0x7F) | ||
623 | # "jcc" | ||
624 | set $INSN_TYPE=2 | ||
625 | end | ||
626 | if ($_byte1 >= 0xE0 && $_byte1 <= 0xE3 ) | ||
627 | # "jcc" | ||
628 | set $INSN_TYPE=2 | ||
629 | end | ||
630 | if ($_byte1 == 0xC2 || $_byte1 == 0xC3 || $_byte1 == 0xCA || $_byte1 == 0xCB || $_byte1 == 0xCF) | ||
631 | # "ret" | ||
632 | set $INSN_TYPE=4 | ||
633 | end | ||
634 | if ($_byte1 >= 0xCC && $_byte1 <= 0xCE) | ||
635 | # "int" | ||
636 | set $INSN_TYPE=5 | ||
637 | end | ||
638 | if ($_byte1 == 0x0F ) | ||
639 | # two-byte opcode | ||
640 | set $_byte2=*(unsigned char *)($arg0 +1) | ||
641 | if ($_byte2 >= 0x80 && $_byte2 <= 0x8F) | ||
642 | # "jcc" | ||
643 | set $INSN_TYPE=2 | ||
644 | end | ||
645 | end | ||
646 | if ($_byte1 == 0xFF ) | ||
647 | # opcode extension | ||
648 | set $_byte2=*(unsigned char *)($arg0 +1) | ||
649 | set $_opext=($_byte2 & 0x38) | ||
650 | if ($_opext == 0x10 || $_opext == 0x18) | ||
651 | # "call" | ||
652 | set $INSN_TYPE=3 | ||
653 | end | ||
654 | if ($_opext == 0x20 || $_opext == 0x28) | ||
655 | # "jmp" | ||
656 | set $INSN_TYPE=1 | ||
657 | end | ||
658 | end | ||
659 | end | ||
660 | document get_insn_type | ||
661 | This takes an address as a parameter and sets the global $INSN_TYPE variable | ||
662 | to 0, 1, 2, 3, 4, 5 if the instruction at the address is unknown, a jump, | ||
663 | a conditional jump, a call, a return, or an interrupt. | ||
664 | end | ||
665 | |||
666 | define step_to_call | ||
667 | set $_saved_ctx = $SHOW_CONTEXT | ||
668 | set $SHOW_CONTEXT = 0 | ||
669 | set $SHOW_NEST_INSN=0 | ||
670 | set logging file /dev/null | ||
671 | set logging on | ||
672 | set logging redirect on | ||
673 | set $_cont = 1 | ||
674 | |||
675 | while ( $_cont > 0 ) | ||
676 | stepi | ||
677 | get_insn_type $pc | ||
678 | if ($INSN_TYPE == 3) | ||
679 | set $_cont = 0 | ||
680 | end | ||
681 | end | ||
682 | |||
683 | if ( $_saved_ctx > 0 ) | ||
684 | context | ||
685 | else | ||
686 | x /i $pc | ||
687 | end | ||
688 | |||
689 | set $SHOW_CONTEXT = 1 | ||
690 | set $SHOW_NEST_INSN=0 | ||
691 | set logging redirect off | ||
692 | set logging off | ||
693 | set logging file gdb.txt | ||
694 | end | ||
695 | document step_to_call | ||
696 | This single steps until it encounters a call instruction; it stops before | ||
697 | the call is taken. | ||
698 | end | ||
699 | |||
700 | define trace_calls | ||
701 | set $SHOW_CONTEXT = 0 | ||
702 | set $SHOW_NEST_INSN=0 | ||
703 | set $_nest = 1 | ||
704 | set listsize 0 | ||
705 | set logging overwrite on | ||
706 | set logging file ~/gdb_trace_calls.txt | ||
707 | set logging on | ||
708 | set logging redirect on | ||
709 | |||
710 | while ( $_nest > 0 ) | ||
711 | get_insn_type $pc | ||
712 | |||
713 | # handle nesting | ||
714 | if ($INSN_TYPE == 3) | ||
715 | set $_nest = $_nest + 1 | ||
716 | else | ||
717 | if ($INSN_TYPE == 4) | ||
718 | set $_nest = $_nest - 1 | ||
719 | end | ||
720 | end | ||
721 | |||
722 | # if a call, print it | ||
723 | if ($INSN_TYPE == 3) | ||
724 | set $x = $_nest | ||
725 | while ( $x > 0 ) | ||
726 | printf "\t" | ||
727 | set $x = $x - 1 | ||
728 | end | ||
729 | x /i $pc | ||
730 | end | ||
731 | |||
732 | #set logging file /dev/null | ||
733 | stepi | ||
734 | #set logging file ~/gdb_trace_calls.txt | ||
735 | end | ||
736 | |||
737 | set $SHOW_CONTEXT = 1 | ||
