Contents of /trunk/gdb/gdb_init.txt
Parent Directory | Revision Log
Revision 144 -
(show annotations)
(download)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File MIME type: text/plain
File size: 21460 byte(s)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File MIME type: text/plain
File size: 21460 byte(s)
-import
1 | # INSTRUCTIONS: save as ~/.gdbinit |
2 | # |
3 | # DESCRIPTION: A user-friendly gdb configuration file. |
4 | # |
5 | # REVISION : 6.1-gentoo |
6 | # |
7 | # CONTRIBUTORS: mammon_, elaine, pusillus, mong |
8 | # |
9 | # FEEDBACK: http://board.anticrack.de/viewforum.php?f=35 |
10 | # SOURCE: http://www.eccentrix.com/members/mammon/gdb_init.txt |
11 | # NOTES: 'help user' in gdb will list the commands/descriptions in this file |
12 | # 'context on' now enables auto-display of context screen |
13 | # |
14 | # CHANGELOG: |
15 | # Version 6.1-gentoo |
16 | # made gas the default. some content censored to be *cough* |
17 | # politically correct. -solar |
18 | # Version 6.1 |
19 | # fixed filename in step_to_call so it points to /dev/null |
20 | # changed location of logfiles from /tmp to ~ |
21 | # Version 6 |
22 | # added print_insn_type, get_insn_type, context-on, context-off commands |
23 | # added trace_calls, trace_run, step_to_call commands |
24 | # changed hook-stop so it checks $SHOW_CONTEXT variable |
25 | # Version 5 |
26 | # added bpm, dump_bin, dump_hex, bp_alloc commands |
27 | # added 'assemble' by elaine, 'gas_asm' by mong |
28 | # added Tip Topics for aspiring *cough* ;) |
29 | # Version 4 |
30 | # added eflags-changing insns by pusillus |
31 | # added bp, nop, null, and int3 patch commands, also hook-stop |
32 | # Version 3 |
33 | # incorporated elaine's if/else goodness into the hex/ascii dump |
34 | # Version 2 |
35 | # radix bugfix by elaine |
36 | # TODO: |
37 | # * add global vars to allow user to control stack,data,code win sizes |
38 | # * add dump, append, set write, etc commands |
39 | # * more tips! |
40 | |
41 | |
42 | # ______________breakpoint aliases_____________ |
43 | define bpl |
44 | info breakpoints |
45 | end |
46 | document bpl |
47 | List breakpoints |
48 | end |
49 | |
50 | define bp |
51 | set $SHOW_CONTEXT = 1 |
52 | break * $arg0 |
53 | end |
54 | document bp |
55 | Set a breakpoint on address |
56 | Usage: bp addr |
57 | end |
58 | |
59 | define bpc |
60 | clear $arg0 |
61 | end |
62 | document bpc |
63 | Clear breakpoint at function/address |
64 | Usage: bpc addr |
65 | end |
66 | |
67 | define bpe |
68 | enable $arg0 |
69 | end |
70 | document bpe |
71 | Enable breakpoint # |
72 | Usage: bpe num |
73 | end |
74 | |
75 | define bpd |
76 | disable $arg0 |
77 | end |
78 | document bpd |
79 | Disable breakpoint # |
80 | Usage: bpd num |
81 | end |
82 | |
83 | define bpt |
84 | set $SHOW_CONTEXT = 1 |
85 | tbreak $arg0 |
86 | end |
87 | document bpt |
88 | Set a temporary breakpoint on address |
89 | Usage: bpt addr |
90 | end |
91 | |
92 | define bpm |
93 | set $SHOW_CONTEXT = 1 |
94 | awatch $arg0 |
95 | end |
96 | document bpm |
97 | Set a read/write breakpoint on address |
98 | Usage: bpm addr |
99 | end |
100 | |
101 | # ______________process information____________ |
102 | define argv |
103 | show args |
104 | end |
105 | document argv |
106 | Print program arguments |
107 | end |
108 | |
109 | define stack |
110 | info stack |
111 | end |
112 | document stack |
113 | Print call stack |
114 | end |
115 | |
116 | define frame |
117 | info frame |
118 | info args |
119 | info locals |
120 | end |
