├── .gdb ├── breakpoints.gdb ├── carbon.gdb ├── cpu-arm.gdb ├── cpu-mips.gdb ├── cpu-x86.gdb ├── cpu.gdb ├── data.gdb ├── datawin.gdb ├── detect-target.sh ├── dumpjump.gdb ├── info.gdb ├── kgmacros.gdb ├── macsbug.gdb ├── misc.gdb ├── patch.gdb ├── process.gdb ├── profile.gdb ├── setup.gdb ├── tips.gdb ├── tracing.gdb └── window.gdb ├── .gdbinit ├── .gitignore ├── ChangeLog └── README.markdown /.gdb/breakpoints.gdb: -------------------------------------------------------------------------------- 1 | define bpl 2 | info breakpoints 3 | end 4 | document bpl 5 | List all breakpoints. 6 | end 7 | 8 | 9 | define bp 10 | if $argc != 1 11 | help bp 12 | else 13 | break $arg0 14 | end 15 | end 16 | document bp 17 | Set breakpoint. 18 | Usage: bp LOCATION 19 | LOCATION may be a line number, function name, or "*" and an address. 20 | To break on a symbol you must enclose symbol name inside "". 21 | Example: 22 | bp "[NSControl stringValue]" 23 | Or else you can use directly the break command (break [NSControl stringValue]) 24 | end 25 | 26 | 27 | define bpc 28 | if $argc != 1 29 | help bpc 30 | else 31 | clear $arg0 32 | end 33 | end 34 | document bpc 35 | Clear breakpoint. 36 | Usage: bpc LOCATION 37 | LOCATION may be a line number, function name, or "*" and an address. 38 | end 39 | 40 | 41 | define bpe 42 | if $argc != 1 43 | help bpe 44 | else 45 | enable $arg0 46 | end 47 | end 48 | document bpe 49 | Enable breakpoint with number NUM. 50 | Usage: bpe NUM 51 | end 52 | 53 | 54 | define bpd 55 | if $argc != 1 56 | help bpd 57 | else 58 | disable $arg0 59 | end 60 | end 61 | document bpd 62 | Disable breakpoint with number NUM. 63 | Usage: bpd NUM 64 | end 65 | 66 | 67 | define bpt 68 | if $argc != 1 69 | help bpt 70 | else 71 | tbreak $arg0 72 | end 73 | end 74 | document bpt 75 | Set a temporary breakpoint. 76 | This breakpoint will be automatically deleted when hit!. 77 | Usage: bpt LOCATION 78 | LOCATION may be a line number, function name, or "*" and an address. 79 | end 80 | 81 | 82 | define bpm 83 | if $argc != 1 84 | help bpm 85 | else 86 | awatch $arg0 87 | end 88 | end 89 | document bpm 90 | Set a read/write breakpoint on EXPRESSION, e.g. *address. 91 | Usage: bpm EXPRESSION 92 | end 93 | 94 | 95 | define bhb 96 | if $argc != 1 97 | help bhb 98 | else 99 | hb $arg0 100 | end 101 | end 102 | document bhb 103 | Set hardware assisted breakpoint. 104 | Usage: bhb LOCATION 105 | LOCATION may be a line number, function name, or "*" and an address. 106 | end 107 | 108 | 109 | define bht 110 | if $argc != 1 111 | help bht 112 | else 113 | thbreak $arg0 114 | end 115 | end 116 | document bht 117 | Set a temporary hardware breakpoint. 118 | This breakpoint will be automatically deleted when hit! 119 | Usage: bht LOCATION 120 | LOCATION may be a line number, function name, or "*" and an address. 121 | end 122 | -------------------------------------------------------------------------------- /.gdb/carbon.gdb: -------------------------------------------------------------------------------- 1 | define print-char 2 | if ($arg0 > 0xff) 3 | print "not a character" 4 | "" 5 | else 6 | if ($arg0 == '\n') 7 | printf "\\n" 8 | else 9 | if ($arg0 == '\t') 10 | printf "\\t" 11 | else 12 | if ($arg0 == '\r') 13 | printf "\\r" 14 | else 15 | if ($arg0 == '\'') 16 | printf "\\'" 17 | else 18 | if (($arg0 < 0x20) || ($arg0 >= 0x7f)) 19 | printf "\\%03o", $arg0 20 | else 21 | printf "%c", $arg0 22 | end 23 | end 24 | end 25 | end 26 | end 27 | end 28 | end 29 | document print-char 30 | Print a single character in a readable fashion. 31 | end 32 | 33 | define print-ostype 34 | set $tmp0 = ($arg0) 35 | printf "'" 36 | set $tmp1 = (($tmp0 & 0xff000000) >> 24) 37 | print-char $tmp1 38 | set $tmp1 = (($tmp0 & 0x00ff0000) >> 16) 39 | print-char $tmp1 40 | set $tmp1 = (($tmp0 & 0x0000ff00) >> 8) 41 | print-char $tmp1 42 | set $tmp1 = (($tmp0 & 0x000000ff) >> 0) 43 | print-char $tmp1 44 | printf "'" 45 | printf "\n" 46 | end 47 | document print-ostype 48 | Print a value as an OSType (four-byte character string). 49 | end 50 | -------------------------------------------------------------------------------- /.gdb/cpu-arm.gdb: -------------------------------------------------------------------------------- 1 | # Initialize these variables else comparisons will fail for colouring 2 | set $oldr0 = 0 3 | set $oldr1 = 0 4 | set $oldr2 = 0 5 | set $oldr3 = 0 6 | set $oldr4 = 0 7 | set $oldr5 = 0 8 | set $oldr6 = 0 9 | set $oldr7 = 0 10 | set $oldr8 = 0 11 | set $oldr9 = 0 12 | set $oldr10 = 0 13 | set $oldr11 = 0 14 | set $oldr12 = 0 15 | set $oldr13 = 0 16 | set $oldr14 = 0 17 | set $oldr15 = 0 18 | set $oldsp = 0 19 | set $oldlr = 0 20 | 21 | define flagsarm 22 | # conditional flags are 23 | # negative/less than (N), bit 31 of CPSR 24 | # zero (Z), bit 30 25 | # Carry/Borrow/Extend (C), bit 29 26 | # Overflow (V), bit 28 27 | # negative/less than (N), bit 31 of CPSR 28 | if ($cpsr->n & 1) 29 | printf "N " 30 | set $_n_flag = 1 31 | else 32 | printf "n " 33 | set $_n_flag = 0 34 | end 35 | # zero (Z), bit 30 36 | if ($cpsr->z & 1) 37 | printf "Z " 38 | set $_z_flag = 1 39 | else 40 | printf "z " 41 | set $_z_flag = 0 42 | end 43 | # Carry/Borrow/Extend (C), bit 29 44 | if ($cpsr->c & 1) 45 | printf "C " 46 | set $_c_flag = 1 47 | else 48 | printf "c " 49 | set $_c_flag = 0 50 | end 51 | # Overflow (V), bit 28 52 | if ($cpsr->v & 1) 53 | printf "V " 54 | set $_v_flag = 1 55 | else 56 | printf "v " 57 | set $_v_flag = 0 58 | end 59 | # Sticky overflow (Q), bit 27 60 | if ($cpsr->q & 1) 61 | printf "Q " 62 | set $_q_flag = 1 63 | else 64 | printf "q " 65 | set $_q_flag = 0 66 | end 67 | # Java state bit (J), bit 24 68 | # When T=1: 69 | # J = 0 The processor is in Thumb state. 70 | # J = 1 The processor is in ThumbEE state. 71 | if ($cpsr->j & 1) 72 | printf "J " 73 | set $_j_flag = 1 74 | else 75 | printf "j " 76 | set $_j_flag = 0 77 | end 78 | # Data endianness bit (E), bit 9 79 | if ($cpsr->e & 1) 80 | printf "E " 81 | set $_e_flag = 1 82 | else 83 | printf "e " 84 | set $_e_flag = 0 85 | end 86 | # Imprecise abort disable bit (A), bit 8 87 | # The A bit is set to 1 automatically. It is used to disable imprecise data aborts. 88 | # It might not be writable in the Nonsecure state if the AW bit in the SCR register is reset. 89 | if ($cpsr->a & 1) 90 | printf "A " 91 | set $_a_flag = 1 92 | else 93 | printf "a " 94 | set $_a_flag = 0 95 | end 96 | # IRQ disable bit (I), bit 7 97 | # When the I bit is set to 1, IRQ interrupts are disabled. 98 | if ($cpsr->i & 1) 99 | printf "I " 100 | set $_i_flag = 1 101 | else 102 | printf "i " 103 | set $_i_flag = 0 104 | end 105 | # FIQ disable bit (F), bit 6 106 | # When the F bit is set to 1, FIQ interrupts are disabled. 107 | # FIQ can be nonmaskable in the Nonsecure state if the FW bit in SCR register is reset. 108 | if ($cpsr->f & 1) 109 | printf "F " 110 | set $_f_flag = 1 111 | else 112 | printf "f " 113 | set $_f_flag = 0 114 | end 115 | # Thumb state bit (F), bit 5 116 | # if 1 then the processor is executing in Thumb state or ThumbEE state depending on the J bit 117 | if ($cpsr->t & 1) 118 | printf "T " 119 | set $_t_flag = 1 120 | else 121 | printf "t " 122 | set $_t_flag = 0 123 | end 124 | # TODO: GE bit ? 125 | end 126 | document flagsarm 127 | Auxiliary function to set ARM cpu flags. 128 | end 129 | 130 | 131 | define eflagsarm 132 | printf " N <%d> Z <%d> C <%d> V <%d>", \ 133 | ($cpsr->n & 1), ($cpsr->z & 1), \ 134 | ($cpsr->c & 1), ($cpsr->v & 1) 135 | printf " Q <%d> J <%d> GE <%d> E <%d> A <%d>", \ 136 | ($cpsr->q & 1), ($cpsr->j & 1), \ 137 | ($cpsr->ge), ($cpsr->e & 1), ($cpsr->a & 1) 138 | printf " I <%d> F <%d> T <%d> \n", \ 139 | ($cpsr->i & 1), ($cpsr->f & 1), \ 140 | ($cpsr->t & 1) 141 | end 142 | document eflagsarm 143 | Auxillary function to print ARM eflags register. 144 | end 145 | 146 | define cpsr 147 | eflagsarm 148 | end 149 | document cpsr 150 | Print cpsr register. 151 | end 152 | 153 | 154 | define regarm 155 | printf " " 156 | echo \033[32m 157 | printf "R0:" 158 | if $r0 159 | if ($r0 != $oldr0 && $SHOWREGCHANGES == 1) 160 | echo \033[31m 161 | end 162 | printf " 0x%08X ", $r0 163 | else 164 | printf " 0x%08X ", 0 165 | end 166 | 167 | echo \033[32m 168 | printf "R1:" 169 | if $r1 170 | if ($r1 != $oldr1 && $SHOWREGCHANGES == 1) 171 | echo \033[31m 172 | end 173 | printf " 0x%08X ", $r1 174 | else 175 | printf " 0x%08X ", 0 176 | end 177 | 178 | echo \033[32m 179 | printf "R2:" 180 | if $r2 181 | if ($r2 != $oldr2 && $SHOWREGCHANGES == 1) 182 | echo \033[31m 183 | end 184 | printf " 0x%08X ", $r2 185 | else 186 | printf " 0x%08X ", 0 187 | end 188 | 189 | echo \033[32m 190 | printf "R3:" 191 | if $r3 192 | if ($r3 != $oldr3 && $SHOWREGCHANGES == 1) 193 | echo \033[31m 194 | end 195 | printf " 0x%08X", $r3 196 | else 197 | printf " 0x%08X", 0 198 | end 199 | 200 | 201 | # Newline 202 | printf "\n " 203 | 204 | echo \033[32m 205 | printf "R4:" 206 | if $r4 207 | if ($r4 != $oldr4 && $SHOWREGCHANGES == 1) 208 | echo \033[31m 209 | end 210 | printf " 0x%08X ", $r4 211 | else 212 | printf " 0x%08X ", 0 213 | end 214 | 215 | echo \033[32m 216 | printf "R5:" 217 | if $r5 218 | if ($r5 != $oldr5 && $SHOWREGCHANGES == 1) 219 | echo \033[31m 220 | end 221 | printf " 0x%08X ", $r5 222 | else 223 | printf " 0x%08X ", 0 224 | end 225 | 226 | echo \033[32m 227 | printf "R6:" 228 | if $r6 229 | if ($r6 != $oldr6 && $SHOWREGCHANGES == 1) 230 | echo \033[31m 231 | end 232 | printf " 0x%08X ", $r6 233 | else 234 | printf " 0x%08X ", 0 235 | end 236 | 237 | echo \033[32m 238 | printf "R7:" 239 | if $r7 240 | if ($r7 != $oldr7 && $SHOWREGCHANGES == 1) 241 | echo \033[31m 242 | end 243 | printf " 0x%08X ", $r7 244 | else 245 | printf " 0x%08X ", 0 246 | end 247 | 248 | 249 | # Newline 250 | printf "\n " 251 | 252 | echo \033[32m 253 | printf "R8:" 254 | if $r8 255 | if ($r8 != $oldr8 && $SHOWREGCHANGES == 1) 256 | echo \033[31m 257 | end 258 | printf " 0x%08X ", $r8 259 | else 260 | printf " 0x%08X ", 0 261 | end 262 | 263 | echo \033[32m 264 | printf "R9:" 265 | if $r9 266 | if ($r9 != $oldr9 && $SHOWREGCHANGES == 1) 267 | echo \033[31m 268 | end 269 | printf " 0x%08X ", $r9 270 | else 271 | printf " 0x%08X ", 0 272 | end 273 | 274 | echo \033[32m 275 | printf "R10:" 276 | if $r10 277 | if ($r10 != $oldr10 && $SHOWREGCHANGES == 1) 278 | echo \033[31m 279 | end 280 | printf " 0x%08X ", $r10 281 | else 282 | printf " 0x%08X ", 0 283 | end 284 | 285 | echo \033[32m 286 | printf "R11:" 287 | if $r11 288 | if ($r11 != $oldr11 && $SHOWREGCHANGES == 1) 289 | echo \033[31m 290 | end 291 | printf " 0x%08X ", $r11 292 | else 293 | printf " 0x%08X ", 0 294 | end 295 | 296 | dumpjump 297 | printf "\n " 298 | 299 | echo \033[32m 300 | printf "R12:" 301 | if $r12 302 | if ($r12 != $oldr12 && $SHOWREGCHANGES == 1) 303 | echo \033[31m 304 | end 305 | printf " 0x%08X ", $r12 306 | else 307 | printf " 0x%08X ", 0 308 | end 309 | 310 | echo \033[32m 311 | printf "SP:" 312 | if $sp 313 | if ($sp != $oldsp && $SHOWREGCHANGES == 1) 314 | echo \033[31m 315 | end 316 | printf " 0x%08X ", $sp 317 | else 318 | printf " 0x%08X ", 0 319 | end 320 | 321 | echo \033[32m 322 | printf "LR:" 323 | if $lr 324 | if ($lr != $oldlr && $SHOWREGCHANGES == 1) 325 | echo \033[31m 326 | end 327 | printf " 0x%08X ", $lr 328 | else 329 | printf " 0x%08X ", 0 330 | end 331 | 332 | echo \033[32m 333 | printf "PC:" 334 | echo \033[0m 335 | if $pc 336 | printf " 0x%08X ", $pc 337 | else 338 | printf " 0x%08X ", 0 339 | end 340 | 341 | echo \033[1m\033[4m\033[31m 342 | flags 343 | echo \033[0m 344 | printf "\n" 345 | 346 | if ($SHOWREGCHANGES == 1) 347 | if $r0 348 | set $oldr0 = $r0 349 | end 350 | if $r1 351 | set $oldr1 = $r1 352 | end 353 | if $r2 354 | set $oldr2 = $r2 355 | end 356 | if $r3 357 | set $oldr3 = $r3 358 | end 359 | if $r4 360 | set $oldr4 = $r4 361 | end 362 | if $r5 363 | set $oldr5 = $r5 364 | end 365 | if $r6 366 | set $oldr6 = $r6 367 | end 368 | if $r7 369 | set $oldr7 = $r7 370 | end 371 | if $r8 372 | set $oldr8 = $r8 373 | end 374 | if $r9 375 | set $oldr9 = $r9 376 | end 377 | if $r10 378 | set $oldr10 = $r10 379 | end 380 | if $r11 381 | set $oldr11 = $r11 382 | end 383 | if $r12 384 | set $oldr12 = $r12 385 | end 386 | if $sp 387 | set $oldsp = $sp 388 | end 389 | if $lr 390 | set $oldlr = $lr 391 | end 392 | end 393 | end 394 | document regarm 395 | Auxiliary function to display ARM registers. 396 | end 397 | 398 | 399 | define stepoframeworkarm 400 | # bl and bx opcodes 401 | # bx Rn => ARM bits 27-20: 0 0 0 1 0 0 1 0 , bits 7-4: 0 0 0 1 ; Thumb bits: 15-7: 0 1 0 0 0 1 1 1 0 402 | # blx Rn => ARM bits 27-20: 0 0 0 1 0 0 1 0 , bits 7-4: 0 0 1 1 ; Thumb bits: 15-7: 0 1 0 0 0 1 1 1 1 403 | # bl # => ARM bits 27-24: 1 0 1 1 ; Thumb bits: 15-11: 1 1 1 1 0 404 | # blx # => ARM bits 31-25: 1 1 1 1 1 0 1 ; Thumb bits: 15-11: 1 1 1 1 0 405 | set $_nextaddress = 0 406 | 407 | # ARM Mode 408 | if ($_t_flag == 0) 409 | set $_branchesint = *(unsigned int*) $pc 410 | set $_bit31 = ($_branchesint >> 0x1F) & 1 411 | set $_bit30 = ($_branchesint >> 0x1E) & 1 412 | set $_bit29 = ($_branchesint >> 0x1D) & 1 413 | set $_bit28 = ($_branchesint >> 0x1C) & 1 414 | set $_bit27 = ($_branchesint >> 0x1B) & 1 415 | set $_bit26 = ($_branchesint >> 0x1A) & 1 416 | set $_bit25 = ($_branchesint >> 0x19) & 1 417 | set $_bit24 = ($_branchesint >> 0x18) & 1 418 | set $_bit23 = ($_branchesint >> 0x17) & 1 419 | set $_bit22 = ($_branchesint >> 0x16) & 1 420 | set $_bit21 = ($_branchesint >> 0x15) & 1 421 | set $_bit20 = ($_branchesint >> 0x14) & 1 422 | set $_bit7 = ($_branchesint >> 0x7) & 1 423 | set $_bit6 = ($_branchesint >> 0x6) & 1 424 | set $_bit5 = ($_branchesint >> 0x5) & 1 425 | set $_bit4 = ($_branchesint >> 0x4) & 1 426 | 427 | # set $_lastbyte = *(unsigned char *)($pc+3) 428 | # set $_bits2724 = $_lastbyte & 0x1 429 | # set $_bits3128 = $_lastbyte >> 4 430 | # if ($_bits3128 == 0xF) 431 | # set $_bits2724 = $_lastbyte & 0xA 432 | # set $_bits2724 = $_bits2724 >> 1 433 | # end 434 | # set $_previousbyte = *(unsigned char *)($pc+2) 435 | # set $_bits2320 = $_previousbyte >> 4 436 | # printf "bits2724: %x bits2320: %x\n", $_bits2724, $_bits2320 437 | 438 | if ($_bit27 == 0 && $_bit26 == 0 && $_bit25 == 0 && $_bit24 == 1 && $_bit23 == 0 && $_bit22 == 0 && $_bit21 == 1 && $_bit20 == 0 && $_bit7 == 0 && $_bit6 == 0 && $_bit5 == 0 && $_bit4 == 1) 439 | printf "Found a bx Rn\n" 440 | set $_nextaddress = $pc + 0x4 441 | end 442 | if ($_bit27 == 0 && $_bit26 == 0 && $_bit25 == 0 && $_bit24 == 1 && $_bit23 == 0 && $_bit22 == 0 && $_bit21 == 1 && $_bit20 == 0 && $_bit7 == 0 && $_bit6 == 0 && $_bit5 == 1 && $_bit4 == 1) 443 | printf "Found a blx Rn\n" 444 | set $_nextaddress = $pc + 0x4 445 | end 446 | if ($_bit27 == 1 && $_bit26 == 0 && $_bit25 == 1 && $_bit24 == 1) 447 | printf "Found a bl #\n" 448 | set $_nextaddress = $pc + 0x4 449 | end 450 | if ($_bit31 == 1 && $_bit30 == 1 && $_bit29 == 1 && $_bit28 == 1 && $_bit27 == 1 && $_bit26 == 0 && $_bit25 == 1) 451 | printf "Found a blx #\n" 452 | set $_nextaddress = $pc + 0x4 453 | end 454 | # Thumb Mode 455 | else 456 | # 32 bits instructions in Thumb are divided into two half words 457 | set $_hw1 = *(unsigned short*) ($pc) 458 | set $_hw2 = *(unsigned short*) ($pc + 2) 459 | 460 | # bl/blx (immediate) 461 | # hw1: bits 15-11: 1 1 1 1 0 462 | # hw2: bits 15-14: 1 1 ; BL bit 12: 1 ; BLX bit 12: 0 463 | if (($_hw1 >> 0xC) == 0xF && (($_hw1 >> 0xB) & 1) == 0) 464 | if (((($_hw2 >> 0xF) & 1) == 1) && ((($_hw2 >> 0xE) & 1) == 1)) 465 | set $_nextaddress = $pc + 0x4 466 | end 467 | end 468 | end 469 | # if we have found a call to bypass we set a temporary breakpoint on next instruction and continue 470 | if ($_nextaddress != 0) 471 | tbreak *$_nextaddress 472 | continue 473 | printf "[StepO] Next address will be %x\n", $_nextaddress 474 | # else we just single step 475 | else 476 | nexti 477 | end 478 | end 479 | document stepoframeworkarm 480 | Auxiliary function to stepo command. 