738 | set $SHOW_NEST_INSN=0 | ||
739 | set logging redirect off | ||
740 | set logging off | ||
741 | set logging file gdb.txt | ||
742 | |||
743 | # clean up trace file | ||
744 | shell grep -v ' at ' ~/gdb_trace_calls.txt > ~/gdb_trace_calls.1 | ||
745 | shell grep -v ' in ' ~/gdb_trace_calls.1 > ~/gdb_trace_calls.txt | ||
746 | end | ||
747 | document trace_calls | ||
748 | Creates a runtime trace of the calls made target in ~/gdb_trace_calls.txt. | ||
749 | Note that this is very slow because gdb "set redirect on" does not work! | ||
750 | end | ||
751 | |||
752 | define trace_run | ||
753 | set $SHOW_CONTEXT = 0 | ||
754 | set $SHOW_NEST_INSN=1 | ||
755 | set logging overwrite on | ||
756 | set logging file ~/gdb_trace_run.txt | ||
757 | set logging on | ||
758 | set logging redirect on | ||
759 | set $_nest = 1 | ||
760 | |||
761 | while ( $_nest > 0 ) | ||
762 | |||
763 | get_insn_type $pc | ||
764 | # jmp, jcc, or cll | ||
765 | if ($INSN_TYPE == 3) | ||
766 | set $_nest = $_nest + 1 | ||
767 | else | ||
768 | # ret | ||
769 | if ($INSN_TYPE == 4) | ||
770 | set $_nest = $_nest - 1 | ||
771 | end | ||
772 | end | ||
773 | |||
774 | stepi | ||
775 | end | ||
776 | |||
777 | set $SHOW_CONTEXT = 1 | ||
778 | set $SHOW_NEST_INSN=0 | ||
779 | set logging file gdb.txt | ||
780 | set logging redirect off | ||
781 | set logging off | ||
782 | |||
783 | # clean up trace file | ||
784 | shell grep -v ' at ' ~/gdb_trace_run.txt > ~/gdb_trace_run.1 | ||
785 | shell grep -v ' in ' ~/gdb_trace_run.1 > ~/gdb_trace_run.txt | ||
786 | |||
787 | end | ||
788 | document trace_run | ||
789 | Creates a runtime trace of the target in ~/gdb_trace_run.txt. Note | ||
790 | that this is very slow because gdb "set redirect on" does not work! | ||
791 | end | ||
792 | |||
793 | |||
794 | # _____________________misc_____________________ | ||
795 | # this makes 'context' be called at every BP/step | ||
796 | define hook-stop | ||
797 | if ( $SHOW_CONTEXT > 0 ) | ||
798 | context | ||
799 | end | ||
800 | if ( $SHOW_NEST_INSN > 0 ) | ||
801 | set $x = $_nest | ||
802 | while ($x > 0 ) | ||
803 | printf "\t" | ||
804 | set $x = $x - 1 | ||
805 | end | ||
806 | end | ||
807 | end | ||
808 | |||
809 | define nasm_assemble | ||
810 | printf "Hit Ctrl-D to start, type code to assemble, hit Ctrl-D when done.\n" | ||
811 | printf "It is recommended to start with\n" | ||
812 | printf "\tBITS 32\n" | ||
813 | printf "Note that this command uses NASM (Intel syntax) to assemble.\n" | ||
814 | shell nasm -f bin -o /dev/stdout /dev/stdin | od -v -t x1 -w16 -A n | ||
815 | end | ||
816 | document nasm_assemble | ||
817 | Assemble Intel x86 instructions to binary opcodes. Uses nasm. | ||
818 | Usage: nasm_assemble | ||
819 | end | ||
820 | |||
821 | define assemble | ||
822 | printf "Type code to assemble, hit Ctrl-D until results appear :)\n" | ||
823 | printf "Note that this command uses GAS (AT&T syntax) to assemble.\n" | ||
824 | shell as -o ~/__gdb_tmp.bin | ||
825 | shell objdump -d -j .text --adjust-vma=$arg0 ~/__gdb_tmp.bin | ||
826 | shell rm ~/__gdb_tmp.bin | ||
827 | end | ||
828 | document assemble | ||
829 | Assemble Intel x86 instructions to binary opcodes using gas and objdump | ||
830 | Usage: assemble address | ||
831 | end | ||
832 | |||
833 | # !scary bp_alloc macro! | ||