121 | document frame |
122 | Print stack frame |
123 | end |
124 | |
125 | define flags |
126 | if (($eflags >> 0xB) & 1 ) |
127 | printf "O " |
128 | else |
129 | printf "o " |
130 | end |
131 | if (($eflags >> 0xA) & 1 ) |
132 | printf "D " |
133 | else |
134 | printf "d " |
135 | end |
136 | if (($eflags >> 9) & 1 ) |
137 | printf "I " |
138 | else |
139 | printf "i " |
140 | end |
141 | if (($eflags >> 8) & 1 ) |
142 | printf "T " |
143 | else |
144 | printf "t " |
145 | end |
146 | if (($eflags >> 7) & 1 ) |
147 | printf "S " |
148 | else |
149 | printf "s " |
150 | end |
151 | if (($eflags >> 6) & 1 ) |
152 | printf "Z " |
153 | else |
154 | printf "z " |
155 | end |
156 | if (($eflags >> 4) & 1 ) |
157 | printf "A " |
158 | else |
159 | printf "a " |
160 | end |
161 | if (($eflags >> 2) & 1 ) |
162 | printf "P " |
163 | else |
164 | printf "p " |
165 | end |
166 | if ($eflags & 1) |
167 | printf "C " |
168 | else |
169 | printf "c " |
170 | end |
171 | printf "\n" |
172 | end |
173 | document flags |
174 | Print flags register |
175 | end |
176 | |
177 | define eflags |
178 | printf " OF <%d> DF <%d> IF <%d> TF <%d>",\ |
179 | (($eflags >> 0xB) & 1 ), (($eflags >> 0xA) & 1 ), \ |
180 | (($eflags >> 9) & 1 ), (($eflags >> 8) & 1 ) |
181 | printf " SF <%d> ZF <%d> AF <%d> PF <%d> CF <%d>\n",\ |
182 | (($eflags >> 7) & 1 ), (($eflags >> 6) & 1 ),\ |
183 | (($eflags >> 4) & 1 ), (($eflags >> 2) & 1 ), ($eflags & 1) |
184 | printf " ID <%d> VIP <%d> VIF <%d> AC <%d>",\ |
185 | (($eflags >> 0x15) & 1 ), (($eflags >> 0x14) & 1 ), \ |
186 | (($eflags >> 0x13) & 1 ), (($eflags >> 0x12) & 1 ) |
187 | printf " VM <%d> RF <%d> NT <%d> IOPL <%d>\n",\ |
188 | (($eflags >> 0x11) & 1 ), (($eflags >> 0x10) & 1 ),\ |
189 | (($eflags >> 0xE) & 1 ), (($eflags >> 0xC) & 3 ) |
190 | end |
191 | document eflags |
192 | Print entire eflags register |
193 | end |
194 | |
195 | define reg |
196 | printf " eax:%08X ebx:%08X ecx:%08X ", $eax, $ebx, $ecx |
197 | printf " edx:%08X eflags:%08X\n", $edx, $eflags |
198 | printf " esi:%08X edi:%08X esp:%08X ", $esi, $edi, $esp |
199 | printf " ebp:%08X eip:%08X\n", $ebp, $eip |
200 | printf " cs:%04X ds:%04X es:%04X", $cs, $ds, $es |
201 | printf " fs:%04X gs:%04X ss:%04X ", $fs, $gs, $ss |
202 | flags |
203 | end |
204 | document reg |
205 | Print CPU registers |
206 | end |
207 | |
208 | define func |
209 | info functions |
210 | end |
211 | document func |
212 | Print functions in target |
213 | end |
214 | |
215 | define var |
216 | info variables |
217 | end |
218 | document var |
219 | Print variables (symbols) in target |
220 | end |
221 | |
222 | define lib |
223 | info sharedlibrary |
224 | end |
225 | document lib |
226 | Print shared libraries linked to target |
227 | end |
228 | |
229 | define sig |
230 | info signals |
231 | end |
232 | document sig |
233 | Print signal actions for target |
234 | end |
235 | |
236 | define thread |
237 | info threads |
238 | end |
239 | document thread |
240 | Print threads in target |
241 | end |
242 | |
243 | define u |
244 | info udot |
245 | end |
246 | document u |
247 | Print kernel 'user' struct for target |
248 | end |
249 | |
250 | define dis |
251 | disassemble $arg0 |
252 | end |
253 | document dis |
254 | Disassemble address |
255 | Usage: dis addr |
256 | end |
257 | |
258 | # ________________hex/ascii dump an address______________ |
259 | define ascii_char |
260 | # thanks elaine :) |
261 | set $_c=*(unsigned char *)($arg0) |
262 | if ( $_c < 0x20 || $_c > 0x7E ) |
263 | printf "." |