481 | end 482 | 483 | 484 | define cfnarm 485 | set $tempflag = $cpsr->n 486 | if ($tempflag & 1) 487 | set $cpsr->n = $tempflag & ~0x1 488 | else 489 | set $cpsr->n = $tempflag | 0x1 490 | end 491 | end 492 | document cfnarm 493 | Auxiliary function to change ARM Negative/Less Than Flag. 494 | end 495 | 496 | 497 | define cfcarm 498 | # Carry/Borrow/Extend (C), bit 29 499 | set $tempflag = $cpsr->c 500 | if ($tempflag & 1) 501 | set $cpsr->c = $tempflag & ~0x1 502 | else 503 | set $cpsr->c = $tempflag | 0x1 504 | end 505 | end 506 | document cfc 507 | Auxiliary function to change ARM Carry Flag. 508 | end 509 | 510 | 511 | define cfzarm 512 | # zero (Z), bit 30 513 | set $tempflag = $cpsr->z 514 | if ($tempflag & 1) 515 | set $cpsr->z = $tempflag & ~0x1 516 | else 517 | set $cpsr->z = $tempflag | 0x1 518 | end 519 | end 520 | document cfzarm 521 | Auxiliary function to change ARM Zero Flag. 522 | end 523 | 524 | 525 | # Overflow (V), bit 28 526 | define cfvarm 527 | set $tempflag = $cpsr->v 528 | if ($tempflag & 1) 529 | set $cpsr->v = $tempflag & ~0x1 530 | else 531 | set $cpsr->v = $tempflag | 0x1 532 | end 533 | end 534 | document cfvarm 535 | Auxiliary function to change ARM Overflow Flag. 536 | end 537 | 538 | 539 | define hookstoparm 540 | # Display instructions formats 541 | if $ARMOPCODES == 1 542 | set arm show-opcode-bytes 1 543 | else 544 | set arm show-opcode-bytes 1 545 | end 546 | end 547 | document hookstoparm 548 | !!! FOR INTERNAL USE ONLY - DO NOT CALL !!! 549 | end 550 | -------------------------------------------------------------------------------- /.gdb/cpu-mips.gdb: -------------------------------------------------------------------------------- 1 | # Initialize these variables else comparisons will fail for colouring 2 | set $oldv0 = 0 3 | set $oldv1 = 0 4 | 5 | set $olda0 = 0 6 | set $olda1 = 0 7 | set $olda2 = 0 8 | set $olda3 = 0 9 | 10 | set $oldt0 = 0 11 | set $oldt1 = 0 12 | set $oldt2 = 0 13 | set $oldt3 = 0 14 | set $oldt4 = 0 15 | set $oldt5 = 0 16 | set $oldt6 = 0 17 | set $oldt8 = 0 18 | set $oldt9 = 0 19 | 20 | set $olds0 = 0 21 | set $olds1 = 0 22 | set $olds2 = 0 23 | set $olds3 = 0 24 | set $olds4 = 0 25 | set $olds5 = 0 26 | set $olds6 = 0 27 | set $olds7 = 0 28 | set $olds8 = 0 29 | 30 | set $oldkt0 = 0 31 | set $oldkt1 = 0 32 | 33 | set $oldgp = 0 34 | set $oldsp = 0 35 | set $oldra = 0 36 | set $oldat = 0 37 | 38 | 39 | define regmips 40 | # 64bits stuff 41 | printf " " 42 | 43 | echo \033[32m 44 | printf "V0: " 45 | echo \033[0m 46 | if $v0 47 | if ($v0 != $oldv0 && $SHOWREGCHANGES == 1) 48 | echo \033[31m 49 | end 50 | printf " 0x%016lX ", $v0 51 | else 52 | printf " 0x%016lX ", 0 53 | end 54 | 55 | echo \033[32m 56 | printf "V1: " 57 | echo \033[0m 58 | if $v1 59 | if ($v1 != $oldv1 && $SHOWREGCHANGES == 1) 60 | echo \033[31m 61 | end 62 | printf " 0x%016lX ", $v1 63 | else 64 | printf " 0x%016lX ", 0 65 | end 66 | 67 | echo \033[32m 68 | printf "A0: " 69 | echo \033[0m 70 | if $a0 71 | if ($a0 != $olda0 && $SHOWREGCHANGES == 1) 72 | echo \033[31m 73 | end 74 | printf " 0x%016lX ", $a0 75 | else 76 | printf " 0x%016lX ", 0 77 | end 78 | 79 | echo \033[32m 80 | printf "A1: " 81 | echo \033[0m 82 | if $a1 83 | if ($a1 != $olda1 && $SHOWREGCHANGES == 1) 84 | echo \033[31m 85 | end 86 | printf " 0x%016lX ", $a1 87 | else 88 | printf " 0x%016lX ", 0 89 | end 90 | 91 | echo \033[32m 92 | printf "A2: " 93 | echo \033[0m 94 | if $a2 95 | if ($a2 != $oldt5 && $SHOWREGCHANGES == 1) 96 | echo \033[31m 97 | end 98 | printf " 0x%016lX", $a2 99 | else 100 | printf " 0x%016lX", 0 101 | end 102 | 103 | 104 | # Newline 105 | printf "\n " 106 | 107 | echo \033[32m 108 | printf "A3: " 109 | echo \033[0m 110 | if $a3 111 | if ($a3 != $olda3 && $SHOWREGCHANGES == 1) 112 | echo \033[31m 113 | end 114 | printf " 0x%016lX ", $a3 115 | else 116 | printf " 0x%016lX ", 0 117 | end 118 | 119 | echo \033[32m 120 | printf "T0: " 121 | echo \033[0m 122 | if $t0 123 | if ($t0 != $oldt0 && $SHOWREGCHANGES == 1) 124 | echo \033[31m 125 | end 126 | printf " 0x%016lX ", $t0 127 | else 128 | printf " 0x%016lX ", 0 129 | end 130 | 131 | echo \033[32m 132 | printf "T1: " 133 | echo \033[0m 134 | if $t1 135 | if ($t1 != $oldt1 && $SHOWREGCHANGES == 1) 136 | echo \033[31m 137 | end 138 | printf " 0x%016lX ", $t1 139 | else 140 | printf " 0x%016lX ", 0 141 | end 142 | 143 | echo \033[32m 144 | printf "T2: " 145 | echo \033[0m 146 | if $t2 147 | if ($t2 != $oldt2 && $SHOWREGCHANGES == 1) 148 | echo \033[31m 149 | end 150 | printf " 0x%016lX ", $t2 151 | else 152 | printf " 0x%016lX ", 0 153 | end 154 | 155 | echo \033[32m 156 | printf "T3: " 157 | echo \033[0m 158 | if $t3 159 | if ($t3 != $oldt3 && $SHOWREGCHANGES == 1) 160 | echo \033[31m 161 | end 162 | printf " 0x%016lX", $t3 163 | else 164 | printf " 0x%016lX", 0 165 | end 166 | 167 | 168 | # Newline 169 | printf "\n " 170 | 171 | echo \033[32m 172 | printf "T4: " 173 | echo \033[0m 174 | if $t4 175 | if ($t4 != $oldt4 && $SHOWREGCHANGES == 1) 176 | echo \033[31m 177 | end 178 | printf " 0x%016lX ", $t4 179 | else 180 | printf " 0x%016lX ", 0 181 | end 182 | 183 | echo \033[32m 184 | printf "T5: " 185 | echo \033[0m 186 | if $t5 187 | if ($t5 != $oldt5 && $SHOWREGCHANGES == 1) 188 | echo \033[31m 189 | end 190 | printf " 0x%016lX ", $t5 191 | else 192 | printf " 0x%016lX ", 0 193 | end 194 | 195 | echo \033[32m 196 | printf "T6: " 197 | echo \033[0m 198 | if $t6 199 | if ($t6 != $oldt6 && $SHOWREGCHANGES == 1) 200 | echo \033[31m 201 | end 202 | printf " 0x%016lX ", $t6 203 | else 204 | printf " 0x%016lX ", 0 205 | end 206 | 207 | echo \033[32m 208 | printf "T7: " 209 | echo \033[0m 210 | if $t7 211 | if ($t7 != $oldt7 && $SHOWREGCHANGES == 1) 212 | echo \033[31m 213 | end 214 | printf " 0x%016lX ", $t7 215 | else 216 | printf " 0x%016lX ", 0 217 | end 218 | 219 | echo \033[32m 220 | printf "T8: " 221 | echo \033[0m 222 | if $t8 223 | if ($t8 != $oldt8 && $SHOWREGCHANGES == 1) 224 | echo \033[31m 225 | end 226 | printf " 0x%016lX", $t8 227 | else 228 | printf " 0x%016lX", 0 229 | end 230 | 231 | 232 | # Newline 233 | printf "\n " 234 | 235 | echo \033[32m 236 | printf "T9: " 237 | echo \033[0m 238 | if $t9 239 | if ($t9 != $oldt9 && $SHOWREGCHANGES == 1) 240 | echo \033[31m 241 | end 242 | printf " 0x%016lX ", $t9 243 | else 244 | printf " 0x%016lX ", 0 245 | end 246 | 247 | echo \033[32m 248 | printf "S0: " 249 | echo \033[0m 250 | if $s0 251 | if ($s0 != $olds0 && $SHOWREGCHANGES == 1) 252 | echo \033[31m 253 | end 254 | printf " 0x%016lX ", $s0 255 | else 256 | printf " 0x%016lX ", 0 257 | end 258 | 259 | echo \033[32m 260 | printf "S1: " 261 | echo \033[0m 262 | if $s1 263 | if ($s1 != $olds1 && $SHOWREGCHANGES == 1) 264 | echo \033[31m 265 | end 266 | printf " 0x%016lX ", $s1 267 | else 268 | printf " 0x%016lX ", 0 269 | end 270 | 271 | echo \033[32m 272 | printf "S2: " 273 | echo \033[0m 274 | if $s2 275 | if ($s2 != $olds2 && $SHOWREGCHANGES == 1) 276 | echo \033[31m 277 | end 278 | printf " 0x%016lX ", $s2 279 | else 280 | printf " 0x%016lX ", 0 281 | end 282 | 283 | echo \033[32m 284 | printf "S3: " 285 | echo \033[0m 286 | if $s3 287 | if ($s3 != $olds3 && $SHOWREGCHANGES == 1) 288 | echo \033[31m 289 | end 290 | printf " 0x%016lX", $s3 291 | else 292 | printf " 0x%016lX", 0 293 | end 294 | 295 | 296 | # Newline 297 | printf "\n " 298 | 299 | echo \033[32m 300 | printf "S4: " 301 | echo \033[0m 302 | if $s4 303 | if ($s4 != $olds4 && $SHOWREGCHANGES == 1) 304 | echo \033[31m 305 | end 306 | printf " 0x%016lX ", $s4 307 | else 308 | printf " 0x%016lX ", 0 309 | end 310 | 311 | echo \033[32m 312 | printf "S5: " 313 | echo \033[0m 314 | if $s5 315 | if ($s5 != $olds5 && $SHOWREGCHANGES == 1) 316 | echo \033[31m 317 | end 318 | printf " 0x%016lX ", $s5 319 | else 320 | printf " 0x%016lX ", 0 321 | end 322 | 323 | echo \033[32m 324 | printf "S6: " 325 | echo \033[0m 326 | if $s6 327 | if ($s6 != $olds6 && $SHOWREGCHANGES == 1) 328 | echo \033[31m 329 | end 330 | printf " 0x%016lX ", $s6 331 | else 332 | printf " 0x%016lX ", 0 333 | end 334 | 335 | echo \033[32m 336 | printf "S7: " 337 | echo \033[0m 338 | if $s7 339 | if ($s7 != $olds7 && $SHOWREGCHANGES == 1) 340 | echo \033[31m 341 | end 342 | printf " 0x%016lX ", $s7 343 | else 344 | printf " 0x%016lX ", 0 345 | end 346 | 347 | echo \033[32m 348 | printf "S8: " 349 | echo \033[0m 350 | if $s8 351 | if ($s8 != $olds8 && $SHOWREGCHANGES == 1) 352 | echo \033[31m 353 | end 354 | printf " 0x%016lX", $s8 355 | else 356 | printf " 0x%016lX", 0 357 | end 358 | 359 | 360 | # Newline 361 | printf "\n\n " 362 | 363 | echo \033[32m 364 | printf "0: " 365 | echo \033[0m 366 | printf " 0x%016lX ", $zero 367 | echo \033[32m 368 | printf "AT: " 369 | echo \033[0m 370 | printf " 0x%016lX ", $at 371 | echo \033[32m 372 | printf "GP: " 373 | echo \033[0m 374 | printf " 0x%016lX ", $gp 375 | echo \033[32m 376 | printf "SP: " 377 | echo \033[0m 378 | printf " 0x%016lX", $sp 379 | 380 | 381 | # Newline 382 | printf "\n " 383 | 384 | echo \033[32m 385 | printf "KT0:" 386 | echo \033[0m 387 | printf " 0x%016lX ", $kt0 388 | echo \033[32m 389 | printf "KT1:" 390 | echo \033[0m 391 | printf " 0x%016lX ", $kt1 392 | echo \033[0m 393 | 394 | 395 | # End of registers 396 | printf "\n" 397 | 398 | if ($SHOWREGCHANGES == 1) 399 | if $v0 400 | set $oldv0 = $v0 401 | end 402 | if $v1 403 | set $oldv1 = $v1 404 | end 405 | 406 | if $a0 407 | set $olda0 = $a0 408 | end 409 | if $a1 410 | set $olda1 = $a1 411 | end 412 | if $a2 413 | set $olda2 = $a2 414 | end 415 | if $a3 416 | set $olda3 = $a3 417 | end 418 | 419 | if $t0 420 | set $oldt0 = $t0 421 | end 422 | if $t1 423 | set $oldt1 = $t1 424 | end 425 | if $t2 426 | set $oldt2 = $t2 427 | end 428 | if $t3 429 | set $oldt3 = $t3 430 | end 431 | if $t4 432 | set $oldt4 = $t4 433 | end 434 | if $t5 435 | set $oldt5 = $t5 436 | end 437 | if $t6 438 | set $oldt6 = $t6 439 | end 440 | if $t7 441 | set $oldt8 = $t8 442 | end 443 | if $t9 444 | set $oldt9 = $t9 445 | end 446 | 447 | if $s0 448 | set $olds0 = $s0 449 | end 450 | if $s1 451 | set $olds1 = $s1 452 | end 453 | if $s2 454 | set $olds2 = $s2 455 | end 456 | if $s3 457 | set $olds3 = $s3 458 | end 459 | if $s4 460 | set $olds4 = $s4 461 | end 462 | if $s5 463 | set $olds5 = $s5 464 | end 465 | if $s6 466 | set $olds6 = $s6 467 | end 468 | if $s7 469 | set $olds8 = $s8 470 | end 471 | 472 | if $kt0 473 | set $oldkt0 = $kt0 474 | end 475 | if $kt1 476 | set $oldkt1 = $kt1 477 | end 478 | 479 | if $gp 480 | set $oldgp = $gp 481 | end 482 | if $sp 483 | set $oldsp = $sp 484 | end 485 | if $ra 486 | set $oldra = $ra 487 | end 488 | if $at 489 | set $oldat = $at 490 | end 491 | end 492 | end 493 | document regmips 494 | Auxiliary function to display MIPS registers. 495 | end 496 | -------------------------------------------------------------------------------- /.gdb/cpu-x86.gdb: -------------------------------------------------------------------------------- 1 | # Initialize these variables else comparisons will fail for colouring 2 | set $oldrax = 0 3 | set $oldrbx = 0 4 | set $oldrcx = 0 5 | set $oldrdx = 0 6 | set $oldrsi = 0 7 | set $oldrdi = 0 8 | set $oldrbp = 0 9 | set $oldrsp = 0 10 | set $oldr8 = 0 11 | set $oldr9 = 0 12 | set $oldr10 = 0 13 | set $oldr11 = 0 14 | set $oldr12 = 0 15 | set $oldr13 = 0 16 | set $oldr14 = 0 17 | set $oldr15 = 0 18 | 19 | set $oldeax = 0 20 | set $oldebx = 0 21 | set $oldecx = 0 22 | set $oldedx = 0 23 | set $oldesi = 0 24 | set $oldedi = 0 25 | set $oldebp = 0 26 | set $oldesp = 0 27 | 28 | 29 | define flagsx86 30 | # OF (overflow) flag 31 | if (($eflags >> 0xB) & 1) 32 | printf "O " 33 | set $_of_flag = 1 34 | else 35 | printf "o " 36 | set $_of_flag = 0 37 | end 38 | # DF (direction) flag 39 | if (($eflags >> 0xA) & 1) 40 | printf "D " 41 | else 42 | printf "d " 43 | end 44 | # IF (interrupt enable) flag 45 | if (($eflags >> 9) & 1) 46 | printf "I " 47 | else 48 | printf "i " 49 | end 50 | # TF (trap) flag 51 | if (($eflags >> 8) & 1) 52 | printf "T " 53 | else 54 | printf "t " 55 | end 56 | # SF (sign) flag 57 | if (($eflags >> 7) & 1) 58 | printf "S " 59 | set $_sf_flag = 1 60 | else 61 | printf "s " 62 | set $_sf_flag = 0 63 | end 64 | # ZF (zero) flag 65 | if (($eflags >> 6) & 1) 66 | printf "Z " 67 | set $_zf_flag = 1 68 | else 69 | printf "z " 70 | set $_zf_flag = 0 71 | end 72 | # AF (adjust) flag 73 | if (($eflags >> 4) & 1) 74 | printf "A " 75 | else 76 | printf "a " 77 | end 78 | # PF (parity) flag 79 | if (($eflags >> 2) & 1) 80 | printf "P " 81 | set $_pf_flag = 1 82 | else 83 | printf "p " 84 | set $_pf_flag = 0 85 | end 86 | # CF (carry) flag 87 | if ($eflags & 1) 88 | printf "C " 89 | set $_cf_flag = 1 90 | else 91 | printf "c " 92 | set $_cf_flag = 0 93 | end 94 | printf "\n" 95 | end 96 | document flagsx86 97 | Auxiliary function to set X86/X64 cpu flags. 98 | end 99 | 100 | 101 | define eflagsx86 102 | printf " OF <%d> DF <%d> IF <%d> TF <%d>", \ 103 | (($eflags >> 0xB) & 1), (($eflags >> 0xA) & 1), \ 104 | (($eflags >> 9) & 1), (($eflags >> 8) & 1) 105 | printf " SF <%d> ZF <%d> AF <%d> PF <%d> CF <%d>\n", \ 106 | (($eflags >> 7) & 1), (($eflags >> 6) & 1), \ 107 | (($eflags >> 4) & 1), (($eflags >> 2) & 1), ($eflags & 1) 108 | printf " ID <%d> VIP <%d> VIF <%d> AC <%d>", \ 109 | (($eflags >> 0x15) & 1), (($eflags >> 0x14) & 1), \ 110 | (($eflags >> 0x13) & 1), (($eflags >> 0x12) & 1) 111 | printf " VM <%d> RF <%d> NT <%d> IOPL <%d>\n", \ 112 | (($eflags >> 0x11) & 1), (($eflags >> 0x10) & 1), \ 113 | (($eflags >> 0xE) & 1), (($eflags >> 0xC) & 3) 114 | end 115 | document eflagsx86 116 | Auxillary function to print X86/X64 eflags register. 