834 | # The idea behind this macro is to break on the following code: | ||
835 | # 0x4008e0aa <malloc+6>: sub $0xc,%esp | ||
836 | # 0x4008e0ad <malloc+9>: call 0x4008e0b2 <malloc+14> | ||
837 | # 0x4008e0b2 <malloc+14>: pop %ebx | ||
838 | # 0x4008e0b3 <malloc+15>: add $0xa3f6e,%ebx | ||
839 | # At 0x4008e0b3, %ebx contains the address that has just been allocated | ||
840 | # The bp_alloc macro generates this breakpoint and *should* work for | ||
841 | # the forseeable future ... but if it breaks, set a breakpoint on | ||
842 | # __libc_malloc and look for where where the return value gets popped. | ||
843 | |||
844 | define bp_alloc | ||
845 | tbreak *(*__libc_malloc + F) if $ebx == $arg0 | ||
846 | end | ||
847 | document bp_alloc | ||
848 | This sets a temporary breakpoint on the allocation of $arg0. | ||
849 | It works by setting a breakpoint on a specific address in __libc_malloc(). | ||
850 | USE WITH CAUTION -- it is extremely platform dependent. | ||
851 | Usage: bp_alloc addr | ||
852 | end | ||
853 | |||
854 | define dump_hexfile | ||
855 | dump ihex memory $arg0 $arg1 $arg2 | ||
856 | end | ||
857 | document dump_hexfile | ||
858 | Write a range of memory to a file in Intel ihex (hexdump) format. | ||
859 | Usage: dump_hexfile filename start_addr end_addr | ||
860 | end | ||
861 | |||
862 | define dump_binfile | ||
863 | dump memory $arg0 $arg1 $arg2 | ||
864 | end | ||
865 | document dump_binfile | ||
866 | Write a range of memory to a binary file. | ||
867 | Usage: dump_binfile filename start_addr end_addr | ||
868 | end | ||
869 | |||
870 | # _________________tips_________________ | ||
871 | # The 'tips' command is used to provide tutorial-like info to the user | ||
872 | define tips | ||
873 | printf "Tip Topic Commands:\n" | ||
874 | printf "\ttip_display : Automatically display values on each break\n" | ||
875 | printf "\ttip_patch : Patching binaries\n" | ||
876 | printf "\ttip_strip : Dealing with stripped binaries\n" | ||
877 | printf "\ttip_syntax : ATT vs Intel syntax\n" | ||
878 | end | ||
879 | document tips | ||
880 | Provide a list of tips from users on various topics. | ||
881 | end | ||
882 | |||
883 | define tip_patch | ||
884 | printf "\n" | ||
885 | printf " PATCHING MEMORY\n" | ||
886 | printf "Any address can be patched using the 'set' command:\n" | ||
887 | printf "\t`set ADDR = VALUE` \te.g. `set *0x8049D6E = 0x90`\n" | ||
888 | printf "\n" | ||
889 | printf " PATCHING BINARY FILES\n" | ||
890 | printf "Use `set write` in order to patch the target executable\n" | ||
891 | printf "directly, instead of just patching memory.\n" | ||
892 | printf "\t`set write on` \t`set write off`\n" | ||
893 | printf "Note that this means any patches to the code or data segments\n" | ||
894 | printf "will be written to the executable file. When either of these\n" | ||
895 | printf "commands has been issued, the file must be reloaded.\n" | ||
896 | printf "\n" | ||
897 | end | ||
898 | document tip_patch | ||
899 | Tips on patching memory and binary files | ||
900 | end | ||
901 | |||
902 | define tip_strip | ||
903 | printf "\n" | ||
904 | printf " STOPPING BINARIES AT ENTRY POINT\n" | ||
905 | printf "Stripped binaries have no symbols, and are therefore tough to\n" | ||
906 | printf "start automatically. To debug a stripped binary, use\n" | ||