264 | else |
265 | printf "%c", $_c |
266 | end |
267 | end |
268 | document ascii_char |
269 | Print the ASCII value of arg0 or '.' if value is unprintable |
270 | end |
271 | |
272 | define hex_quad |
273 | printf "%02X %02X %02X %02X %02X %02X %02X %02X", \ |
274 | *(unsigned char*)($arg0), *(unsigned char*)($arg0 + 1), \ |
275 | *(unsigned char*)($arg0 + 2), *(unsigned char*)($arg0 + 3), \ |
276 | *(unsigned char*)($arg0 + 4), *(unsigned char*)($arg0 + 5), \ |
277 | *(unsigned char*)($arg0 + 6), *(unsigned char*)($arg0 + 7) |
278 | end |
279 | document hex_quad |
280 | Print eight hexadecimal bytes starting at arg0 |
281 | end |
282 | |
283 | define hexdump |
284 | printf "%08X : ", $arg0 |
285 | hex_quad $arg0 |
286 | printf " - " |
287 | hex_quad ($arg0+8) |
288 | printf " " |
289 | |
290 | ascii_char ($arg0) |
291 | ascii_char ($arg0+1) |
292 | ascii_char ($arg0+2) |
293 | ascii_char ($arg0+3) |
294 | ascii_char ($arg0+4) |
295 | ascii_char ($arg0+5) |
296 | ascii_char ($arg0+6) |
297 | ascii_char ($arg0+7) |
298 | ascii_char ($arg0+8) |
299 | ascii_char ($arg0+9) |
300 | ascii_char ($arg0+0xA) |
301 | ascii_char ($arg0+0xB) |
302 | ascii_char ($arg0+0xC) |
303 | ascii_char ($arg0+0xD) |
304 | ascii_char ($arg0+0xE) |
305 | ascii_char ($arg0+0xF) |
306 | |
307 | printf "\n" |
308 | end |
309 | document hexdump |
310 | Display a 16-byte hex/ASCII dump of arg0 |
311 | end |
312 | |
313 | # ________________data window__________________ |
314 | define ddump |
315 | printf "[%04X:%08X]------------------------", $ds, $data_addr |
316 | printf "---------------------------------[ data]\n" |
317 | set $_count=0 |
318 | while ( $_count < $arg0 ) |
319 | set $_i=($_count*0x10) |
320 | hexdump ($data_addr+$_i) |
321 | set $_count++ |
322 | end |
323 | end |
324 | document ddump |
325 | Display $arg0 lines of hexdump for address $data_addr |
326 | end |
327 | |
328 | define dd |
329 | if ( ($arg0 & 0x40000000) || ($arg0 & 0x08000000) || ($arg0 & 0xBF000000) ) |
330 | set $data_addr=$arg0 |
331 | ddump 0x10 |
332 | else |
333 | printf "Invalid address: %08X\n", $arg0 |
334 | end |
335 | end |
336 | document dd |
337 | Display 16 lines of a hex dump for $arg0 |
338 | end |
339 | |
340 | define datawin |
341 | if ( ($esi & 0x40000000) || ($esi & 0x08000000) || ($esi & 0xBF000000) ) |
342 | set $data_addr=$esi |
343 | else |
344 | if ( ($edi & 0x40000000) || ($edi & 0x08000000) || ($edi & 0xBF000000) ) |
345 | set $data_addr=$edi |
346 | else |
347 | if ( ($eax & 0x40000000) || ($eax & 0x08000000) || \ |
348 | ($eax & 0xBF000000) ) |
349 | |
350 | set $data_addr=$eax |
351 | else |
352 | set $data_addr=$esp |
353 | end |
354 | end |
355 | end |
356 | ddump 2 |
357 | end |
358 | document datawin |
359 | Display esi, edi, eax, or esp in data window |
360 | end |
361 | |
362 | # ________________process context______________ |
363 | define context |
364 | printf "_______________________________________" |
365 | printf "________________________________________\n" |
366 | reg |
367 | printf "[%04X:%08X]------------------------", $ss, $esp |
368 | printf "---------------------------------[stack]\n" |
369 | hexdump $sp+0x30 |
370 | hexdump $sp+0x20 |
371 | hexdump $sp+0x10 |
372 | hexdump $sp |
373 | datawin |
374 | printf "[%04X:%08X]------------------------", $cs, $eip |
375 | printf "---------------------------------[ code]\n" |
376 | x /6i $pc |
377 | printf "---------------------------------------" |
378 | printf "---------------------------------------\n" |
379 | end |
380 | document context |