117 | end 118 | 119 | 120 | define regx86_64 121 | # 64bits stuff 122 | printf " " 123 | 124 | # RAX 125 | echo \033[32m 126 | printf "RAX:" 127 | echo \033[0m 128 | if $rax 129 | if ($rax != $oldrax && $SHOWREGCHANGES == 1) 130 | echo \033[31m 131 | end 132 | printf " 0x%016lX ", $rax 133 | else 134 | printf " 0x%016lX ", 0 135 | end 136 | 137 | # RBX 138 | echo \033[32m 139 | printf "RBX:" 140 | echo \033[0m 141 | if $rbx 142 | if ($rbx != $oldrbx && $SHOWREGCHANGES == 1) 143 | echo \033[31m 144 | end 145 | printf " 0x%016lX ", $rbx 146 | else 147 | printf " 0x%016lX ", 0 148 | end 149 | 150 | # RCX 151 | echo \033[32m 152 | printf "RCX:" 153 | echo \033[0m 154 | if $rcx 155 | if ($rcx != $oldrcx && $SHOWREGCHANGES == 1) 156 | echo \033[31m 157 | end 158 | printf " 0x%016lX ", $rcx 159 | else 160 | printf " 0x%016lX ", 0 161 | end 162 | 163 | # RDX 164 | echo \033[32m 165 | printf "RDX:" 166 | echo \033[0m 167 | if $rdx 168 | if ($rdx != $oldrdx && $SHOWREGCHANGES == 1) 169 | echo \033[31m 170 | end 171 | printf " 0x%016lX ", $rdx 172 | else 173 | printf " 0x%016lX ", 0 174 | end 175 | 176 | echo \033[1m\033[4m\033[31m 177 | flags 178 | echo \033[0m 179 | printf " " 180 | 181 | # RSI 182 | echo \033[32m 183 | printf "RSI:" 184 | echo \033[0m 185 | if $rsi 186 | if ($rsi != $oldrsi && $SHOWREGCHANGES == 1) 187 | echo \033[31m 188 | end 189 | printf " 0x%016lX ", $rsi 190 | else 191 | printf " 0x%016lX ", 0 192 | end 193 | 194 | # RDI 195 | echo \033[32m 196 | printf "RDI:" 197 | echo \033[0m 198 | if $rdi 199 | if ($rdi != $oldrdi && $SHOWREGCHANGES == 1) 200 | echo \033[31m 201 | end 202 | printf " 0x%016lX ", $rdi 203 | else 204 | printf " 0x%016lX ", 0 205 | end 206 | 207 | # RBP 208 | echo \033[32m 209 | printf "RBP:" 210 | echo \033[0m 211 | if $rbp 212 | if ($rbp != $oldrbp && $SHOWREGCHANGES == 1) 213 | echo \033[31m 214 | end 215 | printf " 0x%016lX ", $rbp 216 | else 217 | printf " 0x%016lX ", 0 218 | end 219 | 220 | # RSP 221 | echo \033[32m 222 | printf "RSP:" 223 | echo \033[0m 224 | if $rsp 225 | if ($rsp != $oldrsp && $SHOWREGCHANGES == 1) 226 | echo \033[31m 227 | end 228 | printf " 0x%016lX ", $rsp 229 | else 230 | printf " 0x%016lX ", 0 231 | end 232 | 233 | echo \033[32m 234 | printf "RIP:" 235 | echo \033[0m 236 | if $rip 237 | printf " 0x%016lX", $rip 238 | else 239 | printf " 0x%016lX", 0 240 | end 241 | 242 | 243 | # Newline 244 | printf "\n " 245 | 246 | # R8 247 | echo \033[32m 248 | printf "R8 :" 249 | echo \033[0m 250 | if $r8 251 | if ($r8 != $oldr8 && $SHOWREGCHANGES == 1) 252 | echo \033[31m 253 | end 254 | printf " 0x%016lX ", $r8 255 | else 256 | printf " 0x%016lX ", 0 257 | end 258 | 259 | # R9 260 | echo \033[32m 261 | printf "R9 :" 262 | echo \033[0m 263 | if $r9 264 | if ($r9 != $oldr9 && $SHOWREGCHANGES == 1) 265 | echo \033[31m 266 | end 267 | printf " 0x%016lX ", $r9 268 | else 269 | printf " 0x%016lX ", 0 270 | end 271 | 272 | # R10 273 | echo \033[32m 274 | printf "R10:" 275 | echo \033[0m 276 | if $r10 277 | if ($r10 != $oldr10 && $SHOWREGCHANGES == 1) 278 | echo \033[31m 279 | end 280 | printf " 0x%016lX ", $r10 281 | else 282 | printf " 0x%016lX ", 0 283 | end 284 | 285 | # R11 286 | echo \033[32m 287 | printf "R11:" 288 | echo \033[0m 289 | if $r11 290 | if ($r11 != $oldr11 && $SHOWREGCHANGES == 1) 291 | echo \033[31m 292 | end 293 | printf " 0x%016lX ", $r11 294 | else 295 | printf " 0x%016lX ", 0 296 | end 297 | 298 | # R12 299 | echo \033[32m 300 | printf "R12:" 301 | echo \033[0m 302 | if $r12 303 | if ($r12 != $oldr12 && $SHOWREGCHANGES == 1) 304 | echo \033[31m 305 | end 306 | printf " 0x%016lX", $r12 307 | else 308 | printf " 0x%016lX", 0 309 | end 310 | 311 | 312 | # Newline 313 | printf "\n " 314 | 315 | # R13 316 | echo \033[32m 317 | printf "R13:" 318 | echo \033[0m 319 | if $r13 320 | if ($r13 != $oldr13 && $SHOWREGCHANGES == 1) 321 | echo \033[31m 322 | end 323 | printf " 0x%016lX ", $r13 324 | else 325 | printf " 0x%016lX ", 0 326 | end 327 | 328 | # R14 329 | echo \033[32m 330 | printf "R14:" 331 | echo \033[0m 332 | if $r14 333 | if ($r14 != $oldr14 && $SHOWREGCHANGES == 1) 334 | echo \033[31m 335 | end 336 | printf " 0x%016lX ", $r14 337 | else 338 | printf " 0x%016lX ", 0 339 | end 340 | 341 | # R15 342 | echo \033[32m 343 | printf "R15:" 344 | echo \033[0m 345 | if $r15 346 | if ($r15 != $oldr15 && $SHOWREGCHANGES == 1) 347 | echo \033[31m 348 | end 349 | printf " 0x%016lX ", $r15 350 | else 351 | printf " 0x%016lX ", 0 352 | end 353 | 354 | 355 | # Newline 356 | printf "\n " 357 | 358 | echo \033[32m 359 | printf "CS:" 360 | echo \033[0m 361 | if $cs 362 | printf " %04X ", $cs 363 | else 364 | printf " %04X ", 0 365 | end 366 | echo \033[32m 367 | printf "DS:" 368 | echo \033[0m 369 | if $ds 370 | printf " %04X ", $ds 371 | else 372 | printf " %04X ", 0 373 | end 374 | echo \033[32m 375 | printf "ES:" 376 | echo \033[0m 377 | if $es 378 | printf " %04X ", $es 379 | else 380 | printf " %04X ", 0 381 | end 382 | echo \033[32m 383 | printf "FS:" 384 | echo \033[0m 385 | if $fs 386 | printf " %04X ", $fs 387 | else 388 | printf " %04X ", 0 389 | end 390 | echo \033[32m 391 | printf "GS:" 392 | echo \033[0m 393 | if $gs 394 | printf " %04X ", $gs 395 | else 396 | printf " %04X ", 0 397 | end 398 | echo \033[32m 399 | printf "SS:" 400 | echo \033[0m 401 | if $ss 402 | printf " %04X", $ss 403 | else 404 | printf " %04X ", 0 405 | end 406 | echo \033[0m 407 | 408 | if ($SHOWREGCHANGES == 1) 409 | if $rax 410 | set $oldrax = $rax 411 | end 412 | if $rbx 413 | set $oldrbx = $rbx 414 | end 415 | if $rcx 416 | set $oldrcx = $rcx 417 | end 418 | if $rdx 419 | set $oldrdx = $rdx 420 | end 421 | if $rsi 422 | set $oldrsi = $rsi 423 | end 424 | if $rdi 425 | set $oldrdi = $rdi 426 | end 427 | if $rbp 428 | set $oldrbp = $rbp 429 | end 430 | if $rsp 431 | set $oldrsp = $rsp 432 | end 433 | if $r8 434 | set $oldr8 = $r8 435 | end 436 | if $r9 437 | set $oldr9 = $r9 438 | end 439 | if $r10 440 | set $oldr10 = $r10 441 | end 442 | if $r11 443 | set $oldr11 = $r11 444 | end 445 | if $r12 446 | set $oldr12 = $r12 447 | end 448 | if $r13 449 | set $oldr13 = $r13 450 | end 451 | if $r14 452 | set $oldr14 = $r14 453 | end 454 | if $r15 455 | set $oldr15 = $r15 456 | end 457 | end 458 | end 459 | document regx86_64 460 | Auxiliary function to display X86_64 registers. 461 | end 462 | 463 | 464 | define regx86 465 | printf " " 466 | # EAX 467 | echo \033[32m 468 | printf "EAX:" 469 | echo \033[0m 470 | if $eax 471 | if ($eax != $oldeax && $SHOWREGCHANGES == 1) 472 | echo \033[31m 473 | end 474 | printf " 0x%08X ", $eax 475 | else 476 | printf " 0x%08X ", 0 477 | end 478 | 479 | # EBX 480 | echo \033[32m 481 | printf "EBX:" 482 | echo \033[0m 483 | if $ebx 484 | if ($ebx != $oldebx && $SHOWREGCHANGES == 1) 485 | echo \033[31m 486 | end 487 | printf " 0x%08X ", $ebx 488 | else 489 | printf " 0x%08X ", 0 490 | end 491 | 492 | # ECX 493 | echo \033[32m 494 | printf "ECX:" 495 | echo \033[0m 496 | if $ecx 497 | if ($ecx != $oldecx && $SHOWREGCHANGES == 1) 498 | echo \033[31m 499 | end 500 | printf " 0x%08X ", $ecx 501 | else 502 | printf " 0x%08X ", 0 503 | end 504 | 505 | # EDX 506 | if $edx 507 | if ($edx != $oldedx && $SHOWREGCHANGES == 1) 508 | echo \033[32m 509 | printf "EDX:" 510 | echo \033[31m 511 | printf " 0x%08X ", $edx 512 | else 513 | echo \033[32m 514 | printf "EDX:" 515 | echo \033[0m 516 | printf " 0x%08X ", $edx 517 | end 518 | else 519 | printf "EDX:" 520 | echo \033[0m 521 | printf " 0x%08X ", 0 522 | end 523 | 524 | echo \033[1m\033[4m\033[31m 525 | flags 526 | echo \033[0m 527 | 528 | 529 | # Newline 530 | printf "\n " 531 | 532 | # ESI 533 | echo \033[32m 534 | printf "ESI:" 535 | echo \033[0m 536 | if $esi 537 | if ($esi != $oldesi && $SHOWREGCHANGES == 1) 538 | echo \033[31m 539 | end 540 | printf " 0x%08X ", $esi 541 | else 542 | printf " 0x%08X ", 0 543 | end 544 | 545 | # EDI 546 | echo \033[32m 547 | printf "EDI:" 548 | echo \033[0m 549 | if $edi 550 | if ($edi != $oldedi && $SHOWREGCHANGES == 1) 551 | echo \033[31m 552 | end 553 | printf " 0x%08X ", $edi 554 | else 555 | printf " 0x%08X ", 0 556 | end 557 | 558 | # EBP 559 | echo \033[32m 560 | printf "EBP:" 561 | echo \033[0m 562 | if $ebp 563 | if ($ebp != $oldebp && $SHOWREGCHANGES == 1) 564 | echo \033[31m 565 | end 566 | printf " 0x%08X ", $ebp 567 | else 568 | printf " 0x%08X ", 0 569 | end 570 | 571 | # ESP 572 | echo \033[32m 573 | printf "ESP:" 574 | echo \033[0m 575 | if $esp 576 | if ($esp != $oldesp && $SHOWREGCHANGES == 1) 577 | echo \033[31m 578 | end 579 | printf " 0x%08X ", $esp 580 | else 581 | printf " 0x%08X ", 0 582 | end 583 | 584 | # EIP 585 | echo \033[32m 586 | printf "EIP:" 587 | echo \033[0m 588 | if $eip 589 | printf " 0x%08X", $eip 590 | else 591 | printf " 0x%08X", 0 592 | end 593 | 594 | 595 | # Newline 596 | printf "\n " 597 | 598 | echo \033[32m 599 | printf "CS:" 600 | echo \033[0m 601 | if $cs 602 | printf " %04X ", $cs 603 | else 604 | printf " %04X ", 0 605 | end 606 | echo \033[32m 607 | printf "DS:" 608 | echo \033[0m 609 | if $ds 610 | printf " %04X ", $ds 611 | else 612 | printf " %04X ", 0 613 | end 614 | echo \033[32m 615 | printf "ES:" 616 | echo \033[0m 617 | if $es 618 | printf " %04X ", $es 619 | else 620 | printf " %04X ", 0 621 | end 622 | echo \033[32m 623 | printf "FS:" 624 | echo \033[0m 625 | if $fs 626 | printf " %04X ", $fs 627 | else 628 | printf " %04X ", 0 629 | end 630 | echo \033[32m 631 | printf "GS:" 632 | echo \033[0m 633 | if $gs 634 | printf " %04X ", $gs 635 | else 636 | printf " %04X ", 0 637 | end 638 | echo \033[32m 639 | printf "SS:" 640 | echo \033[0m 641 | if $ss 642 | printf " %04X ", $ss 643 | else 644 | printf " %04X ", 0 645 | end 646 | echo \033[0m 647 | 648 | if ($SHOWREGCHANGES == 1) 649 | if $eax 650 | set $oldeax = $eax 651 | end 652 | if $ebx 653 | set $oldebx = $ebx 654 | end 655 | if $ecx 656 | set $oldecx = $ecx 657 | end 658 | if $edx 659 | set $oldedx = $edx 660 | end 661 | if $esi 662 | set $oldesi = $esi 663 | end 664 | if $edi 665 | set $oldedi = $edi 666 | end 667 | if $ebp 668 | set $oldebp = $ebp 669 | end 670 | if $esp 671 | set $oldesp = $esp 672 | end 673 | end 674 | end 675 | document regx86 676 | Auxiliary function to display X86 registers. 677 | end 678 | 679 | 680 | define smallregisters 681 | if ($X86_64 == 1) 682 | #64bits stuff 683 | # from rax 684 | set $eax = $rax & 0xffffffff 685 | set $ax = $rax & 0xffff 686 | set $al = $ax & 0xff 687 | set $ah = $ax >> 8 688 | # from rbx 689 | set $ebx = $rbx & 0xffffffff 690 | set $bx = $rbx & 0xffff 691 | set $bl = $bx & 0xff 692 | set $bh = $bx >> 8 693 | # from rcx 694 | set $ecx = $rcx & 0xffffffff 695 | set $cx = $rcx & 0xffff 696 | set $cl = $cx & 0xff 697 | set $ch = $cx >> 8 698 | # from rdx 699 | set $edx = $rdx & 0xffffffff 700 | set $dx = $rdx & 0xffff 701 | set $dl = $dx & 0xff 702 | set $dh = $dx >> 8 703 | # from rsi 704 | set $esi = $rsi & 0xffffffff 705 | set $si = $rsi & 0xffff 706 | # from rdi 707 | set $edi = $rdi & 0xffffffff 708 | set $di = $rdi & 0xffff 709 | #32 bits stuff 710 | end 711 | 712 | if ($X86 == 1) 713 | # from eax 714 | set $ax = $eax & 0xffff 715 | set $al = $ax & 0xff 716 | set $ah = $ax >> 8 717 | # from ebx 718 | set $bx = $ebx & 0xffff 719 | set $bl = $bx & 0xff 720 | set $bh = $bx >> 8 721 | # from ecx 722 | set $cx = $ecx & 0xffff 723 | set $cl = $cx & 0xff 724 | set $ch = $cx >> 8 725 | # from edx 726 | set $dx = $edx & 0xffff 727 | set $dl = $dx & 0xff 728 | set $dh = $dx >> 8 729 | # from esi 730 | set $si = $esi & 0xffff 731 | # from edi 732 | set $di = $edi & 0xffff 733 | end 734 | end 735 | document smallregisters 736 | Create the 16 and 8 bit cpu registers (gdb doesn't have them by default). 737 | And 32bits if we are dealing with 64bits binaries. 738 | end 739 | 740 | 741 | define stepoframeworkx86 742 | ## we know that an opcode starting by 0xE8 has a fixed length 743 | ## for the 0xFF opcodes, we can enumerate what is possible to have 744 | # first we grab the first 3 bytes from the current program counter 745 | set $_byte1 = *(unsigned char *) $pc 746 | set $_byte2 = *(unsigned char *) ($pc+1) 747 | set $_byte3 = *(unsigned char *) ($pc+2) 748 | # and start the fun 749 | # if it's a 0xE8 opcode, the total instruction size will be 5 bytes 750 | # so we can simply calculate the next address and use a temporary breakpoint ! Voila :) 751 | set $_nextaddress = 0 752 | # this one is the must useful for us !!! 753 | if ($_byte1 == 0xE8) 754 | set $_nextaddress = $pc + 0x5 755 | else 756 | # just other cases we might be interested in... maybe this should be removed since the 0xE8 opcode is the one we will use more 757 | # this is a big fucking mess and can be improved for sure :) I don't like the way it is ehehehe 758 | if ($_byte1 == 0xFF) 759 | # call *%eax (0xFFD0) || call *%edx (0xFFD2) || call *(%ecx) (0xFFD1) || call (%eax) (0xFF10) || call *%esi (0xFFD6) || call *%ebx (0xFFD3) || call DWORD PTR [edx] (0xFF12) 760 | if ($_byte2 == 0xD0 || $_byte2 == 0xD1 || $_byte2 == 0xD2 || $_byte2 == 0xD3 || $_byte2 == 0xD6 || $_byte2 == 0x10 || $_byte2 == 0x11 || $_byte2 == 0xD7 || $_byte2 == 0x12) 761 | set $_nextaddress = $pc + 0x2 762 | end 763 | # call *0x??(%ebp) (0xFF55??) || call *0x??(%esi) (0xFF56??) || call *0x??(%edi) (0xFF5F??) || call *0x??(%ebx) 764 | # call *0x??(%edx) (0xFF52??) || call *0x??(%ecx) (0xFF51??) || call *0x??(%edi) (0xFF57??) || call *0x??(%eax) (0xFF50??) 765 | if ($_byte2 == 0x55 || $_byte2 == 0x56 || $_byte2 == 0x5F || $_byte2 == 0x53 || $_byte2 == 0x52 || $_byte2 == 0x51 || $_byte2 == 0x57 || $_byte2 == 0x50) 766 | set $_nextaddress = $pc + 0x3 767 | end 768 | # call *0x????????(%ebx) (0xFF93????????) || 769 | if ($_byte2 == 0x93 || $_byte2 == 0x94 || $_byte2 == 0x90 || $_byte2 == 0x92 || $_byte2 == 0x95) 770 | set $_nextaddress = $pc + 6 771 | end 772 | # call *0x????????(%ebx,%eax,4) (0xFF94??????????) 773 | if ($_byte2 == 0x94) 774 | set $_nextaddress = $pc + 7 775 | end 776 | end 777 | end 778 | # if we have found a call to bypass we set a temporary breakpoint on next instruction and continue 779 | if ($_nextaddress != 0) 780 | if ($arg0 == 1) 781 | thbreak *$_nextaddress 782 | else 783 | tbreak *$_nextaddress 784 | end 785 | continue 786 | # else we just single step 787 | else 788 | nexti 789 | end 790 | end 791 | document stepoframeworkx86 792 | Auxiliary function to stepo command. 793 | end 794 | 795 | 796 | define cfcx86 797 | # Carry/Borrow/Extend (C), bit 29 798 | if ($eflags & 1) 799 | set $eflags = $eflags & ~0x1 800 | else 801 | set $eflags = $eflags | 0x1 802 | end 803 | end 804 | document cfcx86 805 | Auxiliary function to change x86 Carry Flag. 806 | end 807 | 808 | 809 | define cfzx86 810 | # zero (Z), bit 30 811 | if (($eflags >> 6) & 1) 812 | set $eflags = $eflags & ~0x40 813 | else 814 | set $eflags = $eflags | 0x40 815 | end 816 | end 817 | document cfzx86 818 | Auxiliary function to change x86 Zero Flag. 819 | end 820 | 821 | 822 | define hookstopx86 823 | # Display instructions formats 824 | if $X86FLAVOR == 0 825 | set disassembly-flavor intel 826 | else 827 | set disassembly-flavor att 828 | end 829 | end 830 | document hookstopx86 831 | !!! FOR INTERNAL USE ONLY - DO NOT CALL !!! 832 | end 833 | -------------------------------------------------------------------------------- /.gdb/cpu.gdb: -------------------------------------------------------------------------------- 1 | source ~/.gdb/cpu-arm.gdb 2 | source ~/.gdb/cpu-x86.gdb 3 | source ~/.gdb/cpu-mips.gdb 4 | 5 | define flags 6 | # call the auxiliary functions based on target cpu 7 | if ($ARM == 1) 8 | flagsarm 9 | end 10 | 11 | if (($X86 == 1) || ($X86_64 == 1)) 12 | flagsx86 13 | end 14 | end 15 | document flags 16 | Print flags register. 17 | end 18 | 19 | define eflags 20 | # call the auxiliary functions based on target cpu 21 | if $ARM == 1 22 | eflagsarm 23 | end 24 | 25 | if (($X86 == 1) || ($X86_64 == 1)) 26 | eflagsx86 27 | end 28 | end 29 | document eflags 30 | Print eflags register. 31 | end 32 | 33 | 34 | define reg 35 | if $ARM == 1 36 | regarm 37 | end 38 | 39 | if (($X86 == 1) || ($X86_64 == 1)) 40 | if ($X86_64 == 1) 41 | regx86_64 42 | else 43 | regx86 44 | end 45 | # call smallregisters 46 | smallregisters 47 | # display conditional jump routine 48 | if ($X86_64 == 1) 49 | printf "\t\t\t\t" 50 | end 51 | dumpjump 52 | printf "\n" 53 | end 54 | 55 | if ($MIPS == 1) 56 | regmips 57 | end 58 | end 59 | document reg 60 | Print CPU registers. 