907 | printf "\tinfo file\n" | ||
908 | printf "to get the entry point of the file. The first few lines of\n" | ||
909 | printf "output will look like this:\n" | ||
910 | printf "\tSymbols from '/tmp/a.out'\n" | ||
911 | printf "\tLocal exec file:\n" | ||
912 | printf "\t `/tmp/a.out', file type elf32-i386.\n" | ||
913 | printf "\t Entry point: 0x80482e0\n" | ||
914 | printf "Use this entry point to set an entry point:\n" | ||
915 | printf "\t`tbreak *0x80482e0`\n" | ||
916 | printf "The breakpoint will delete itself after the program stops as\n" | ||
917 | printf "the entry point.\n" | ||
918 | printf "\n" | ||
919 | end | ||
920 | document tip_strip | ||
921 | Tips on dealing with stripped binaries | ||
922 | end | ||
923 | |||
924 | define tip_syntax | ||
925 | printf "\n" | ||
926 | printf "\t INTEL SYNTAX AT&T SYNTAX\n" | ||
927 | printf "\tmnemonic dest, src, imm mnemonic src, dest, imm\n" | ||
928 | printf "\t[base+index*scale+disp] disp(base, index, scale)\n" | ||
929 | printf "\tregister: eax register: %%eax\n" | ||
930 | printf "\timmediate: 0xFF immediate: $0xFF\n" | ||
931 | printf "\tdereference: [addr] dereference: addr(,1)\n" | ||
932 | printf "\tabsolute addr: addr absolute addr: *addr\n" | ||
933 | printf "\tbyte insn: mov byte ptr byte insn: movb\n" | ||
934 | printf "\tword insn: mov word ptr word insn: movw\n" | ||
935 | printf "\tdword insn: mov dword ptr dword insn: movd\n" | ||
936 | printf "\tfar call: call far far call: lcall\n" | ||
937 | printf "\tfar jump: jmp far far jump: ljmp\n" | ||
938 | printf "\n" | ||
939 | printf "Note that order of operands in reversed, and that AT&T syntax\n" | ||
940 | printf "requires that all instructions referencing memory operands \n" | ||
941 | printf "use an operand size suffix (b, w, d, q).\n" | ||
942 | printf "\n" | ||
943 | end | ||
944 | document tip_syntax | ||
945 | Summary of Intel and AT&T syntax differences | ||
946 | end | ||
947 | |||
948 | define tip_display | ||
949 | printf "\n" | ||
950 | printf "Any expression can be set to automatically be displayed every time\n" | ||
951 | printf "the target stops. The commands for this are:\n" | ||
952 | printf "\t`display expr' : automatically display expression 'expr'\n" | ||
953 | printf "\t`display' : show all displayed expressions\n" | ||
954 | printf "\t`undisplay num' : turn off autodisplay for expression # 'num'\n" | ||
955 | printf "Examples:\n" | ||
956 | printf "\t`display/x *(int *)$esp` : print top of stack\n" | ||
957 | printf "\t`display/x *(int *)($ebp+8)` : print first parameter\n" | ||
958 | printf "\t`display (char *)$esi` : print source string\n" | ||
959 | printf "\t`display (char *)$edi` : print destination string\n" | ||
960 | printf "\n" | ||
961 | end | ||
962 | document tip_display | ||
963 | Tips on automatically displaying values when a program stops. | ||
964 | end | ||
965 | # __________________gdb options_________________ | ||
966 | set confirm off | ||
967 | set verbose off | ||
968 | set prompt gdb> | ||
969 | set output-radix 0x10 | ||
970 | set input-radix 0x10 | ||
971 | # These make gdb never pause in its output | ||
972 | set height 0 | ||
973 | set width 0 | ||
974 | # why do these not work??? | ||
975 | set $SHOW_CONTEXT = 1 | ||
976 | set $SHOW_NEST_INSN=0 | ||
977 | |||
978 | #EOF |