381 | Print regs, stack, ds:esi, and disassemble cs:eip |
382 | end |
383 | |
384 | define context-on |
385 | set $SHOW_CONTEXT = 1 |
386 | end |
387 | document context-on |
388 | Enable display of context on every program stop |
389 | end |
390 | |
391 | define context-off |
392 | set $SHOW_CONTEXT = 1 |
393 | end |
394 | document context-on |
395 | Disable display of context on every program stop |
396 | end |
397 | |
398 | # ________________process control______________ |
399 | define n |
400 | ni |
401 | end |
402 | document n |
403 | Step one instruction |
404 | end |
405 | |
406 | define go |
407 | stepi $arg0 |
408 | end |
409 | document go |
410 | Step # instructions |
411 | end |
412 | |
413 | define pret |
414 | finish |
415 | end |
416 | document pret |
417 | Step out of current call |
418 | end |
419 | |
420 | define init |
421 | set $SHOW_CONTEXT = 1 |
422 | set $SHOW_NEST_INSN=0 |
423 | tbreak _init |
424 | r |
425 | end |
426 | document init |
427 | Run program; break on _init() |
428 | end |
429 | |
430 | define start |
431 | set $SHOW_CONTEXT = 1 |
432 | set $SHOW_NEST_INSN=0 |
433 | tbreak _start |
434 | r |
435 | end |
436 | document start |
437 | Run program; break on _start() |
438 | end |
439 | |
440 | define sstart |
441 | set $SHOW_CONTEXT = 1 |
442 | set $SHOW_NEST_INSN=0 |
443 | tbreak __libc_start_main |
444 | r |
445 | end |
446 | document sstart |
447 | Run program; break on __libc_start_main(). Useful for stripped executables. |
448 | end |
449 | |
450 | define main |
451 | set $SHOW_CONTEXT = 1 |
452 | set $SHOW_NEST_INSN=0 |
453 | tbreak main |
454 | r |
455 | end |
456 | document main |
457 | Run program; break on main() |
458 | end |
459 | |
460 | # ________________eflags commands_______________ |
461 | define cfc |
462 | if ($eflags & 1) |
463 | set $eflags = $eflags&~1 |
464 | else |
465 | set $eflags = $eflags|1 |
466 | end |
467 | end |
468 | document cfc |
469 | change Carry Flag |
470 | end |
471 | |
472 | define cfp |
473 | if (($eflags >> 2) & 1 ) |
474 | set $eflags = $eflags&~0x4 |
475 | else |
476 | set $eflags = $eflags|0x4 |
477 | end |
478 | end |
479 | document cfp |
480 | change Carry Flag |
481 | end |
482 | |
483 | define cfa |
484 | if (($eflags >> 4) & 1 ) |
485 | set $eflags = $eflags&~0x10 |
486 | else |
487 | set $eflags = $eflags|0x10 |
488 | end |
489 | end |
490 | document cfa |
491 | change Auxiliary Carry Flag |
492 | end |
493 | |
494 | define cfz |
495 | if (($eflags >> 6) & 1 ) |
496 | set $eflags = $eflags&~0x40 |
497 | else |
498 | set $eflags = $eflags|0x40 |
499 | end |
500 | end |
501 | document cfz |
502 | change Zero Flag |
503 | end |
504 | |
505 | define cfs |
506 | if (($eflags >> 7) & 1 ) |
507 | set $eflags = $eflags&~0x80 |
508 | else |
509 | set $eflags = $eflags|0x80 |
510 | end |
511 | end |
512 | document cfs |
513 | change Sign Flag |
514 | end |
515 | |
516 | define cft |
517 | if (($eflags >>8) & 1 ) |
518 | set $eflags = $eflags&100 |
519 | else |
520 | set $eflags = $eflags|100 |
521 | end |
522 | end |
523 | document cft |
524 | change Trap Flag |
525 | end |
526 | |
527 | define cfi |
528 | if (($eflags >> 9) & 1 ) |
529 | set $eflags = $eflags&~0x200 |
530 | else |
531 | set $eflags = $eflags|0x200 |
532 | end |
533 | end |
534 | document cfi |
535 | change Interrupt Flag |
536 | end |
537 | |
538 | define cfd |
539 | if (($eflags >>0xA ) & 1 ) |
540 | set $eflags = $eflags&~0x400 |
541 | else |
542 | set $eflags = $eflags|0x400 |
543 | end |
544 | end |
545 | document cfd |