61 | end 62 | 63 | 64 | # _______________eflags commands______________ 65 | # conditional flags are 66 | # negative/less than (N), bit 31 of CPSR 67 | # zero (Z), bit 30 68 | # Carry/Borrow/Extend (C), bit 29 69 | # Overflow (V), bit 28 70 | 71 | # negative/less than (N), bit 31 of CPSR 72 | define cfn 73 | if $ARM == 1 74 | cfnarm 75 | end 76 | end 77 | document cfn 78 | Change Negative/Less Than Flag. 79 | end 80 | 81 | 82 | define cfc 83 | # Carry/Borrow/Extend (C), bit 29 84 | if $ARM == 1 85 | cfcarm 86 | end 87 | 88 | if (($X86 == 1) || ($X86_64 == 1)) 89 | cfcx86 90 | end 91 | end 92 | document cfc 93 | Change Carry Flag. 94 | end 95 | 96 | 97 | define cfp 98 | if (($eflags >> 2) & 1) 99 | set $eflags = $eflags & ~0x4 100 | else 101 | set $eflags = $eflags | 0x4 102 | end 103 | end 104 | document cfp 105 | Change Parity Flag. 106 | end 107 | 108 | 109 | define cfa 110 | if (($eflags >> 4) & 1) 111 | set $eflags = $eflags & ~0x10 112 | else 113 | set $eflags = $eflags | 0x10 114 | end 115 | end 116 | document cfa 117 | Change Auxiliary Carry Flag. 118 | end 119 | 120 | 121 | define cfz 122 | # zero (Z), bit 30 123 | if $ARM == 1 124 | cfzarm 125 | end 126 | 127 | if (($X86 == 1) || ($X86_64 == 1)) 128 | cfzx86 129 | end 130 | end 131 | document cfz 132 | Change Zero Flag. 133 | end 134 | 135 | 136 | define cfs 137 | if (($eflags >> 7) & 1) 138 | set $eflags = $eflags & ~0x80 139 | else 140 | set $eflags = $eflags | 0x80 141 | end 142 | end 143 | document cfs 144 | Change Sign Flag. 145 | end 146 | 147 | 148 | define cft 149 | if (($eflags >> 8) & 1) 150 | set $eflags = $eflags & ~0x100 151 | else 152 | set $eflags = $eflags | 0x100 153 | end 154 | end 155 | document cft 156 | Change Trap Flag. 157 | end 158 | 159 | 160 | define cfi 161 | if (($eflags >> 9) & 1) 162 | set $eflags = $eflags & ~0x200 163 | else 164 | set $eflags = $eflags | 0x200 165 | end 166 | end 167 | document cfi 168 | Change Interrupt Flag. 169 | Only privileged applications (usually the OS kernel) may modify IF. 170 | This only applies to protected mode (real mode code may always modify IF). 171 | end 172 | 173 | 174 | define cfd 175 | if (($eflags >> 0xA) & 1) 176 | set $eflags = $eflags & ~0x400 177 | else 178 | set $eflags = $eflags | 0x400 179 | end 180 | end 181 | document cfd 182 | Change Direction Flag. 183 | end 184 | 185 | 186 | define cfo 187 | if (($eflags >> 0xB) & 1) 188 | set $eflags = $eflags & ~0x800 189 | else 190 | set $eflags = $eflags | 0x800 191 | end 192 | end 193 | document cfo 194 | Change Overflow Flag. 195 | end 196 | 197 | 198 | # Overflow (V), bit 28 199 | define cfv 200 | if $ARM == 1 201 | cfvarm 202 | end 203 | end 204 | document cfv 205 | Change Overflow Flag. 206 | end 207 | 208 | 209 | # ____________________cflow___________________ 210 | define print_insn_type 211 | if $argc != 1 212 | help print_insn_type 213 | else 214 | if ($arg0 < 0 || $arg0 > 5) 215 | printf "UNDEFINED/WRONG VALUE" 216 | end 217 | if ($arg0 == 0) 218 | printf "UNKNOWN" 219 | end 220 | if ($arg0 == 1) 221 | printf "JMP" 222 | end 223 | if ($arg0 == 2) 224 | printf "JCC" 225 | end 226 | if ($arg0 == 3) 227 | printf "CALL" 228 | end 229 | if ($arg0 == 4) 230 | printf "RET" 231 | end 232 | if ($arg0 == 5) 233 | printf "INT" 234 | end 235 | end 236 | end 237 | document print_insn_type 238 | Print human-readable mnemonic for the instruction type (usually $INSN_TYPE). 239 | Usage: print_insn_type INSN_TYPE_NUMBER 240 | end 241 | 242 | 243 | define get_insn_type 244 | if $argc != 1 245 | help get_insn_type 246 | else 247 | set $INSN_TYPE = 0 248 | set $_byte1 = *(unsigned char *) $arg0 249 | if ($_byte1 == 0x9A || $_byte1 == 0xE8) 250 | # "call" 251 | set $INSN_TYPE = 3 252 | end 253 | if ($_byte1 >= 0xE9 && $_byte1 <= 0xEB) 254 | # "jmp" 255 | set $INSN_TYPE = 1 256 | end 257 | if ($_byte1 >= 0x70 && $_byte1 <= 0x7F) 258 | # "jcc" 259 | set $INSN_TYPE = 2 260 | end 261 | if ($_byte1 >= 0xE0 && $_byte1 <= 0xE3) 262 | # "jcc" 263 | set $INSN_TYPE = 2 264 | end 265 | if ($_byte1 == 0xC2 || $_byte1 == 0xC3 || $_byte1 == 0xCA || \ 266 | $_byte1 == 0xCB || $_byte1 == 0xCF) 267 | # "ret" 268 | set $INSN_TYPE = 4 269 | end 270 | if ($_byte1 >= 0xCC && $_byte1 <= 0xCE) 271 | # "int" 272 | set $INSN_TYPE = 5 273 | end 274 | if ($_byte1 == 0x0F) 275 | # two-byte opcode 276 | set $_byte2 = *(unsigned char *) ($arg0 + 1) 277 | if ($_byte2 >= 0x80 && $_byte2 <= 0x8F) 278 | # "jcc" 279 | set $INSN_TYPE = 2 280 | end 281 | end 282 | if ($_byte1 == 0xFF) 283 | # opcode extension 284 | set $_byte2 = *(unsigned char *) ($arg0 + 1) 285 | set $_opext = ($_byte2 & 0x38) 286 | if ($_opext == 0x10 || $_opext == 0x18) 287 | # "call" 288 | set $INSN_TYPE = 3 289 | end 290 | if ($_opext == 0x20 || $_opext == 0x28) 291 | # "jmp" 292 | set $INSN_TYPE = 1 293 | end 294 | end 295 | end 296 | end 297 | document get_insn_type 298 | Recognize instruction type at address ADDR. 299 | Take address ADDR and set the global $INSN_TYPE variable to 300 | 0, 1, 2, 3, 4, 5 if the instruction at that address is 301 | unknown, a jump, a conditional jump, a call, a return, or an interrupt. 302 | Usage: get_insn_type ADDR 303 | end 304 | 305 | 306 | define hookstopcpu 307 | if $ARM == 1 308 | hookstoparm 309 | end 310 | 311 | if (($X86 == 1) || ($X86_64 == 1)) 312 | hookstopx86 313 | end 314 | end 315 | document hookstopcpu 316 | !!! FOR INTERNAL USE ONLY - DO NOT CALL !!! 317 | end 318 | 319 | 320 | define context 321 | echo \033[34m 322 | if $SHOWCPUREGISTERS == 1 323 | printf "----------------------------------------" 324 | printf "----------------------------------" 325 | if ($64BITS == 1) 326 | printf "---------------------------------------------" 327 | end 328 | echo \033[34m\033[1m 329 | printf "[regs]\n" 330 | echo \033[0m 331 | reg 332 | echo \033[36m 333 | end 334 | 335 | if $SHOWSTACK == 1 336 | echo \033[34m 337 | if ($ARM == 1) 338 | printf "[0x%08X]---------", $sp 339 | end 340 | if ($MIPS == 1) 341 | printf "[0x%016lX]-------", $sp 342 | end 343 | if ($X86_64 == 1) 344 | printf "[0x%04X:0x%016lX]", $ss, $rsp 345 | end 346 | if ($X86 == 1) 347 | printf "[0x%04X:0x%08X]--", $ss, $esp 348 | end 349 | echo \033[34m 350 | printf "-------------------------" 351 | printf "-----------------------------" 352 | if ($64BITS == 1) 353 | printf "-------------------------------------" 354 | end 355 | echo \033[34m\033[1m 356 | printf "[stack]\n" 357 | echo \033[0m 358 | set $context_i = $CONTEXTSIZE_STACK 359 | while ($context_i > 0) 360 | set $context_t = $sp + 0x10 * ($context_i - 1) 361 | hexdump $context_t 362 | set $context_i-- 363 | end 364 | end 365 | 366 | # show the objective C message being passed to msgSend 367 | if $SHOWOBJECTIVEC == 1 368 | #FIXME: X64 and ARM 369 | # What a piece of crap that's going on here :) 370 | # detect if it's the correct opcode we are searching for 371 | if (($X86 == 1) || ($X86_64 == 1)) 372 | set $__byte1 = *(unsigned char *) $pc 373 | set $__byte = *(int *) $pc 374 | if ($__byte == 0x4244489) 375 | set $objectivec = $eax 376 | set $displayobjectivec = 1 377 | end 378 | 379 | if ($__byte == 0x4245489) 380 | set $objectivec = $edx 381 | set $displayobjectivec = 1 382 | end 383 | 384 | if ($__byte == 0x4244c89) 385 | set $objectivec = $ecx 386 | set $displayobjectivec = 1 387 | end 388 | end 389 | 390 | if ($ARM == 1) 391 | set $__byte1 = 0 392 | end 393 | # and now display it or not (we have no interest in having the info displayed after the call) 394 | if $__byte1 == 0xE8 395 | if $displayobjectivec == 1 396 | echo \033[34m 397 | printf "--------------------------------------------------------------------" 398 | if ($64BITS == 1) 399 | printf "---------------------------------------------" 400 | end 401 | echo \033[34m\033[1m 402 | printf "[ObjectiveC]\n" 403 | echo \033[0m\033[30m 404 | x/s $objectivec 405 | end 406 | set $displayobjectivec = 0 407 | end 408 | if $displayobjectivec == 1 409 | echo \033[34m 410 | printf "--------------------------------------------------------------------" 411 | if ($64BITS == 1) 412 | printf "---------------------------------------------" 413 | end 414 | echo \033[34m\033[1m 415 | printf "[ObjectiveC]\n" 416 | echo \033[0m\033[30m 417 | x/s $objectivec 418 | end 419 | end 420 | echo \033[0m 421 | # and this is the end of this little crap 422 | 423 | if $SHOWDATAWIN == 1 424 | datawin 425 | end 426 | 427 | set $context_i = $CONTEXTSIZE_CODE 428 | if ($context_i > 0) 429 | echo \033[34m 430 | printf "--------------------------------------------------------------------------" 431 | if ($64BITS == 1) 432 | printf "---------------------------------------------" 433 | end 434 | echo \033[34m\033[1m 435 | printf "[code]\n" 436 | echo \033[0m 437 | if ($SETCOLOUR1STLINE == 1) 438 | echo \033[32m 439 | x /i $pc 440 | echo \033[0m 441 | else 442 | x /i $pc 443 | end 444 | set $context_i-- 445 | while ($context_i > 0) 446 | x /i 447 | set $context_i-- 448 | end 449 | echo \033[34m 450 | printf "----------------------------------------" 451 | printf "----------------------------------------" 452 | if ($64BITS == 1) 453 | printf "---------------------------------------------\n" 454 | else 455 | printf "\n" 456 | end 457 | echo \033[0m 458 | end 459 | end 460 | document context 461 | Print context window, i.e. regs, stack, ds:esi and disassemble cs:eip. 462 | end 463 | 464 | 465 | define context-on 466 | set $SHOW_CONTEXT = 1 467 | printf "Displaying of context is now ON\n" 468 | end 469 | document context-on 470 | Enable display of context on every program break. 471 | end 472 | 473 | 474 | define context-off 475 | set $SHOW_CONTEXT = 0 476 | printf "Displaying of context is now OFF\n" 477 | end 478 | document context-off 479 | Disable display of context on every program break. 480 | end 481 | 482 | 483 | define dis 484 | if $argc == 0 485 | disassemble 486 | end 487 | if $argc == 1 488 | disassemble $arg0 489 | end 490 | if $argc == 2 491 | disassemble $arg0 $arg1 492 | end 493 | if $argc > 2 494 | help dis 495 | end 496 | end 497 | document dis 498 | Disassemble a specified section of memory. 499 | Default is to disassemble the function surrounding the PC (program counter) of selected frame. 500 | With one argument, ADDR1, the function surrounding this address is dumped. 501 | Two arguments are taken as a range of memory to dump. 502 | Usage: dis 503 | end 504 | -------------------------------------------------------------------------------- /.gdb/data.gdb: -------------------------------------------------------------------------------- 1 | # __________hex/ascii dump an address_________ 2 | define ascii_char 3 | if $argc != 1 4 | help ascii_char 5 | else 6 | # thanks elaine :) 7 | set $_c = *(unsigned char *) ($arg0) 8 | if ($_c < 0x20 || $_c > 0x7E) 9 | printf "." 10 | else 11 | printf "%c", $_c 12 | end 13 | end 14 | end 15 | document ascii_char 16 | Print ASCII value of byte at address ADDR. 17 | Print "." if the value is unprintable. 18 | Usage: ascii_char ADDR 19 | end 20 | 21 | 22 | define hex_quad 23 | if $argc != 1 24 | help hex_quad 25 | else 26 | printf "%02X %02X %02X %02X %02X %02X %02X %02X", \ 27 | *(unsigned char*) ($arg0), *(unsigned char*) ($arg0 + 1), \ 28 | *(unsigned char*) ($arg0 + 2), *(unsigned char*) ($arg0 + 3), \ 29 | *(unsigned char*) ($arg0 + 4), *(unsigned char*) ($arg0 + 5), \ 30 | *(unsigned char*) ($arg0 + 6), *(unsigned char*) ($arg0 + 7) 31 | end 32 | end 33 | document hex_quad 34 | Print eight hexadecimal bytes starting at address ADDR. 35 | Usage: hex_quad ADDR 36 | end 37 | 38 | 39 | define hexdump 40 | if $argc == 1 41 | hexdump_aux $arg0 42 | else 43 | if $argc == 2 44 | set $_count = 0 45 | while ($_count < $arg1) 46 | set $_i = ($_count * 0x10) 47 | set $_addr = $data_addr + $_i 48 | hexdump_aux $_addr 49 | set $_count++ 50 | end 51 | else 52 | help hexdump 53 | end 54 | end 55 | end 56 | document hexdump 57 | Display a 16-byte hex/ASCII dump of memory starting at address ADDR. 58 | Optional parameter is the number of lines to display if you want more than one. 59 | Usage: hexdump ADDR [nr lines] 60 | end 61 | 62 | 63 | define hexdump_aux 64 | if $argc != 1 65 | help hexdump_aux 66 | else 67 | echo \033[1m 68 | if ($64BITS == 1) 69 | printf "0x%016lX : ", $arg0 70 | else 71 | printf "0x%08X : ", $arg0 72 | end 73 | echo \033[0m 74 | hex_quad $arg0 75 | echo \033[1m 76 | printf " - " 77 | echo \033[0m 78 | set $_addr = $arg0 + 8 79 | hex_quad $_addr 80 | printf " " 81 | echo \033[1m 82 | set $_count = 0 83 | while ($_count < 0xf) 84 | set $_addr = $arg0 + $_count 85 | ascii_char $_addr 86 | set $_count++ 87 | end 88 | echo \033[0m 89 | printf "\n" 90 | end 91 | end 92 | document hexdump_aux 93 | Display a 16-byte hex/ASCII dump of memory at address ADDR. 94 | Usage: hexdump_aux ADDR 95 | end 96 | 97 | 98 | define search 99 | set $start = (char *) $arg0 100 | set $end = (char *) $arg1 101 | set $pattern = (short) $arg2 102 | set $p = $start 103 | while $p < $end 104 | if (*(short *) $p) == $pattern 105 | printf "pattern 0x%hx found at 0x%x\n", $pattern, $p 106 | end 107 | set $p++ 108 | end 109 | end 110 | document search 111 | Search for the given pattern beetween $start and $end address. 112 | Usage: search 113 | end 114 | -------------------------------------------------------------------------------- /.gdb/datawin.gdb: -------------------------------------------------------------------------------- 1 | # _______________data window__________________ 2 | define ddump 3 | if $argc != 1 4 | help ddump 5 | else 6 | echo \033[34m 7 | if ($ARM == 1) 8 | printf "[0x%08X]---------", $data_addr 9 | end 10 | if ($MIPS == 1) 11 | printf "[0x%016lX]-------", $data_addr 12 | end 13 | if ($X86 == 1) 14 | printf "[0x%04X:0x%08X]--", $ds, $data_addr 15 | end 16 | if ($X86_64 == 1) 17 | printf "[0x%04X:0x%016lX]", $ds, $data_addr 18 | end 19 | echo \033[34m 20 | printf "------------------------" 21 | printf "-------------------------------" 22 | if ($64BITS == 1) 23 | printf "-------------------------------------" 24 | end 25 | echo \033[1;34m 26 | printf "[data]\n" 27 | echo \033[0m 28 | set $_count = 0 29 | while ($_count < $arg0) 30 | set $_i = ($_count * 0x10) 31 | set $_addr = $data_addr + $_i 32 | hexdump $_addr 33 | set $_count++ 34 | end 35 | end 36 | end 37 | document ddump 38 | Display NUM lines of hexdump for address in $data_addr global variable. 