# GDB basics ## Changing to ***intel*** syntax ```bash set disassembly-flavor intel ``` ## Finding the entry point and sections of a stripped binary ```bash info file ``` ## View main function instructions ```bash disassemble main ``` ## Setting a break point ```bash break *main break #0x00000000004005bd ``` ## Re-run the program ```bash run #(optional) ``` ## Stepping to the next instruction ```bash si ``` ## Continue running the program ```bash continue ``` ## View variables ``` info variables x/s & ``` ## View registers ```bash info registers info registers rip #(To view a specific register) ``` ## Set a value to a register ```bash set $eax=0 # for example ``` ## Display formats 1. **`o`** => Display in octal. 2. **`x`** => Display in hexadecimal. 3. **`u`** => Display in unsigned, standard base-10 decimal. 4. **`t`** => Display in binary. Example using examine command ( **`x`** ): ```bash (gdb) x/o $rip #0x55555555521b
: 037207407763 (gdb) x/x $rip #0x55555555521b
: 0xfa1e0ff3 (gdb) x/u $rip #0x55555555521b
: 4196274163 (gdb) x/t $rip #0x55555555521b
: 11111010000111100000111111110011 ``` The default size of a single unit is a four-byte unit called a **`word`**,This can be changed by adding the following letters to the end of the examine command. 1. **`b`** => A single byte. 2. **`h`** => A halfword, which is two bytes in size 3. **`w`** => A word, which is four bytes in size 4. **`g`** => A giant, which is eight bytes in size Examples: ```bash (gdb) x/8xb $rip #0x55555555521b
: 0xf3 0x0f 0x1e 0xfa 0x55 0x48 0x89 0xe5 (gdb) x/8xh $rip #0x55555555521b
: 0x0ff3 0xfa1e 0x4855 0xe589 0x8348 0x20ec 0x7d89 0x48ec (gdb) x/8xw $rip #0x55555555521b
: 0xfa1e0ff3 0xe5894855 0x20ec8348 0x48ec7d89 #0x55555555522b : 0x64e07589 0x25048b48 0x00000028 0xf8458948 ``` Examine command also accepts instruction ( **`i`** ) that display the memory as disassembled assembly language instructions. ```bash (gdb) x/i $rip #=> 0x55555555521b
: endbr64 (gdb) x/4i $rip #=> 0x55555555521b
: endbr64 # 0x55555555521f : push rbp # 0x555555555220 : mov rbp,rsp # 0x555555555223 : sub rsp,0x20 ``` ## Working with environment ```bash # Display env vars show environment # Unset all unset env # unset specific unset environment ``` GDB and other debuggers may add some more env vars, which could change offset of shellcode on the stack, so it's best to remove them. ```bash # Remove all env vars unset env # Remove added vars (GDB) unset environment COLUMNS unset environment LINES # Run the exploit: env -i ./vulnerable ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://pwnsec-notes.gitbook.io/ctf-notes/reverse-engineering/gdb-basics.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.