546 | change Direction Flag |
547 | end |
548 | |
549 | define cfo |
550 | if (($eflags >> 0xB) & 1 ) |
551 | set $eflags = $eflags&~0x800 |
552 | else |
553 | set $eflags = $eflags|0x800 |
554 | end |
555 | end |
556 | document cfo |
557 | change Overflow Flag |
558 | end |
559 | |
560 | # --------------------patch--------------------- |
561 | define nop |
562 | set * (unsigned char *) $arg0 = 0x90 |
563 | end |
564 | document nop |
565 | Patch byte at address arg0 to a NOP insn |
566 | Usage: nop addr |
567 | end |
568 | |
569 | define null |
570 | set * (unsigned char *) $arg0 = 0 |
571 | end |
572 | document null |
573 | Patch byte at address arg0 to NULL |
574 | Usage: null addr |
575 | end |
576 | |
577 | define int3 |
578 | set * (unsigned char *) $arg0 = 0xCC |
579 | end |
580 | document int3 |
581 | Patch byte at address arg0 to an INT3 insn |
582 | Usage: int3 addr |
583 | end |
584 | |
585 | # --------------------cflow--------------------- |
586 | define print_insn_type |
587 | if ($arg0 == 0) |
588 | printf "UNKNOWN"; |
589 | end |
590 | if ($arg0 == 1) |
591 | printf "JMP"; |
592 | end |
593 | if ($arg0 == 2) |
594 | printf "JCC"; |
595 | end |
596 | if ($arg0 == 3) |
597 | printf "CALL"; |
598 | end |
599 | if ($arg0 == 4) |
600 | printf "RET"; |
601 | end |
602 | if ($arg0 == 5) |
603 | printf "INT"; |
604 | end |
605 | end |
606 | document print_insn_type |
607 | This prints the human-readable mnemonic for the instruction typed passed as |
608 | a parameter (usually $INSN_TYPE). |
609 | end |
610 | |
611 | define get_insn_type |
612 | set $INSN_TYPE = 0 |
613 | set $_byte1=*(unsigned char *)$arg0 |
614 | if ($_byte1 == 0x9A || $_byte1 == 0xE8 ) |
615 | # "call" |
616 | set $INSN_TYPE=3 |
617 | end |
618 | if ($_byte1 >= 0xE9 && $_byte1 <= 0xEB) |
619 | # "jmp" |
620 | set $INSN_TYPE=1 |
621 | end |
622 | if ($_byte1 >= 0x70 && $_byte1 <= 0x7F) |
623 | # "jcc" |
624 | set $INSN_TYPE=2 |
625 | end |
626 | if ($_byte1 >= 0xE0 && $_byte1 <= 0xE3 ) |
627 | # "jcc" |
628 | set $INSN_TYPE=2 |
629 | end |
630 | if ($_byte1 == 0xC2 || $_byte1 == 0xC3 || $_byte1 == 0xCA || $_byte1 == 0xCB || $_byte1 == 0xCF) |
631 | # "ret" |
632 | set $INSN_TYPE=4 |
633 | end |
634 | if ($_byte1 >= 0xCC && $_byte1 <= 0xCE) |
635 | # "int" |
636 | set $INSN_TYPE=5 |
637 | end |
638 | if ($_byte1 == 0x0F ) |
639 | # two-byte opcode |
640 | set $_byte2=*(unsigned char *)($arg0 +1) |
641 | if ($_byte2 >= 0x80 && $_byte2 <= 0x8F) |
642 | # "jcc" |
643 | set $INSN_TYPE=2 |
644 | end |
645 | end |
646 | if ($_byte1 == 0xFF ) |
647 | # opcode extension |
648 | set $_byte2=*(unsigned char *)($arg0 +1) |
649 | set $_opext=($_byte2 & 0x38) |
650 | if ($_opext == 0x10 || $_opext == 0x18) |
651 | # "call" |
652 | set $INSN_TYPE=3 |
653 | end |
654 | if ($_opext == 0x20 || $_opext == 0x28) |
655 | # "jmp" |
656 | set $INSN_TYPE=1 |
657 | end |
658 | end |
659 | end |
660 | document get_insn_type |
661 | This takes an address as a parameter and sets the global $INSN_TYPE variable |
662 | to 0, 1, 2, 3, 4, 5 if the instruction at the address is unknown, a jump, |
663 | a conditional jump, a call, a return, or an interrupt. |
664 | end |
665 | |
666 | define step_to_call |
667 | set $_saved_ctx = $SHOW_CONTEXT |
668 | set $SHOW_CONTEXT = 0 |
669 | set $SHOW_NEST_INSN=0 |
670 | set logging file /dev/null |
671 | set logging on |
672 | set logging redirect on |
673 | set $_cont = 1 |
674 | |
675 | while ( $_cont > 0 ) |
676 | stepi |
677 | get_insn_type $pc |
678 | if ($INSN_TYPE == 3) |