39 | Usage: ddump NUM 40 | end 41 | 42 | 43 | define dd 44 | if $argc != 1 45 | help dd 46 | else 47 | set $data_addr = $arg0 48 | ddump 0x10 49 | end 50 | end 51 | document dd 52 | Display 16 lines of a hex dump of address starting at ADDR. 53 | Usage: dd ADDR 54 | end 55 | 56 | 57 | define datawin 58 | if $ARM == 1 59 | if ((($r0 >> 0x18) == 0x40) || (($r0 >> 0x18) == 0x08) || (($r0 >> 0x18) == 0xBF)) 60 | set $data_addr = $r0 61 | else 62 | if ((($r1 >> 0x18) == 0x40) || (($r1 >> 0x18) == 0x08) || (($r1 >> 0x18) == 0xBF)) 63 | set $data_addr = $r1 64 | else 65 | if ((($r2 >> 0x18) == 0x40) || (($r2 >> 0x18) == 0x08) || (($r2 >> 0x18) == 0xBF)) 66 | set $data_addr = $r2 67 | else 68 | if ((($r3 >> 0x18) == 0x40) || (($r3 >> 0x18) == 0x08) || (($r3 >> 0x18) == 0xBF)) 69 | set $data_addr = $r3 70 | else 71 | set $data_addr = $sp 72 | end 73 | end 74 | end 75 | end 76 | end 77 | 78 | if $MIPS == 1 79 | if ((($a0 >> 0x18) == 0x40) || (($a0 >> 0x18) == 0x08) || (($a0 >> 0x18) == 0xBF)) 80 | set $data_addr = $a0 81 | else 82 | if ((($a1 >> 0x18) == 0x40) || (($a1 >> 0x18) == 0x08) || (($a1 >> 0x18) == 0xBF)) 83 | set $data_addr = $a1 84 | else 85 | if ((($a2 >> 0x18) == 0x40) || (($a2 >> 0x18) == 0x08) || (($a2 >> 0x18) == 0xBF)) 86 | set $data_addr = $a2 87 | else 88 | if ((($a3 >> 0x18) == 0x40) || (($a3 >> 0x18) == 0x08) || (($a3 >> 0x18) == 0xBF)) 89 | set $data_addr = $a3 90 | else 91 | set $data_addr = $sp 92 | end 93 | end 94 | end 95 | end 96 | end 97 | 98 | if ($X86_64 == 1) 99 | if ((($rsi >> 0x18) == 0x40) || (($rsi >> 0x18) == 0x08) || (($rsi >> 0x18) == 0xBF)) 100 | set $data_addr = $rsi 101 | else 102 | if ((($rdi >> 0x18) == 0x40) || (($rdi >> 0x18) == 0x08) || (($rdi >> 0x18) == 0xBF)) 103 | set $data_addr = $rdi 104 | else 105 | if ((($rax >> 0x18) == 0x40) || (($rax >> 0x18) == 0x08) || (($rax >> 0x18) == 0xBF)) 106 | set $data_addr = $rax 107 | else 108 | set $data_addr = $rsp 109 | end 110 | end 111 | end 112 | end 113 | 114 | if ($X86 == 1) 115 | if ((($esi >> 0x18) == 0x40) || (($esi >> 0x18) == 0x08) || (($esi >> 0x18) == 0xBF)) 116 | set $data_addr = $esi 117 | else 118 | if ((($edi >> 0x18) == 0x40) || (($edi >> 0x18) == 0x08) || (($edi >> 0x18) == 0xBF)) 119 | set $data_addr = $edi 120 | else 121 | if ((($eax >> 0x18) == 0x40) || (($eax >> 0x18) == 0x08) || (($eax >> 0x18) == 0xBF)) 122 | set $data_addr = $eax 123 | else 124 | set $data_addr = $esp 125 | end 126 | end 127 | end 128 | end 129 | ddump $CONTEXTSIZE_DATA 130 | end 131 | document datawin 132 | Display valid address from one register in data window. 133 | Registers to choose are: esi, edi, eax, or esp. 134 | end 135 | -------------------------------------------------------------------------------- /.gdb/detect-target.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | TARGET_DOUBLET=$(grep 'file type' /tmp/gdb_info_target | 4 | sed 's/\.$//g' | 5 | cut -d ' ' -f 4 | 6 | uniq | 7 | tr -d '\n') 8 | OSABI=$(grep 'currently ' /tmp/gdb_info_target | 9 | sed 's/.*currently "\([^"]*\)".*/\1/' | 10 | tr -d '\n') 11 | GDB_FILE="/tmp/gdb_target_arch.gdb" 12 | rm -f "$GDB_FILE" 13 | 14 | case "$TARGET_DOUBLET" in 15 | *-i386) 16 | echo "set \$X86 = 1" >> $GDB_FILE; 17 | ;; 18 | *-x86-64) 19 | echo "set \$X86_64 = 1" >> $GDB_FILE; 20 | echo "set \$64BITS = 1" >> $GDB_FILE; 21 | ;; 22 | *-arm*) 23 | echo "set \$ARM = 1" >> $GDB_FILE; 24 | ;; 25 | *-*mips*) 26 | echo "set \$MIPS = 1" >> $GDB_FILE; 27 | echo "set \$64BITS = 1" >> $GDB_FILE; 28 | ;; 29 | mach-o-*) 30 | if test "$OSABI" == "Darwin64"; then 31 | echo "set \$X86_64 = 1" >> $GDB_FILE; 32 | echo "set \$64BITS = 1" >> $GDB_FILE; 33 | elif test "$OSABI" == "Darwin"; then 34 | echo "set \$X86 = 1" >> $GDB_FILE; 35 | fi 36 | ;; 37 | esac 38 | -------------------------------------------------------------------------------- /.gdb/dumpjump.gdb: -------------------------------------------------------------------------------- 1 | ################################ 2 | ##### ALERT ALERT ALERT ######## 3 | ################################ 4 | # Huge mess going here :) HAHA # 5 | ################################ 6 | define dumpjump 7 | if $ARM == 1 8 | ## Most ARM and Thumb instructions are conditional! 9 | # each instruction is 32 bits long 10 | # 4 bits are for condition codes (16 in total) (bits 31:28 in ARM contain the condition or 1111 if instruction is unconditional) 11 | # 2x4 bits for destination and first operand registers 12 | # one for the set-status flag 13 | # an assorted number for other stuff 14 | # 12 bits for any immediate value 15 | # $_t_flag == 0 => ARM mode 16 | # $_t_flag == 1 => Thumb or ThumbEE 17 | if ($cpsr->t & 1) 18 | set $_t_flag = 1 19 | else 20 | set $_t_flag = 0 21 | end 22 | 23 | if $_t_flag == 0 24 | set $_lastbyte = *(unsigned char *)($pc+3) 25 | #set $_bit31 = ($_lastbyte >> 7) & 1 26 | #set $_bit30 = ($_lastbyte >> 6) & 1 27 | #set $_bit29 = ($_lastbyte >> 5) & 1 28 | #set $_bit28 = ($_lastbyte >> 4) & 1 29 | set $_conditional = $_lastbyte >> 4 30 | dumpjumphelper 31 | else 32 | # if bits 15-12 (opcode in Thumb instructions) are equal to 1 1 0 1 (0xD) then we have a conditional branch 33 | # bits 11-8 for the conditional execution code (check ARMv7 manual A8.3) 34 | if ((*(unsigned char *) ($pc + 1) >> 4) == 0xD) 35 | set $_conditional = *(unsigned char *) ($pc+1) ^ 0xD0 36 | dumpjumphelper 37 | end 38 | end 39 | end 40 | 41 | if (($X86 == 1) || ($X86_64 == 1)) 42 | ## grab the first two bytes from the instruction so we can determine the jump instruction 43 | set $_byte1 = *(unsigned char *) $pc 44 | set $_byte2 = *(unsigned char *) ($pc+1) 45 | ## and now check what kind of jump we have (in case it's a jump instruction) 46 | ## I changed the flags routine to save the flag into a variable, so we don't need to repeat the process :) (search for "define flags") 47 | 48 | ## opcode 0x77: JA, JNBE (jump if CF=0 and ZF=0) 49 | ## opcode 0x0F87: JNBE, JA 50 | if (($_byte1 == 0x77) || ($_byte1 == 0x0F && $_byte2 == 0x87)) 51 | # cf=0 and zf=0 52 | if ($_cf_flag == 0 && $_zf_flag == 0) 53 | echo \033[31m 54 | printf " Jump is taken (c=0 and z=0)" 55 | else 56 | # cf != 0 or zf != 0 57 | echo \033[31m 58 | printf " Jump is NOT taken (c!=0 or z!=0)" 59 | end 60 | end 61 | ## opcode 0x73: JAE, JNB, JNC (jump if CF=0) 62 | ## opcode 0x0F83: JNC, JNB, JAE (jump if CF=0) 63 | if (($_byte1 == 0x73) || ($_byte1 == 0x0F && $_byte2 == 0x83)) 64 | # cf=0 65 | if ($_cf_flag == 0) 66 | echo \033[31m 67 | printf " Jump is taken (c=0)" 68 | else 69 | # cf != 0 70 | echo \033[31m 71 | printf " Jump is NOT taken (c!=0)" 72 | end 73 | end 74 | ## opcode 0x72: JB, JC, JNAE (jump if CF=1) 75 | ## opcode 0x0F82: JNAE, JB, JC 76 | if (($_byte1 == 0x72) || ($_byte1 == 0x0F && $_byte2 == 0x82)) 77 | # cf=1 78 | if ($_cf_flag == 1) 79 | echo \033[31m 80 | printf " Jump is taken (c=1)" 81 | else 82 | # cf != 1 83 | echo \033[31m 84 | printf " Jump is NOT taken (c!=1)" 85 | end 86 | end 87 | ## opcode 0x76: JBE, JNA (jump if CF=1 or ZF=1) 88 | ## opcode 0x0F86: JBE, JNA 89 | if (($_byte1 == 0x76) || ($_byte1 == 0x0F && $_byte2 == 0x86)) 90 | # cf=1 or zf=1 91 | if (($_cf_flag == 1) || ($_zf_flag == 1)) 92 | echo \033[31m 93 | printf " Jump is taken (c=1 or z=1)" 94 | else 95 | # cf != 1 or zf != 1 96 | echo \033[31m 97 | printf " Jump is NOT taken (c!=1 or z!=1)" 98 | end 99 | end 100 | ## opcode 0xE3: JCXZ, JECXZ, JRCXZ (jump if CX=0 or ECX=0 or RCX=0) 101 | if ($_byte1 == 0xE3) 102 | # cx=0 or ecx=0 103 | if (($ecx == 0) || ($cx == 0)) 104 | echo \033[31m 105 | printf " Jump is taken (cx=0 or ecx=0)" 106 | else 107 | echo \033[31m 108 | printf " Jump is NOT taken (cx!=0 or ecx!=0)" 109 | end 110 | end 111 | ## opcode 0x74: JE, JZ (jump if ZF=1) 112 | ## opcode 0x0F84: JZ, JE, JZ (jump if ZF=1) 113 | if (($_byte1 == 0x74) || ($_byte1 == 0x0F && $_byte2 == 0x84)) 114 | # ZF = 1 115 | if ($_zf_flag == 1) 116 | echo \033[31m 117 | printf " Jump is taken (z=1)" 118 | else 119 | # ZF = 0 120 | echo \033[31m 121 | printf " Jump is NOT taken (z!=1)" 122 | end 123 | end 124 | ## opcode 0x7F: JG, JNLE (jump if ZF=0 and SF=OF) 125 | ## opcode 0x0F8F: JNLE, JG (jump if ZF=0 and SF=OF) 126 | if (($_byte1 == 0x7F) || ($_byte1 == 0x0F && $_byte2 == 0x8F)) 127 | # zf = 0 and sf = of 128 | if (($_zf_flag == 0) && ($_sf_flag == $_of_flag)) 129 | echo \033[31m 130 | printf " Jump is taken (z=0 and s=o)" 131 | else 132 | echo \033[31m 133 | printf " Jump is NOT taken (z!=0 or s!=o)" 134 | end 135 | end 136 | ## opcode 0x7D: JGE, JNL (jump if SF=OF) 137 | ## opcode 0x0F8D: JNL, JGE (jump if SF=OF) 138 | if (($_byte1 == 0x7D) || ($_byte1 == 0x0F && $_byte2 == 0x8D)) 139 | # sf = of 140 | if ($_sf_flag == $_of_flag) 141 | echo \033[31m 142 | printf " Jump is taken (s=o)" 143 | else 144 | echo \033[31m 145 | printf " Jump is NOT taken (s!=o)" 146 | end 147 | end 148 | ## opcode: 0x7C: JL, JNGE (jump if SF != OF) 149 | ## opcode: 0x0F8C: JNGE, JL (jump if SF != OF) 150 | if (($_byte1 == 0x7C) || ($_byte1 == 0x0F && $_byte2 == 0x8C)) 151 | # sf != of 152 | if ($_sf_flag != $_of_flag) 153 | echo \033[31m 154 | printf " Jump is taken (s!=o)" 155 | else 156 | echo \033[31m 157 | printf " Jump is NOT taken (s=o)" 158 | end 159 | end 160 | ## opcode 0x7E: JLE, JNG (jump if ZF = 1 or SF != OF) 161 | ## opcode 0x0F8E: JNG, JLE (jump if ZF = 1 or SF != OF) 162 | if (($_byte1 == 0x7E) || ($_byte1 == 0x0F && $_byte2 == 0x8E)) 163 | # zf = 1 or sf != of 164 | if (($_zf_flag == 1) || ($_sf_flag != $_of_flag)) 165 | echo \033[31m 166 | printf " Jump is taken (zf=1 or sf!=of)" 167 | else 168 | echo \033[31m 169 | printf " Jump is NOT taken (zf!=1 or sf=of)" 170 | end 171 | end 172 | ## opcode 0x75: JNE, JNZ (jump if ZF = 0) 173 | ## opcode 0x0F85: JNE, JNZ (jump if ZF = 0) 174 | if (($_byte1 == 0x75) || ($_byte1 == 0x0F && $_byte2 == 0x85)) 175 | # ZF = 0 176 | if ($_zf_flag == 0) 177 | echo \033[31m 178 | printf " Jump is taken (z=0)" 179 | else 180 | # ZF = 1 181 | echo \033[31m 182 | printf " Jump is NOT taken (z!=0)" 183 | end 184 | end 185 | ## opcode 0x71: JNO (OF = 0) 186 | ## opcode 0x0F81: JNO (OF = 0) 187 | if (($_byte1 == 0x71) || ($_byte1 == 0x0F && $_byte2 == 0x81)) 188 | # OF = 0 189 | if ($_of_flag == 0) 190 | echo \033[31m 191 | printf " Jump is taken (o=0)" 192 | else 193 | # OF != 0 194 | echo \033[31m 195 | printf " Jump is NOT taken (o!=0)" 196 | end 197 | end 198 | ## opcode 0x7B: JNP, JPO (jump if PF = 0) 199 | ## opcode 0x0F8B: JPO (jump if PF = 0) 200 | if (($_byte1 == 0x7B) || ($_byte1 == 0x0F && $_byte2 == 0x8B)) 201 | # PF = 0 202 | if ($_pf_flag == 0) 203 | echo \033[31m 204 | printf " Jump is NOT taken (p=0)" 205 | else 206 | # PF != 0 207 | echo \033[31m 208 | printf " Jump is taken (p!=0)" 209 | end 210 | end 211 | ## opcode 0x79: JNS (jump if SF = 0) 212 | ## opcode 0x0F89: JNS (jump if SF = 0) 213 | if (($_byte1 == 0x79) || ($_byte1 == 0x0F && $_byte2 == 0x89)) 214 | # SF = 0 215 | if ($_sf_flag == 0) 216 | echo \033[31m 217 | printf " Jump is taken (s=0)" 218 | else 219 | # SF != 0 220 | echo \033[31m 221 | printf " Jump is NOT taken (s!=0)" 222 | end 223 | end 224 | ## opcode 0x70: JO (jump if OF=1) 225 | ## opcode 0x0F80: JO (jump if OF=1) 226 | if (($_byte1 == 0x70) || ($_byte1 == 0x0F && $_byte2 == 0x80)) 227 | # OF = 1 228 | if ($_of_flag == 1) 229 | echo \033[31m 230 | printf " Jump is taken (o=1)" 231 | else 232 | # OF != 1 233 | echo \033[31m 234 | printf " Jump is NOT taken (o!=1)" 235 | end 236 | end 237 | ## opcode 0x7A: JP, JPE (jump if PF=1) 238 | ## opcode 0x0F8A: JP, JPE (jump if PF=1) 239 | if (($_byte1 == 0x7A) || ($_byte1 == 0x0F && $_byte2 == 0x8A)) 240 | # PF = 1 241 | if ($_pf_flag == 1) 242 | echo \033[31m 243 | printf " Jump is taken (p=1)" 244 | else 245 | # PF = 0 246 | echo \033[31m 247 | printf " Jump is NOT taken (p!=1)" 248 | end 249 | end 250 | ## opcode 0x78: JS (jump if SF=1) 251 | ## opcode 0x0F88: JS (jump if SF=1) 252 | if (($_byte1 == 0x78) || ($_byte1 == 0x0F && $_byte2 == 0x88)) 253 | # SF = 1 254 | if ($_sf_flag == 1) 255 | echo \033[31m 256 | printf " Jump is taken (s=1)" 257 | else 258 | # SF != 1 259 | echo \033[31m 260 | printf " Jump is NOT taken (s!=1)" 261 | end 262 | end 263 | end 264 | end 265 | document dumpjump 266 | Display if conditional jump will be taken or not. 267 | end 268 | 269 | define dumpjumphelper 270 | # 0000 - EQ: Z == 1 271 | if ($_conditional == 0x0) 272 | if ($_z_flag == 1) 273 | echo \033[31m 274 | printf " Jump is taken (z==1)" 275 | else 276 | echo \033[31m 277 | printf " Jump is NOT taken (z!=1)" 278 | end 279 | end 280 | # 0001 - NE: Z == 0 281 | if ($_conditional == 0x1) 282 | if ($_z_flag == 0) 283 | echo \033[31m 284 | printf " Jump is taken (z==0)" 285 | else 286 | echo \033[31m 287 | printf " Jump is NOT taken (z!=0)" 288 | end 289 | end 290 | # 0010 - CS: C == 1 291 | if ($_conditional == 0x2) 292 | if ($_c_flag == 1) 293 | echo \033[31m 294 | printf " Jump is taken (c==1)" 295 | else 296 | echo \033[31m 297 | printf " Jump is NOT taken (c!=1)" 298 | end 299 | end 300 | # 0011 - CC: C == 0 301 | if ($_conditional == 0x3) 302 | if ($_c_flag == 0) 303 | echo \033[31m 304 | printf " Jump is taken (c==0)" 305 | else 306 | echo \033[31m 307 | printf " Jump is NOT taken (c!=0)" 308 | end 309 | end 310 | # 0100 - MI: N == 1 311 | if ($_conditional == 0x4) 312 | if ($_n_flag == 1) 313 | echo \033[31m 314 | printf " Jump is taken (n==1)" 315 | else 316 | echo \033[31m 317 | printf " Jump is NOT taken (n!=1)" 318 | end 319 | end 320 | # 0101 - PL: N == 0 321 | if ($_conditional == 0x5) 322 | if ($_n_flag == 0) 323 | echo \033[31m 324 | printf " Jump is taken (n==0)" 325 | else 326 | echo \033[31m 327 | printf " Jump is NOT taken (n!=0)" 328 | end 329 | end 330 | # 0110 - VS: V == 1 331 | if ($_conditional == 0x6) 332 | if ($_v_flag == 1) 333 | echo \033[31m 334 | printf " Jump is taken (v==1)" 335 | else 336 | echo \033[31m 337 | printf " Jump is NOT taken (v!=1)" 338 | end 339 | end 340 | # 0111 - VC: V == 0 341 | if ($_conditional == 0x7) 342 | if ($_v_flag == 0) 343 | echo \033[31m 344 | printf " Jump is taken (v==0)" 345 | else 346 | echo \033[31m 347 | printf " Jump is NOT taken (v!=0)" 348 | end 349 | end 350 | # 1000 - HI: C == 1 and Z == 0 351 | if ($_conditional == 0x8) 352 | if ($_c_flag == 1 && $_z_flag == 0) 353 | echo \033[31m 354 | printf " Jump is taken (c==1 and z==0)" 355 | else 356 | echo \033[31m 357 | printf " Jump is NOT taken (c!=1 or z!=0)" 358 | end 359 | end 360 | # 1001 - LS: C == 0 or Z == 1 361 | if ($_conditional == 0x9) 362 | if ($_c_flag == 0 || $_z_flag == 1) 363 | echo \033[31m 364 | printf " Jump is taken (c==0 or z==1)" 365 | else 366 | echo \033[31m 367 | printf " Jump is NOT taken (c!=0 or z!=1)" 368 | end 369 | end 370 | # 1010 - GE: N == V 371 | if ($_conditional == 0xA) 372 | if ($_n_flag == $_v_flag) 373 | echo \033[31m 374 | printf " Jump is taken (n==v)" 375 | else 376 | echo \033[31m 377 | printf " Jump is NOT taken (n!=v)" 378 | end 379 | end 380 | # 1011 - LT: N != V 381 | if ($_conditional == 0xB) 382 | if ($_n_flag != $_v_flag) 383 | echo \033[31m 384 | printf " Jump is taken (n!=v)" 385 | else 386 | echo \033[31m 387 | printf " Jump is NOT taken (n==v)" 388 | end 389 | end 390 | # 1100 - GT: Z == 0 and N == V 391 | if ($_conditional == 0xC) 392 | if ($_z_flag == 0 && $_n_flag == $_v_flag) 393 | echo \033[31m 394 | printf " Jump is taken (z==0 and n==v)" 395 | else 396 | echo \033[31m 397 | printf " Jump is NOT taken (z!=0 or n!=v)" 398 | end 399 | end 400 | # 1101 - LE: Z == 1 or N != V 401 | if ($_conditional == 0xD) 402 | if ($_z_flag == 1 || $_n_flag != $_v_flag) 403 | echo \033[31m 404 | printf " Jump is taken (z==1 or n!=v)" 405 | else 406 | echo \033[31m 407 | printf " Jump is NOT taken (z!=1 or n==v)" 408 | end 409 | end 410 | end 411 | document dumpjumphelper 412 | Helper function to decide if conditional jump will be taken or not, for ARM and Thumb. 413 | end 414 | -------------------------------------------------------------------------------- /.gdb/info.gdb: -------------------------------------------------------------------------------- 1 | define stack 2 | if $argc == 0 3 | info stack 4 | end 5 | if $argc == 1 6 | info stack $arg0 7 | end 8 | if $argc > 1 9 | help stack 10 | end 11 | end 12 | document stack 13 | Print backtrace of the call stack, or innermost COUNT frames. 14 | Usage: stack 15 | end 16 | 17 | 18 | define frame 19 | info frame 20 | info args 21 | info locals 22 | end 23 | document frame 24 | Print stack frame. 25 | end 26 | 27 | 28 | define func 29 | if $argc == 0 30 | info functions 31 | end 32 | if $argc == 1 33 | info functions $arg0 34 | end 35 | if $argc > 1 36 | help func 37 | end 38 | end 39 | document func 40 | Print all function names in target, or those matching REGEXP. 41 | Usage: func 42 | end 43 | 44 | 45 | define var 46 | if $argc == 0 47 | info variables 48 | end 49 | if $argc == 1 50 | info variables $arg0 51 | end 52 | if $argc > 1 53 | help var 54 | end 55 | end 56 | document var 57 | Print all global and static variable names (symbols), or those matching REGEXP. 58 | Usage: var 59 | end 60 | 61 | 62 | define lib 63 | info sharedlibrary 64 | end 65 | document lib 66 | Print shared libraries linked to target. 67 | end 68 | 69 | 70 | define sig 71 | if $argc == 0 72 | info signals 73 | end 74 | if $argc == 1 75 | info signals $arg0 76 | end 77 | if $argc > 1 78 | help sig 79 | end 80 | end 81 | document sig 82 | Print what debugger does when program gets various signals. 83 | Specify a SIGNAL as argument to print info on that signal only. 84 | Usage: sig 85 | end 86 | 87 | 88 | define threads 89 | info threads 90 | end 91 | document threads 92 | Print threads in target. 93 | end 94 | -------------------------------------------------------------------------------- /.gdb/macsbug.gdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dholm/dotgdb/8ee55b23658aefd472933394d76b26d5fed17941/.gdb/macsbug.gdb -------------------------------------------------------------------------------- /.gdb/misc.gdb: -------------------------------------------------------------------------------- 1 | # ____________________misc____________________ 2 | # bunch of semi-useless commands 3 | 4 | # enable and disable shortcuts for stop-on-solib-events fantastic trick! 5 | define enablesolib 6 | set stop-on-solib-events 1 7 | printf "Stop-on-solib-events is enabled!\n" 8 | end 9 | document enablesolib 10 | Shortcut to enable stop-on-solib-events trick. 11 | end 12 | 13 | 14 | define disablesolib 15 | set stop-on-solib-events 0 16 | printf "Stop-on-solib-events is disabled!\n" 17 | end 18 | document disablesolib 19 | Shortcut to disable stop-on-solib-events trick. 20 | end 21 | 22 | 23 | # enable commands for different displays 24 | define enableobjectivec 25 | set $SHOWOBJECTIVEC = 1 26 | end 27 | document enableobjectivec 28 | Enable display of objective-c information in the context window. 29 | end 30 | 31 | 32 | define enablecpuregisters 33 | set $SHOWCPUREGISTERS = 1 34 | end 35 | document enablecpuregisters 36 | Enable display of cpu registers in the context window. 37 | end 38 | 39 | 40 | define enablestack 41 | set $SHOWSTACK = 1 42 | end 43 | document enablestack 44 | Enable display of stack in the context window. 45 | end 46 | 47 | 48 | define enabledatawin 49 | set $SHOWDATAWIN = 1 50 | end 51 | document enabledatawin 52 | Enable display of data window in the context window. 53 | end 54 | 55 | 56 | # disable commands for different displays 57 | define disableobjectivec 58 | set $SHOWOBJECTIVEC = 0 59 | end 60 | document disableobjectivec 61 | Disable display of objective-c information in the context window. 62 | end 63 | 64 | 65 | define disablecpuregisters 66 | set $SHOWCPUREGISTERS = 0 67 | end 68 | document disablecpuregisters 69 | Disable display of cpu registers in the context window. 70 | end 71 | 72 | 73 | define disablestack 74 | set $SHOWSTACK = 0 75 | end 76 | document disablestack 77 | Disable display of stack information in the context window. 78 | end 79 | 80 | 81 | define disabledatawin 82 | set $SHOWDATAWIN = 0 83 | end 84 | document disabledatawin 85 | Disable display of data window in the context window. 86 | end 87 | 88 | 89 | define 32bits 90 | set $64BITS = 0 91 | if $X86FLAVOR == 0 92 | set disassembly-flavor intel 93 | else 94 | set disassembly-flavor att 95 | end 96 | end 97 | document 32bits 98 | Set gdb to work with 32bits binaries. 99 | end 100 | 101 | 102 | define 64bits 103 | set $64BITS = 1 104 | if $X86FLAVOR == 0 105 | set disassembly-flavor intel 106 | else 107 | set disassembly-flavor att 108 | end 109 | end 110 | document 64bits 111 | Set gdb to work with 64bits binaries. 112 | end 113 | 114 | 115 | define arm 116 | if $ARMOPCODES == 1 117 | set arm show-opcode-bytes 1 118 | else 119 | set arm show-opcode-bytes 1 120 | end 121 | set $ARM = 1 122 | set $64BITS = 0 123 | end 124 | document arm 125 | Set gdb to work with ARM binaries. 126 | end 127 | 128 | 129 | define enablelib 130 | set stop-on-solib-events 1 131 | end 132 | document enablelib 133 | Activate stop-on-solib-events. 134 | end 135 | 136 | 137 | define disablelib 138 | set stop-on-solib-events 0 139 | end 140 | document disablelib 141 | Deactivate stop-on-solib-events. 142 | end 143 | 144 | 145 | define intelsyntax 146 | if (($X86 == 1) || ($X86_64 == 1)) 147 | set disassembly-flavor intel 148 | set $X86FLAVOR = 0 149 | end 150 | end 151 | document intelsyntax 152 | Change disassembly syntax to intel flavor. 153 | end 154 | 155 | 156 | define attsyntax 157 | if (($X86 == 1) || ($X86_64 == 1)) 158 | set disassembly-flavor att 159 | set $X86FLAVOR = 1 160 | end 161 | end 162 | document attsyntax 163 | Change disassembly syntax to at&t flavor. 164 | end 165 | -------------------------------------------------------------------------------- /.gdb/patch.gdb: -------------------------------------------------------------------------------- 1 | # ____________________patch___________________ 2 | # the usual nops are mov r0,r0 for arm (0xe1a00000) 3 | # and mov r8,r8 in Thumb (0x46c0) 4 | # armv7 has other nops 5 | # FIXME: make sure that the interval fits the 32bits address for arm and 16bits for thumb 6 | # status: works, fixme 7 | define nop 8 | if ($argc > 2 || $argc == 0) 9 | help nop 10 | end 11 | 12 | if $ARM == 1 13 | if ($argc == 1) 14 | if ($cpsr->t &1) 15 | # thumb 16 | set *(short *) $arg0 = 0x46c0 17 | else 18 | # arm 19 | set *(int *) $arg0 = 0xe1a00000 20 | end 21 | else 22 | set $addr = $arg0 23 | if ($cpsr->t & 1) 24 | # thumb 25 | while ($addr < $arg1) 26 | set *(short *) $addr = 0x46c0 27 | set $addr = $addr + 2 28 | end 29 | else 30 | # arm 31 | while ($addr < $arg1) 32 | set *(int *) $addr = 0xe1a00000 33 | set $addr = $addr + 4 34 | end 35 | end 36 | end 37 | end 38 | 39 | if (($X86 == 1) || ($X86_64 == 1)) 40 | if ($argc == 1) 41 | set *(unsigned char *) $arg0 = 0x90 42 | else 43 | set $addr = $arg0 44 | while ($addr < $arg1) 45 | set *(unsigned char *) $addr = 0x90 46 | set $addr = $addr + 1 47 | end 48 | end 49 | end 50 | end 51 | document nop 52 | Usage: nop ADDR1 [ADDR2] 53 | Patch a single byte at address ADDR1, or a series of bytes between ADDR1 and ADDR2 to a NOP (0x90) instruction. 54 | ARM or Thumb code will be patched accordingly. 55 | end 56 | 57 | 58 | define null 59 | if ($argc >2 || $argc == 0) 60 | help null 61 | end 62 | 63 | if ($argc == 1) 64 | set *(unsigned char *) $arg0 = 0 65 | else 66 | set $addr = $arg0 67 | while ($addr < $arg1) 68 | set *(unsigned char *) $addr = 0 69 | set $addr = $addr + 1 70 | end 71 | end 72 | end 73 | document null 74 | Usage: null ADDR1 [ADDR2] 75 | Patch a single byte at address ADDR1 to NULL (0x00), or a series of bytes between ADDR1 and ADDR2. 76 | end 77 | 78 | # FIXME: thumb breakpoint ? 79 | define int3 80 | if $argc != 1 81 | help int3 82 | else 83 | if $ARM == 1 84 | set $ORIGINAL_INT3 = *(unsigned int *) $arg0 85 | set $ORIGINAL_INT3ADDRESS = $arg0 86 | set *(unsigned int*) $arg0 = 0xe7ffdefe 87 | end 88 | 89 | if (($X86 == 1) || ($X86_64 == 1)) 90 | # save original bytes and address 91 | set $ORIGINAL_INT3 = *(unsigned char *) $arg0 92 | set $ORIGINAL_INT3ADDRESS = $arg0 93 | # patch 94 | set *(unsigned char *) $arg0 = 0xCC 95 | end 96 | end 97 | end 98 | document int3 99 | Patch byte at address ADDR to an INT3 (0xCC) instruction or the equivalent software breakpoint for ARM. 100 | Usage: int3 ADDR 101 | end 102 | 103 | 104 | define rint3 105 | if $ARM == 1 106 | set *(unsigned int *) $ORIGINAL_INT3ADDRESS = $ORIGINAL_INT3 107 | set $pc = $ORIGINAL_INT3ADDRESS 108 | end 109 | 110 | if (($X86 == 1) || ($X86_64 == 1)) 111 | set *(unsigned char *) $ORIGINAL_INT3ADDRESS = $ORIGINAL_INT3 112 | if $64BITS == 1 113 | set $rip = $ORIGINAL_INT3ADDRESS 114 | else 115 | set $eip = $ORIGINAL_INT3ADDRESS 116 | end 117 | end 118 | end 119 | document rint3 120 | Restore the original byte previous to int3 patch issued with "int3" command. 121 | end 122 | 123 | 124 | # original by Tavis Ormandy (http://my.opera.com/taviso/blog/index.dml/tag/gdb) (great fix!) 125 | # modified to work with Mac OS X by fG! 126 | # seems nasm shipping with Mac OS X has problems accepting input from stdin or heredoc 127 | # input is read into a variable and sent to a temporary file which nasm can read 128 | define assemble 129 | # dont enter routine again if user hits enter 130 | dont-repeat 131 | if ($argc) 132 | if (*$arg0 = *$arg0) 133 | # check if we have a valid address by dereferencing it, 134 | # if we havnt, this will cause the routine to exit. 135 | end 136 | printf "Instructions will be written to %#x.\n", $arg0 137 | else 138 | printf "Instructions will be written to stdout.\n" 139 | end 140 | printf "Type instructions, one per line." 141 | echo \033[1m 142 | printf " Do not forget to use NASM assembler syntax!\n" 143 | echo \033[0m 144 | printf "End with a line saying just \"end\".\n" 145 | 146 | if ($argc) 147 | if ($X86_64 == 1) 148 | # argument specified, assemble instructions into memory at address specified. 149 | shell ASMOPCODE="$(while read -ep '>' r && test "$r" != end ; do echo -E "$r"; done)"; \ 150 | GDBASMFILENAME=$RANDOM; \ 151 | echo -e "BITS 64\n$ASMOPCODE" >/tmp/$GDBASMFILENAME; \ 152 | /usr/local/bin/nasm -f bin -o /dev/stdout /tmp/$GDBASMFILENAME | \ 153 | /usr/bin/hexdump -ve '1/1 "set *((unsigned char *) $arg0 + %#2_ax) = %#02x\n"' >/tmp/gdbassemble; \ 154 | /bin/rm -f /tmp/$GDBASMFILENAME 155 | source /tmp/gdbassemble 156 | # all done. clean the temporary file 157 | shell /bin/rm -f /tmp/gdbassemble 158 | end 159 | 160 | if ($X86 == 1) 161 | # argument specified, assemble instructions into memory at address specified. 162 | shell ASMOPCODE="$(while read -ep '>' r && test "$r" != end ; do echo -E "$r"; done)"; \ 163 | GDBASMFILENAME=$RANDOM; \ 164 | echo -e "BITS 32\n$ASMOPCODE" >/tmp/$GDBASMFILENAME; \ 165 | /usr/bin/nasm -f bin -o /dev/stdout /tmp/$GDBASMFILENAME | \ 166 | /usr/bin/hexdump -ve '1/1 "set *((unsigned char *) $arg0 + %#2_ax) = %#02x\n"' >/tmp/gdbassemble; \ 167 | /bin/rm -f /tmp/$GDBASMFILENAME 168 | source /tmp/gdbassemble 169 | # all done. clean the temporary file 170 | shell /bin/rm -f /tmp/gdbassemble 171 | end 172 | else 173 | if ($X86_64 == 1) 174 | # no argument, assemble instructions to stdout 175 | shell ASMOPCODE="$(while read -ep '>' r && test "$r" != end ; do echo -E "$r"; done)"; 176 | GDBASMFILENAME=$RANDOM; \ 177 | echo -e "BITS 64\n$ASMOPCODE" >/tmp/$GDBASMFILENAME; \ 178 | /usr/local/bin/nasm -f bin -o /dev/stdout /tmp/$GDBASMFILENAME | \ 179 | /usr/local/bin/ndisasm -i -b64 /dev/stdin; \ 180 | /bin/rm -f /tmp/$GDBASMFILENAME 181 | end 182 | 183 | if ($X86 == 1) 184 | # no argument, assemble instructions to stdout 185 | shell ASMOPCODE="$(while read -ep '>' r && test "$r" != end ; do echo -E "$r"; done)"; \ 186 | GDBASMFILENAME=$RANDOM; \ 187 | echo -e "BITS 32\n$ASMOPCODE" >/tmp/$GDBASMFILENAME; \ 188 | /usr/bin/nasm -f bin -o /dev/stdout /tmp/$GDBASMFILENAME | \ 189 | /usr/bin/ndisasm -i -b32 /dev/stdin; \ 190 | /bin/rm -f /tmp/$GDBASMFILENAME 191 | end 192 | end 193 | end 194 | document assemble 195 | Assemble instructions using nasm. 196 | Type a line containing "end" to indicate the end. 197 | If an address is specified, insert/modify instructions at that address. 198 | If no address is specified, assembled instructions are printed to stdout. 199 | Use the pseudo instruction "org ADDR" to set the base address. 200 | end 201 | 202 | 203 | define asm 204 | if $argc == 1 205 | assemble $arg0 206 | else 207 | assemble 208 | end 209 | end 210 | document asm 211 | Shortcut to the asssemble command. 212 | end 213 | 214 | 215 | define assemble_gas 216 | printf "\nType code to assemble and hit Ctrl-D when finished.\n" 217 | printf "You must use GNU assembler (AT&T) syntax.\n" 218 | 219 | shell filename=$(mktemp); \ 220 | binfilename=$(mktemp); \ 221 | echo -e "Writing into: ${filename}\n"; \ 222 | cat > $filename; echo ""; \ 223 | as -o $binfilename < $filename; \ 224 | objdump -d -j .text $binfilename; \ 225 | rm -f $binfilename; \ 226 | rm -f $filename; \ 227 | echo -e "temporaly files deleted.\n" 228 | end 229 | document assemble_gas 230 | Assemble instructions to binary opcodes. Uses GNU as and objdump. 231 | Usage: assemble_gas 232 | end 233 | 234 | 235 | define dump_hexfile 236 | dump ihex memory $arg0 $arg1 $arg2 237 | end 238 | document dump_hexfile 239 | Write a range of memory to a file in Intel ihex (hexdump) format. 240 | The range is specified by ADDR1 and ADDR2 addresses. 241 | Usage: dump_hexfile FILENAME ADDR1 ADDR2 242 | end 243 | 244 | 245 | define dump_binfile 246 | dump memory $arg0 $arg1 $arg2 247 | end 248 | document dump_binfile 249 | Write a range of memory to a binary file. 250 | The range is specified by ADDR1 and ADDR2 addresses. 251 | Usage: dump_binfile FILENAME ADDR1 ADDR2 252 | end 253 | 254 | 255 | define dumpmacho 256 | if $argc != 2 257 | help dumpmacho 258 | end 259 | set $headermagic = *$arg0 260 | # the || operator isn't working as it should, wtf!!! 261 | if $headermagic != 0xfeedface 262 | if $headermagic != 0xfeedfacf 263 | printf "[Error] Target address doesn't contain a valid Mach-O binary!\n" 264 | help dumpmacho 265 | end 266 | end 267 | set $headerdumpsize = *($arg0 + 0x14) 268 | if $headermagic == 0xfeedface 269 | dump memory $arg1 $arg0 ($arg0 + 0x1c + $headerdumpsize) 270 | end 271 | if $headermagic == 0xfeedfacf 272 | dump memory $arg1 $arg0 ($arg0 + 0x20 + $headerdumpsize) 273 | end 274 | end 275 | document dumpmacho 276 | Dump the Mach-O header to a file. 277 | You need to input the start address (use info shared command to find it). 278 | Usage: dumpmacho STARTADDRESS FILENAME 279 | end 280 | -------------------------------------------------------------------------------- /.gdb/process.gdb: -------------------------------------------------------------------------------- 1 | # ______________process information____________ 2 | define argv 3 | show args 4 | end 5 | document argv 6 | Print program arguments. 7 | end 8 | -------------------------------------------------------------------------------- /.gdb/profile.gdb: -------------------------------------------------------------------------------- 1 | set $rusage = 0 2 | set $rusagebuffer = 0 3 | 4 | define getrusage 5 | if ($rusagebuffer == 0) 6 | set $rusagebuffer = (unsigned long *) malloc (1024) 7 | end 8 | call (void) getrusage (0, $rusagebuffer) 9 | set $rusage = (($rusagebuffer[0] * 1000) + ($rusagebuffer[1] / 1000)) 10 | end 11 | 12 | define mark 13 | getrusage 14 | set $rusagemark = $rusage 15 | printf "Timer started; total elapsed CPU time is %lu ms.\n", $rusagemark 16 | end 17 | document mark 18 | Start a counter representing the elapsed CPU time since 'mark' was called. 19 | To determine the amount of CPU time used since 'mark' was called, use the 20 | 'cur' command. 