679 | set $_cont = 0 |
680 | end |
681 | end |
682 | |
683 | if ( $_saved_ctx > 0 ) |
684 | context |
685 | else |
686 | x /i $pc |
687 | end |
688 | |
689 | set $SHOW_CONTEXT = 1 |
690 | set $SHOW_NEST_INSN=0 |
691 | set logging redirect off |
692 | set logging off |
693 | set logging file gdb.txt |
694 | end |
695 | document step_to_call |
696 | This single steps until it encounters a call instruction; it stops before |
697 | the call is taken. |
698 | end |
699 | |
700 | define trace_calls |
701 | set $SHOW_CONTEXT = 0 |
702 | set $SHOW_NEST_INSN=0 |
703 | set $_nest = 1 |
704 | set listsize 0 |
705 | set logging overwrite on |
706 | set logging file ~/gdb_trace_calls.txt |
707 | set logging on |
708 | set logging redirect on |
709 | |
710 | while ( $_nest > 0 ) |
711 | get_insn_type $pc |
712 | |
713 | # handle nesting |
714 | if ($INSN_TYPE == 3) |
715 | set $_nest = $_nest + 1 |
716 | else |
717 | if ($INSN_TYPE == 4) |
718 | set $_nest = $_nest - 1 |
719 | end |
720 | end |
721 | |
722 | # if a call, print it |
723 | if ($INSN_TYPE == 3) |
724 | set $x = $_nest |
725 | while ( $x > 0 ) |
726 | printf "\t" |
727 | set $x = $x - 1 |
728 | end |
729 | x /i $pc |
730 | end |
731 | |
732 | #set logging file /dev/null |
733 | stepi |
734 | #set logging file ~/gdb_trace_calls.txt |
735 | end |
736 | |
737 | set $SHOW_CONTEXT = 1 |
738 | set $SHOW_NEST_INSN=0 |
739 | set logging redirect off |
740 | set logging off |
741 | set logging file gdb.txt |
742 | |
743 | # clean up trace file |
744 | shell grep -v ' at ' ~/gdb_trace_calls.txt > ~/gdb_trace_calls.1 |
745 | shell grep -v ' in ' ~/gdb_trace_calls.1 > ~/gdb_trace_calls.txt |
746 | end |
747 | document trace_calls |
748 | Creates a runtime trace of the calls made target in ~/gdb_trace_calls.txt. |
749 | Note that this is very slow because gdb "set redirect on" does not work! |
750 | end |
751 | |
752 | define trace_run |
753 | set $SHOW_CONTEXT = 0 |
754 | set $SHOW_NEST_INSN=1 |
755 | set logging overwrite on |
756 | set logging file ~/gdb_trace_run.txt |
757 | set logging on |
758 | set logging redirect on |
759 | set $_nest = 1 |
760 | |
761 | while ( $_nest > 0 ) |
762 | |
763 | get_insn_type $pc |
764 | # jmp, jcc, or cll |
765 | if ($INSN_TYPE == 3) |
766 | set $_nest = $_nest + 1 |
767 | else |
768 | # ret |
769 | if ($INSN_TYPE == 4) |
770 | set $_nest = $_nest - 1 |
771 | end |
772 | end |
773 | |
774 | stepi |
775 | end |
776 | |
777 | set $SHOW_CONTEXT = 1 |
778 | set $SHOW_NEST_INSN=0 |
779 | set logging file gdb.txt |
780 | set logging redirect off |
781 | set logging off |
782 | |
783 | # clean up trace file |
784 | shell grep -v ' at ' ~/gdb_trace_run.txt > ~/gdb_trace_run.1 |
785 | shell grep -v ' in ' ~/gdb_trace_run.1 > ~/gdb_trace_run.txt |
786 | |
787 | end |
788 | document trace_run |
789 | Creates a runtime trace of the target in ~/gdb_trace_run.txt. Note |
790 | that this is very slow because gdb "set redirect on" does not work! |
791 | end |
792 | |
793 | |
794 | # _____________________misc_____________________ |
795 | # this makes 'context' be called at every BP/step |
796 | define hook-stop |
797 | if ( $SHOW_CONTEXT > 0 ) |
798 | context |
799 | end |
800 | if ( $SHOW_NEST_INSN > 0 ) |
801 | set $x = $_nest |
802 | while ($x > 0 ) |
803 | printf "\t" |
804 | set $x = $x - 1 |
805 | end |
806 | end |
807 | end |
808 | |
809 | define nasm_assemble |
810 | printf "Hit Ctrl-D to start, type code to assemble, hit Ctrl-D when done.\n" |
811 | printf "It is recommended to start with\n" |