21 | end 22 | 23 | define cur 24 | if ($rusagebuffer == 0) 25 | printf "No timer has been started.\n" 26 | else 27 | getrusage 28 | printf "Elapsed CPU time since last mark is %lu ms.\n", ($rusage - $rusagemark) 29 | end 30 | end 31 | document cur 32 | Display the amount of CPU time used since the last 'mark' command. 33 | end -------------------------------------------------------------------------------- /.gdb/setup.gdb: -------------------------------------------------------------------------------- 1 | define setup-detect-target 2 | set $ARM = 0 3 | set $X86 = 0 4 | set $X86_64 = 0 5 | set $MIPS = 0 6 | 7 | set $64BITS = 0 8 | 9 | set logging file /tmp/gdb_info_target 10 | set logging overwrite on 11 | set logging redirect on 12 | set logging on 13 | set pagination off 14 | info target 15 | show osabi 16 | set pagination on 17 | set logging off 18 | set logging redirect off 19 | set logging overwrite off 20 | 21 | shell ~/.gdb/detect-target.sh 22 | source /tmp/gdb_target_arch.gdb 23 | shell rm -f /tmp/gdb_info_target /tmp/gdb_target_arch.gdb 24 | end 25 | document setup-detect-target 26 | Sets up various globals used throughout the GDB macros to provide 27 | architecture-specific support. 28 | end 29 | -------------------------------------------------------------------------------- /.gdb/tips.gdb: -------------------------------------------------------------------------------- 1 | # _________________user tips_________________ 2 | # The 'tips' command is used to provide tutorial-like info to the user 3 | define tips 4 | printf "Tip Topic Commands:\n" 5 | printf "\ttip_display : Automatically display values on each break\n" 6 | printf "\ttip_patch : Patching binaries\n" 7 | printf "\ttip_strip : Dealing with stripped binaries\n" 8 | printf "\ttip_syntax : AT&T vs Intel syntax\n" 9 | end 10 | document tips 11 | Provide a list of tips from users on various topics. 12 | end 13 | 14 | 15 | define tip_patch 16 | printf "\n" 17 | printf " PATCHING MEMORY\n" 18 | printf "Any address can be patched using the 'set' command:\n" 19 | printf "\t`set ADDR = VALUE` \te.g. `set *0x8049D6E = 0x90`\n" 20 | printf "\n" 21 | printf " PATCHING BINARY FILES\n" 22 | printf "Use `set write` in order to patch the target executable\n" 23 | printf "directly, instead of just patching memory\n" 24 | printf "\t`set write on` \t`set write off`\n" 25 | printf "Note that this means any patches to the code or data segments\n" 26 | printf "will be written to the executable file\n" 27 | printf "When either of these commands has been issued,\n" 28 | printf "the file must be reloaded.\n" 29 | printf "\n" 30 | end 31 | document tip_patch 32 | Tips on patching memory and binary files. 33 | end 34 | 35 | 36 | define tip_strip 37 | printf "\n" 38 | printf " STOPPING BINARIES AT ENTRY POINT\n" 39 | printf "Stripped binaries have no symbols, and are therefore tough to\n" 40 | printf "start automatically. To debug a stripped binary, use\n" 41 | printf "\tinfo file\n" 42 | printf "to get the entry point of the file\n" 43 | printf "The first few lines of output will look like this:\n" 44 | printf "\tSymbols from '/tmp/a.out'\n" 45 | printf "\tLocal exec file:\n" 46 | printf "\t `/tmp/a.out', file type elf32-i386.\n" 47 | printf "\t Entry point: 0x80482e0\n" 48 | printf "Use this entry point to set an entry point:\n" 49 | printf "\t`tbreak *0x80482e0`\n" 50 | printf "The breakpoint will delete itself after the program stops as\n" 51 | printf "the entry point\n" 52 | printf "\n" 53 | end 54 | document tip_strip 55 | Tips on dealing with stripped binaries. 56 | end 57 | 58 | 59 | define tip_syntax 60 | printf "\n" 61 | printf "\t INTEL SYNTAX AT&T SYNTAX\n" 62 | printf "\tmnemonic dest, src, imm mnemonic src, dest, imm\n" 63 | printf "\t[base+index*scale+disp] disp(base, index, scale)\n" 64 | printf "\tregister: eax register: %%eax\n" 65 | printf "\timmediate: 0xFF immediate: $0xFF\n" 66 | printf "\tdereference: [addr] dereference: addr(,1)\n" 67 | printf "\tabsolute addr: addr absolute addr: *addr\n" 68 | printf "\tbyte insn: mov byte ptr byte insn: movb\n" 69 | printf "\tword insn: mov word ptr word insn: movw\n" 70 | printf "\tdword insn: mov dword ptr dword insn: movd\n" 71 | printf "\tfar call: call far far call: lcall\n" 72 | printf "\tfar jump: jmp far far jump: ljmp\n" 73 | printf "\n" 74 | printf "Note that order of operands in reversed, and that AT&T syntax\n" 75 | printf "requires that all instructions referencing memory operands \n" 76 | printf "use an operand size suffix (b, w, d, q)\n" 77 | printf "\n" 78 | end 79 | document tip_syntax 80 | Summary of Intel and AT&T syntax differences. 81 | end 82 | 83 | 84 | define tip_display 85 | printf "\n" 86 | printf "Any expression can be set to automatically be displayed every time\n" 87 | printf "the target stops. The commands for this are:\n" 88 | printf "\t`display expr' : automatically display expression 'expr'\n" 89 | printf "\t`display' : show all displayed expressions\n" 90 | printf "\t`undisplay num' : turn off autodisplay for expression # 'num'\n" 91 | printf "Examples:\n" 92 | printf "\t`display/x *(int *)$esp` : print top of stack\n" 93 | printf "\t`display/x *(int *)($ebp+8)` : print first parameter\n" 94 | printf "\t`display (char *)$esi` : print source string\n" 95 | printf "\t`display (char *)$edi` : print destination string\n" 96 | printf "\n" 97 | end 98 | document tip_display 99 | Tips on automatically displaying values when a program stops. 100 | end 101 | -------------------------------------------------------------------------------- /.gdb/tracing.gdb: -------------------------------------------------------------------------------- 1 | # used by ptraceme/rptraceme 2 | set $ptrace_bpnum = 0 3 | 4 | # _______________process control______________ 5 | define n 6 | if $argc == 0 7 | nexti 8 | end 9 | if $argc == 1 10 | nexti $arg0 11 | end 12 | if $argc > 1 13 | help n 14 | end 15 | end 16 | document n 17 | Step one instruction, but proceed through subroutine calls. 18 | If NUM is given, then repeat it NUM times or till program stops. 19 | This is alias for nexti. 20 | Usage: n 21 | end 22 | 23 | 24 | define go 25 | if $argc == 0 26 | stepi 27 | end 28 | if $argc == 1 29 | stepi $arg0 30 | end 31 | if $argc > 1 32 | help go 33 | end 34 | end 35 | document go 36 | Step one instruction exactly. 37 | If NUM is given, then repeat it NUM times or till program stops. 38 | This is alias for stepi. 39 | Usage: go 40 | end 41 | 42 | 43 | define pret 44 | finish 45 | end 46 | document pret 47 | Execute until selected stack frame returns (step out of current call). 48 | Upon return, the value returned is printed and put in the value history. 49 | end 50 | 51 | 52 | define init 53 | set $SHOW_NEST_INSN = 0 54 | tbreak _init 55 | r 56 | end 57 | document init 58 | Run program and break on _init(). 59 | end 60 | 61 | 62 | define start 63 | set $SHOW_NEST_INSN = 0 64 | tbreak _start 65 | r 66 | end 67 | document start 68 | Run program and break on _start(). 69 | end 70 | 71 | 72 | define sstart 73 | set $SHOW_NEST_INSN = 0 74 | tbreak __libc_start_main 75 | r 76 | end 77 | document sstart 78 | Run program and break on __libc_start_main(). 79 | Useful for stripped executables. 80 | end 81 | 82 | 83 | define main 84 | set $SHOW_NEST_INSN = 0 85 | tbreak main 86 | r 87 | end 88 | document main 89 | Run program and break on main(). 90 | end 91 | 92 | 93 | # FIXME64 94 | #### WARNING ! WARNING !! 95 | #### More more messy stuff starting !!! 96 | #### I was thinking about how to do this and then it ocurred me that it could be as simple as this ! :) 97 | define stepoframework 98 | if $ARM == 1 99 | stepoframeworkarm 100 | end 101 | 102 | if (($X86 == 1) || ($X86_64 == 1)) 103 | stepoframeworkx86 104 | end 105 | end 106 | document stepoframework 107 | Auxiliary function to stepo command. 108 | end 109 | 110 | define stepo 111 | stepoframework 0 112 | end 113 | document stepo 114 | Step over calls (interesting to bypass the ones to msgSend). 115 | This function will set a temporary breakpoint on next instruction after the call so the call will be bypassed. 116 | You can safely use it instead nexti or n since it will single step code if it's not a call instruction (unless you want to go into the call function). 117 | end 118 | 119 | 120 | define stepoh 121 | stepoframework 1 122 | end 123 | document stepoh 124 | Same as stepo command but uses temporary hardware breakpoints. 125 | end 126 | 127 | 128 | # FIXME: ARM 129 | define skip 130 | x/2i $pc 131 | set $instruction_size = (int) ($_ - $pc) 132 | set $pc = $pc + $instruction_size 133 | if ($SKIPEXECUTE == 1) 134 | if ($SKIPSTEP == 1) 135 | stepo 136 | else 137 | stepi 138 | end 139 | else 140 | context 141 | end 142 | end 143 | document skip 144 | Skip over the instruction located at EIP/RIP. By default, the instruction will not be executed! 145 | Some configurable options are available on top of gdbinit to override this. 146 | end 147 | 148 | 149 | define step_to_call 150 | set $_saved_ctx = $SHOW_CONTEXT 151 | set $SHOW_CONTEXT = 0 152 | set $SHOW_NEST_INSN = 0 153 | 154 | set logging file /dev/null 155 | set logging redirect on 156 | set logging on 157 | 158 | set $_cont = 1 159 | while ($_cont > 0) 160 | stepi 161 | get_insn_type $pc 162 | if ($INSN_TYPE == 3) 163 | set $_cont = 0 164 | end 165 | end 166 | 167 | set logging off 168 | 169 | if ($_saved_ctx > 0) 170 | context 171 | end 172 | 173 | set $SHOW_CONTEXT = $_saved_ctx 174 | set $SHOW_NEST_INSN = 0 175 | 176 | set logging file ~/gdb.txt 177 | set logging redirect off 178 | set logging on 179 | 180 | printf "step_to_call command stopped at:\n " 181 | x/i $pc 182 | printf "\n" 183 | set logging off 184 | end 185 | document step_to_call 186 | Single step until a call instruction is found. 187 | Stop before the call is taken. 188 | Log is written into the file ~/gdb.txt. 189 | end 190 | 191 | 192 | define trace_calls 193 | 194 | printf "Tracing...please wait...\n" 195 | 196 | set $_saved_ctx = $SHOW_CONTEXT 197 | set $SHOW_CONTEXT = 0 198 | set $SHOW_NEST_INSN = 0 199 | set $_nest = 1 200 | set listsize 0 201 | 202 | set logging overwrite on 203 | set logging file ~/gdb_trace_calls.txt 204 | set logging on 205 | set logging off 206 | set logging overwrite off 207 | 208 | while ($_nest > 0) 209 | get_insn_type $pc 210 | # handle nesting 211 | if ($INSN_TYPE == 3) 212 | set $_nest = $_nest + 1 213 | else 214 | if ($INSN_TYPE == 4) 215 | set $_nest = $_nest - 1 216 | end 217 | end 218 | # if a call, print it 219 | if ($INSN_TYPE == 3) 220 | set logging file ~/gdb_trace_calls.txt 221 | set logging redirect off 222 | set logging on 223 | 224 | set $x = $_nest - 2 225 | while ($x > 0) 226 | printf "\t" 227 | set $x = $x - 1 228 | end 229 | x/i $pc 230 | end 231 | 232 | set logging off 233 | set logging file /dev/null 234 | set logging redirect on 235 | set logging on 236 | stepi 237 | set logging redirect off 238 | set logging off 239 | end 240 | 241 | set $SHOW_CONTEXT = $_saved_ctx 242 | set $SHOW_NEST_INSN = 0 243 | 244 | printf "Done, check ~/gdb_trace_calls.txt\n" 245 | end 246 | document trace_calls 247 | Create a runtime trace of the calls made by target. 248 | Log overwrites(!) the file ~/gdb_trace_calls.txt. 249 | end 250 | 251 | 252 | define trace_run 253 | 254 | printf "Tracing...please wait...\n" 255 | 256 | set $_saved_ctx = $SHOW_CONTEXT 257 | set $SHOW_CONTEXT = 0 258 | set $SHOW_NEST_INSN = 1 259 | set logging overwrite on 260 | set logging file ~/gdb_trace_run.txt 261 | set logging redirect on 262 | set logging on 263 | set $_nest = 1 264 | 265 | while ($_nest > 0) 266 | get_insn_type $pc 267 | # jmp, jcc, or cll 268 | if ($INSN_TYPE == 3) 269 | set $_nest = $_nest + 1 270 | else 271 | # ret 272 | if ($INSN_TYPE == 4) 273 | set $_nest = $_nest - 1 274 | end 275 | end 276 | stepi 277 | end 278 | 279 | printf "\n" 280 | 281 | set $SHOW_CONTEXT = $_saved_ctx 282 | set $SHOW_NEST_INSN = 0 283 | set logging redirect off 284 | set logging off 285 | 286 | # clean up trace file 287 | shell grep -v ' at ' ~/gdb_trace_run.txt > ~/gdb_trace_run.1 288 | shell grep -v ' in ' ~/gdb_trace_run.1 > ~/gdb_trace_run.txt 289 | shell rm -f ~/gdb_trace_run.1 290 | printf "Done, check ~/gdb_trace_run.txt\n" 291 | end 292 | document trace_run 293 | Create a runtime trace of target. 294 | Log overwrites(!) the file ~/gdb_trace_run.txt. 295 | end 296 | 297 | #define ptraceme 298 | # catch syscall ptrace 299 | # commands 300 | # if ($X86 == 1) 301 | # if ($ebx == 0) 302 | # set $eax = 0 303 | # continue 304 | # end 305 | # end 306 | # 307 | # if ($X86_64 == 1) 308 | # if ($rdi == 0) 309 | # set $rax = 0 310 | # continue 311 | # end 312 | # end 313 | # end 314 | # set $ptrace_bpnum = $bpnum 315 | #end 316 | #document ptraceme 317 | #Hook ptrace to bypass PTRACE_TRACEME anti debugging technique 318 | #end 319 | 320 | define rptraceme 321 | if ($ptrace_bpnum != 0) 322 | delete $ptrace_bpnum 323 | set $ptrace_bpnum = 0 324 | end 325 | end 326 | document rptraceme 327 | Remove ptrace hook. 328 | end 329 | -------------------------------------------------------------------------------- /.gdb/window.gdb: -------------------------------------------------------------------------------- 1 | # ______________window size control___________ 2 | define contextsize-stack 3 | if $argc != 1 4 | help contextsize-stack 5 | else 6 | set $CONTEXTSIZE_STACK = $arg0 7 | end 8 | end 9 | document contextsize-stack 10 | Set stack dump window size to NUM lines. 11 | Usage: contextsize-stack NUM 12 | end 13 | 14 | 15 | define contextsize-data 16 | if $argc != 1 17 | help contextsize-data 18 | else 19 | set $CONTEXTSIZE_DATA = $arg0 20 | end 21 | end 22 | document contextsize-data 23 | Set data dump window size to NUM lines. 24 | Usage: contextsize-data NUM 25 | end 26 | 27 | 28 | define contextsize-code 29 | if $argc != 1 30 | help contextsize-code 31 | else 32 | set $CONTEXTSIZE_CODE = $arg0 33 | end 34 | end 35 | document contextsize-code 36 | Set code window size to NUM lines. 37 | Usage: contextsize-code NUM 38 | end 39 | 40 | 41 | define cls 42 | shell clear 43 | end 44 | document cls 45 | Clear screen. 46 | end 47 | -------------------------------------------------------------------------------- /.gdbinit: -------------------------------------------------------------------------------- 1 | ### 2 | # Options 3 | 4 | # set to 0 if you have problems with the colorized prompt - reported by Plouj with Ubuntu gdb 7.2 5 | set $COLOUREDPROMPT = 0 6 | # Colour the first line of the disassembly - default is green, if you want to change it search for 7 | # SETCOLOUR1STLINE and modify it :-) 8 | set $SETCOLOUR1STLINE = 0 9 | # set to 0 to remove display of objectivec messages (default is 1) 10 | set $SHOWOBJECTIVEC = 0 11 | # set to 0 to remove display of cpu registers (default is 1) 12 | set $SHOWCPUREGISTERS = 1 13 | # set to 1 to enable display of stack (default is 0) 14 | set $SHOWSTACK = 0 15 | # set to 1 to enable display of data window (default is 0) 16 | set $SHOWDATAWIN = 0 17 | # set to 0 to disable coloured display of changed registers 18 | set $SHOWREGCHANGES = 1 19 | # set to 1 so skip command to execute the instruction at the new location 20 | # by default it EIP/RIP will be modified and update the new context but not execute the instruction 21 | set $SKIPEXECUTE = 0 22 | # if $SKIPEXECUTE is 1 configure the type of execution 23 | # 1 = use stepo (do not get into calls), 0 = use stepi (step into calls) 24 | set $SKIPSTEP = 1 25 | # show the ARM opcodes - change to 0 if you don't want such thing (in x/i command) 26 | set $ARMOPCODES = 1 27 | # x86 disassembly flavor: 0 for Intel, 1 for AT&T 28 | set $X86FLAVOR = 0 29 | 30 | set $displayobjectivec = 0 31 | 32 | set confirm off 33 | set verbose off 34 | 35 | set output-radix 0x10 36 | set input-radix 0x10 37 | 38 | # These make gdb never pause in its output 39 | set height 0 40 | set width 0 41 | 42 | set $SHOW_CONTEXT = 1 43 | set $SHOW_NEST_INSN = 0 44 | 45 | set $CONTEXTSIZE_STACK = 6 46 | set $CONTEXTSIZE_DATA = 8 47 | set $CONTEXTSIZE_CODE = 8 48 | 49 | # Override configuration options defined above for the local machine. This file 50 | # should never go into version control. 