812 | printf "\tBITS 32\n" |
813 | printf "Note that this command uses NASM (Intel syntax) to assemble.\n" |
814 | shell nasm -f bin -o /dev/stdout /dev/stdin | od -v -t x1 -w16 -A n |
815 | end |
816 | document nasm_assemble |
817 | Assemble Intel x86 instructions to binary opcodes. Uses nasm. |
818 | Usage: nasm_assemble |
819 | end |
820 | |
821 | define assemble |
822 | printf "Type code to assemble, hit Ctrl-D until results appear :)\n" |
823 | printf "Note that this command uses GAS (AT&T syntax) to assemble.\n" |
824 | shell as -o ~/__gdb_tmp.bin |
825 | shell objdump -d -j .text --adjust-vma=$arg0 ~/__gdb_tmp.bin |
826 | shell rm ~/__gdb_tmp.bin |
827 | end |
828 | document assemble |
829 | Assemble Intel x86 instructions to binary opcodes using gas and objdump |
830 | Usage: assemble address |
831 | end |
832 | |
833 | # !scary bp_alloc macro! |
834 | # The idea behind this macro is to break on the following code: |
835 | # 0x4008e0aa <malloc+6>: sub $0xc,%esp |
836 | # 0x4008e0ad <malloc+9>: call 0x4008e0b2 <malloc+14> |
837 | # 0x4008e0b2 <malloc+14>: pop %ebx |
838 | # 0x4008e0b3 <malloc+15>: add $0xa3f6e,%ebx |
839 | # At 0x4008e0b3, %ebx contains the address that has just been allocated |
840 | # The bp_alloc macro generates this breakpoint and *should* work for |
841 | # the forseeable future ... but if it breaks, set a breakpoint on |
842 | # __libc_malloc and look for where where the return value gets popped. |
843 | |
844 | define bp_alloc |
845 | tbreak *(*__libc_malloc + F) if $ebx == $arg0 |
846 | end |
847 | document bp_alloc |
848 | This sets a temporary breakpoint on the allocation of $arg0. |
849 | It works by setting a breakpoint on a specific address in __libc_malloc(). |
850 | USE WITH CAUTION -- it is extremely platform dependent. |
851 | Usage: bp_alloc addr |
852 | end |
853 | |
854 | define dump_hexfile |
855 | dump ihex memory $arg0 $arg1 $arg2 |
856 | end |
857 | document dump_hexfile |
858 | Write a range of memory to a file in Intel ihex (hexdump) format. |
859 | Usage: dump_hexfile filename start_addr end_addr |
860 | end |
861 | |
862 | define dump_binfile |
863 | dump memory $arg0 $arg1 $arg2 |
864 | end |
865 | document dump_binfile |
866 | Write a range of memory to a binary file. |
867 | Usage: dump_binfile filename start_addr end_addr |
868 | end |
869 | |
870 | # _________________tips_________________ |
871 | # The 'tips' command is used to provide tutorial-like info to the user |
872 | define tips |
873 | printf "Tip Topic Commands:\n" |
874 | printf "\ttip_display : Automatically display values on each break\n" |
875 | printf "\ttip_patch : Patching binaries\n" |
876 | printf "\ttip_strip : Dealing with stripped binaries\n" |
877 | printf "\ttip_syntax : ATT vs Intel syntax\n" |
878 | end |
879 | document tips |
880 | Provide a list of tips from users on various topics. |
881 | end |
882 | |
883 | define tip_patch |
884 | printf "\n" |
885 | printf " PATCHING MEMORY\n" |
886 | printf "Any address can be patched using the 'set' command:\n" |
887 | printf "\t`set ADDR = VALUE` \te.g. `set *0x8049D6E = 0x90`\n" |
888 | printf "\n" |
889 | printf " PATCHING BINARY FILES\n" |
890 | printf "Use `set write` in order to patch the target executable\n" |
891 | printf "directly, instead of just patching memory.\n" |
892 | printf "\t`set write on` \t`set write off`\n" |
893 | printf "Note that this means any patches to the code or data segments\n" |
894 | printf "will be written to the executable file. When either of these\n" |
895 | printf "commands has been issued, the file must be reloaded.\n" |
896 | printf "\n" |
897 | end |
898 | document tip_patch |
899 | Tips on patching memory and binary files |
900 | end |
901 | |
902 | define tip_strip |
903 | printf "\n" |
904 | printf " STOPPING BINARIES AT ENTRY POINT\n" |
905 | printf "Stripped binaries have no symbols, and are therefore tough to\n" |
906 | printf "start automatically. To debug a stripped binary, use\n" |
907 | printf "\tinfo file\n" |
908 | printf "to get the entry point of the file. The first few lines of\n" |
909 | printf "output will look like this:\n" |
910 | printf "\tSymbols from '/tmp/a.out'\n" |
911 | printf "\tLocal exec file:\n" |
912 | printf "\t `/tmp/a.out', file type elf32-i386.\n" |
913 | printf "\t Entry point: 0x80482e0\n" |
914 | printf "Use this entry point to set an entry point:\n" |
915 | printf "\t`tbreak *0x80482e0`\n" |
916 | printf "The breakpoint will delete itself after the program stops as\n" |
917 | printf "the entry point.\n" |
918 | printf "\n" |
919 | end |
920 | document tip_strip |
921 | Tips on dealing with stripped binaries |
922 | end |
923 | |
924 | define tip_syntax |
925 | printf "\n" |
926 | printf "\t INTEL SYNTAX AT&T SYNTAX\n" |
927 | printf "\tmnemonic dest, src, imm mnemonic src, dest, imm\n" |
928 | printf "\t[base+index*scale+disp] disp(base, index, scale)\n" |
929 | printf "\tregister: eax register: %%eax\n" |
930 | printf "\timmediate: 0xFF immediate: $0xFF\n" |
931 | printf "\tdereference: [addr] dereference: addr(,1)\n" |
932 | printf "\tabsolute addr: addr absolute addr: *addr\n" |
933 | printf "\tbyte insn: mov byte ptr byte insn: movb\n" |
934 | printf "\tword insn: mov word ptr word insn: movw\n" |
935 | printf "\tdword insn: mov dword ptr dword insn: movd\n" |
936 | printf "\tfar call: call far far call: lcall\n" |
937 | printf "\tfar jump: jmp far far jump: ljmp\n" |
938 | printf "\n" |
939 | printf "Note that order of operands in reversed, and that AT&T syntax\n" |
940 | printf "requires that all instructions referencing memory operands \n" |
941 | printf "use an operand size suffix (b, w, d, q).\n" |
942 | printf "\n" |
943 | end |
944 | document tip_syntax |
945 | Summary of Intel and AT&T syntax differences |
946 | end |
947 | |
948 | define tip_display |
949 | printf "\n" |
950 | printf "Any expression can be set to automatically be displayed every time\n" |
951 | printf "the target stops. The commands for this are:\n" |
952 | printf "\t`display expr' : automatically display expression 'expr'\n" |
953 | printf "\t`display' : show all displayed expressions\n" |
954 | printf "\t`undisplay num' : turn off autodisplay for expression # 'num'\n" |
955 | printf "Examples:\n" |
956 | printf "\t`display/x *(int *)$esp` : print top of stack\n" |
957 | printf "\t`display/x *(int *)($ebp+8)` : print first parameter\n" |
958 | printf "\t`display (char *)$esi` : print source string\n" |
959 | printf "\t`display (char *)$edi` : print destination string\n" |
960 | printf "\n" |
961 | end |
962 | document tip_display |
963 | Tips on automatically displaying values when a program stops. |
964 | end |
965 | # __________________gdb options_________________ |
966 | set confirm off |
967 | set verbose off |
968 | set prompt gdb> |
969 | set output-radix 0x10 |
970 | set input-radix 0x10 |
971 | # These make gdb never pause in its output |
972 | set height 0 |
973 | set width 0 |
974 | # why do these not work??? |
975 | set $SHOW_CONTEXT = 1 |
976 | set $SHOW_NEST_INSN=0 |
977 | |
978 | #EOF |