51 | source ~/.gdbinit.local-pre 52 | 53 | # Options 54 | ### 55 | 56 | # without enclosing non-printing escape sequences with \[ \] will cause 57 | # prompt be overwrited 58 | # check http://stackoverflow.com/questions/19092488/custom-bash-prompt-is-overwriting-itself 59 | if $COLOUREDPROMPT == 1 60 | set prompt \001\033[31m\002gdb$ \001\033[0m\002 61 | end 62 | 63 | 64 | ### 65 | # Command files 66 | 67 | source ~/.gdb/setup.gdb 68 | source ~/.gdb/cpu.gdb 69 | source ~/.gdb/data.gdb 70 | 71 | source ~/.gdb/window.gdb 72 | source ~/.gdb/process.gdb 73 | source ~/.gdb/datawin.gdb 74 | source ~/.gdb/dumpjump.gdb 75 | source ~/.gdb/patch.gdb 76 | source ~/.gdb/tracing.gdb 77 | source ~/.gdb/misc.gdb 78 | source ~/.gdb/info.gdb 79 | source ~/.gdb/tips.gdb 80 | source ~/.gdb/macsbug.gdb 81 | source ~/.gdb/carbon.gdb 82 | source ~/.gdb/profile.gdb 83 | 84 | # The following is commented out because it caused errors last time for me (egall) 85 | #source ~/.gdb/kgmacros.gdb 86 | 87 | # Configuration options specific to local machine. This file should never go 88 | # into version control. 89 | source ~/.gdbinit.local 90 | 91 | # Command files 92 | ### 93 | 94 | 95 | ### 96 | # Hooks 97 | 98 | define hook-run 99 | # Attempt to detect the target in case gdb was started with the executable 100 | # as an argument. 101 | setup-detect-target 102 | end 103 | 104 | 105 | define hook-file 106 | # Attempt to detect the target again since a new binary has been loaded. 107 | setup-detect-target 108 | end 109 | 110 | 111 | define hook-core-file 112 | # Attempt to detect the target again since a new core has been loaded. 113 | setup-detect-target 114 | end 115 | 116 | 117 | define hook-stop 118 | # Display instructions formats 119 | hookstopcpu 120 | 121 | # this makes 'context' be called at every BP/step 122 | if ($SHOW_CONTEXT > 0) 123 | context 124 | end 125 | if ($SHOW_NEST_INSN > 0) 126 | set $x = $_nest 127 | while ($x > 0) 128 | printf "\t" 129 | set $x = $x - 1 130 | end 131 | end 132 | end 133 | 134 | # Hooks 135 | ### 136 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .gdbinit.local 2 | .gdb/history 3 | *.DS_Store 4 | -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- 1 | INSTALL INSTRUCTIONS: save as ~/.gdbinit 2 | 3 | DESCRIPTION: A user-friendly gdb configuration file, for x86/x86_64 and ARM 4 | platforms. 5 | 6 | REVISION : 8.0.2 (31/07/2012) 7 | 8 | CONTRIBUTORS: mammon_, elaine, pusillus, mong, zhang le, l0kit, 9 | truthix the cyberpunk, fG!, gln 10 | 11 | FEEDBACK: http://reverse.put.as - reverser@put.as 12 | 13 | NOTES: 'help user' in gdb will list the commands/descriptions in this file 14 | 'context on' now enables auto-display of context screen 15 | 16 | MAC OS X NOTES: If you are using this on Mac OS X, you must either attach gdb to 17 | a process or launch gdb without any options and then load the 18 | binary file you want to analyse with "exec-file" option. If you 19 | load the binary from the command line, like $gdb binary-name, 20 | this will not work as it should. 21 | For more information, read it here 22 | http://reverse.put.as/2008/11/28/apples-gdb-bug/ 23 | 24 | UPDATE: This bug can be fixed in gdb source. Refer to 25 | http://reverse.put.as/2009/08/10/fix-for-apples-gdb-bug-or-why-apple-forks-are-bad/ 26 | and http://reverse.put.as/2009/08/26/gdb-patches/ (if you want the fixed 27 | binary for i386) 28 | 29 | An updated version of the patch and binary is available at 30 | http://reverse.put.as/2011/02/21/update-to-gdb-patches-fix-a-new-bug/ 31 | 32 | iOS NOTES: iOS gdb from Cydia (and Apple's) suffer from the same OS X bug. 33 | If you are using this on Mac OS X or iOS, you must either attach gdb 34 | to a process or launch gdb without any options and then load the 35 | binary file you want to analyse with "exec-file" option. If you load 36 | the binary from the command line, like $gdb binary-name, this will 37 | not work as it should. 38 | For more information, read it 39 | here http://reverse.put.as/2008/11/28/apples-gdb-bug/ 40 | 41 | CHANGELOG: (older changes at the end of the file) 42 | 43 | Version 8.0.2 (31/07/2012) 44 | - Merge pull request from mheistermann to support local modifications in a 45 | .gdbinit.local file 46 | - Add a missing opcode to the stepo command 47 | 48 | Version 8.0.1 (23/04/2012) 49 | - Small bug fix to the attsyntax and intelsyntax commands (changing X86 50 | flavor variable was missing) 51 | 52 | Version 8.0 (13/04/2012) 53 | - Merged x86/x64 and ARM versions 54 | - Added commands intelsyntax and attsyntax to switch between x86 disassembly 55 | flavors 56 | - Added new configuration variables ARM, ARMOPCODES, and X86FLAVOR 57 | - Code cleanups and fixes to the indentation 58 | - Bug fixes to some ARM related code 59 | - Added the dumpmacho command to memory dump the mach-o header to a file 60 | 61 | Version 7.4.4 (02/01/2012) 62 | - Added the "skip" command. This will jump to the next instruction after 63 | EIP/RIP without executing the current one. 64 | Thanks to @bSr43 for the tip to retrieve the current instruction size. 65 | 66 | Version 7.4.3 (04/11/2011) 67 | - Modified "hexdump" command to support a variable number of lines (optional 68 | parameter) 69 | - Removed restrictions on type of addresses in the "dd" command - Thanks to 70 | Plouj for the warning :-) 71 | I don't know what was the original thinking behind those :-) 72 | - Modified the assemble command to support 64bits - You will need to 73 | recompile nasm since the version shipped with OS X doesn't supports 64bits 74 | (www.nasm.us). 75 | Assumes that the new binary is installed at /usr/local/bin - modify the 76 | variable at the top if you need so. 77 | It will assemble based on the target arch being debugged. If you want to 78 | use gdb for a quick asm just use the 32bits or 64bits commands to set your 79 | target. 80 | Thanks to snare for the warning and original patch :-) 81 | - Added "asm" command - it's a shortcut to the "assemble" command. 82 | - Added configuration variable for colorized prompt. Plouj reported some 83 | issues with Ubuntu's gdb 7.2 if prompt is colorized. 84 | 85 | Version 7.4.2 (11/08/2011) 86 | - Small fix to a weird bug happening on FreeBSD 8.2. It doesn't like a "if(" 87 | instruction, needs to be "if (". Weird! 88 | Many thanks to Evan for reporting and sending the patch :-) 89 | - Added the ptraceme/rptraceme commands to bypass PTRACE_TRACME 90 | anti-debugging technique. 91 | Grabbed this from http://falken.tuxfamily.org/?p=171 92 | It's commented out due to a gdb problem in OS X (refer to 93 | http://reverse.put.as/2011/08/20/another-patch-for-apples-gdb-the-definecommands-problem/) 94 | Just uncomment it if you want to use in ptrace enabled systems. 95 | 96 | Version 7.4.1 (21/06/2011) - fG! 97 | - Added patch sent by sbz, more than 1 year ago, which I forgot to add :-/ 98 | This will allow to search for a given pattern between start and end address. 99 | On sbz words: "It's usefull to find call, ret or everything like that." :-) 100 | New command is "search" 101 | 102 | Version 7.4 (20/06/2011) - fG! 103 | - When registers change between instructions the colour will change to red 104 | (like it happens in OllyDBG). 105 | This is the default behavior, if you don't like it, modify the variable 106 | SHOWREGCHANGES 107 | - Added patch sent by Philippe Langlois 108 | Colour the first disassembly line - change the setting below on 109 | SETCOLOUR1STLINE - by default it's disabled 110 | 111 | Version 7.3.2 (21/02/2011) - fG! 112 | - Added the command rint3 and modified the int3 command. The new command 113 | will restore the byte in previous int3 patch. 114 | 115 | Version 7.3.1 (29/06/2010) - fG! 116 | - Added enablelib/disablelib command to quickly set the 117 | stop-on-solib-events trick 118 | - Implemented the stepoh command equivalent to the stepo but using hardware 119 | breakpoints 120 | - More fixes to stepo 121 | 122 | Version 7.3 (16/04/2010) - fG! 123 | - Support for 64bits targets. Default is 32bits, you should modify the 124 | variable or use the 32bits or 64bits to choose the mode. 125 | I couldn't find another way to recognize the type of binary… Testing the 126 | register doesn't work that well. 127 | TODO: fix objectivec messages and stepo for 64bits 128 | 129 | Version 7.2.1 (24/11/2009) - fG! 130 | - Another fix to stepo (0xFF92 missing) 131 | 132 | Version 7.2 (11/10/2009) - fG! 133 | - Added the smallregisters function to create 16 and 8 bit versions from the 134 | registers EAX, EBX, ECX, EDX 135 | - Revised and fixed all the dumpjump stuff, following Intel manuals. There 136 | were some errors (thx to rev who pointed the jle problem). 137 | - Small fix to stepo command (missed a few call types) 138 | 139 | Version 7.1.7 - fG! 140 | - Added the possibility to modify what's displayed with the context window. 141 | You can change default options at the gdb options part. For example, 142 | kernel debugging is much slower if the stack display is enabled... 143 | - New commands enableobjectivec, enablecpuregisters, enablestack, 144 | enabledatawin and their disable equivalents (to support realtime change of 145 | default options) 146 | - Fixed problem with the assemble command. I was calling /bin/echo which 147 | doesn't support the -e option ! DUH ! Should have used bash internal 148 | version. 149 | - Small fixes to colours... 150 | - New commands enablesolib and disablesolib. Just shortcuts for the 151 | stop-on-solib-events fantastic trick ! Hey... I'm lazy ;) 152 | - Fixed this: Possible removal of "u" command, info udot is missing in gdb 153 | 6.8-debian . Doesn't exist on OS X so bye bye !!! 154 | - Displays affected flags in jump decisions 155 | 156 | Version 7.1.6 - fG! 157 | - Added modified assemble command from Tavis Ormandy (further modified to 158 | work with Mac OS X) (shell commands used use full path name, working for 159 | Leopard, modify for others if necessary) 160 | - Renamed thread command to threads because thread is an internal gdb 161 | command that allows to move between program threads 162 | 163 | Version 7.1.5 (04/01/2009) - fG! 164 | - Fixed crash on Leopard! There was a If Else condition where the else had 165 | no code and that made gdb crash on Leopard (CRAZY!!!!) 166 | - Better code indention 167 | 168 | Version 7.1.4 (02/01/2009) - fG! 169 | - Bug in show objective c messages with Leopard ??? 170 | - Nop routine support for single address or range (contribution from gln 171 | [ghalen at hack.se]) 172 | - Used the same code from nop to null routine 173 | 174 | Version 7.1.3 (31/12/2008) - fG! 175 | - Added a new command 'stepo'. This command will step a temporary breakpoint 176 | on next instruction after the call, so you can skip over the call. Did 177 | this because normal commands not always skip over (mainly with 178 | objc_msgSend) 179 | 180 | Version 7.1.2 (31/12/2008) - fG! 181 | - Support for the jump decision (will display if a conditional jump will be 182 | taken or not) 183 | 184 | Version 7.1.1 (29/12/2008) - fG! 185 | - Moved gdb options to the beginning (makes more sense) 186 | - Added support to dump message being sent to msgSend (easier to understand 187 | what's going on) 188 | 189 | Version 7.1 190 | - Fixed serious (and old) bug in dd and datawin, causing dereference of 191 | obviously invalid address. See below: 192 | gdb$ dd 0xffffffff 193 | FFFFFFFF : Cannot access memory at address 0xffffffff 194 | 195 | Version 7.0 196 | - Added cls command. 197 | - Improved documentation of many commands. 198 | - Removed bp_alloc, was neither portable nor usefull. 199 | - Checking of passed argument(s) in these commands: 200 | contextsize-stack, contextsize-data, contextsize-code 201 | bp, bpc, bpe, bpd, bpt, bpm, bhb,... 202 | - Fixed bp and bhb inconsistencies, look at * signs in Version 6.2 203 | - Bugfix in bhb command, changed "break" to "hb" command body 204 | - Removed $SHOW_CONTEXT=1 from several commands, this variable 205 | should only be controlled globally with context-on and context-off 206 | Improved stack, func, var and sig, dis, n, go,... 207 | they take optional argument(s) now 208 | - Fixed wrong $SHOW_CONTEXT assignment in context-off 209 | - Fixed serious bug in cft command, forgotten ~ sign 210 | - Fixed these bugs in step_to_call: 211 | 1) the correct logging sequence is: 212 | set logging file > set logging redirect > set logging on 213 | 2) $SHOW_CONTEXT is now correctly restored from $_saved_ctx 214 | - Fixed these bugs in trace_calls: 215 | 1) the correct logging sequence is: 216 | set logging file > set logging overwrite > 217 | set logging redirect > set logging on 218 | 2) removed the "clean up trace file" part, which is not needed now, 219 | stepi output is properly redirected to /dev/null 220 | 3) $SHOW_CONTEXT is now correctly restored from $_saved_ctx 221 | - Fixed bug in trace_run: 222 | 1) $SHOW_CONTEXT is now correctly restored from $_saved_ctx 223 | - Fixed print_insn_type -- removed invalid semicolons!, wrong value checking 224 | - Added TODO entry regarding the "u" command 225 | - Changed name from gas_assemble to assemble_gas due to consistency 226 | - Output from assemble and assemble_gas is now similar, because i made 227 | both of them to use objdump, with respect to output format (AT&T|Intel). 228 | - Whole code was checked and made more consistent, readable/maintainable. 229 | 230 | Version 6.2 231 | - Add global variables to allow user to control stack, data and code window 232 | sizes 233 | - Increase readability for registers 234 | - Some corrections (hexdump, ddump, context, cfp, assemble, gas_asm, tips, 235 | prompt) 236 | 237 | Version 6.1-color-user 238 | - Took the Gentoo route and ran sed s/user/user/g 239 | 240 | Version 6.1-color 241 | - Added color fixes from 242 | http://gnurbs.blogsome.com/2006/12/22/colorizing-mamons-gdbinit/ 243 | 244 | Version 6.1 245 | - Fixed filename in step_to_call so it points to /dev/null 246 | - Changed location of logfiles from /tmp to ~ 247 | 248 | Version 6 249 | - Added print_insn_type, get_insn_type, context-on, context-off commands 250 | - Added trace_calls, trace_run, step_to_call commands 251 | - Changed hook-stop so it checks $SHOW_CONTEXT variable 252 | 253 | Version 5 254 | - Added bpm, dump_bin, dump_hex, bp_alloc commands 255 | - Added 'assemble' by elaine, 'gas_asm' by mong 256 | - Added Tip Topics for aspiring users ;) 257 | 258 | Version 4 259 | - Added eflags-changing insns by pusillus 260 | - Added bp, nop, null, and int3 patch commands, also hook-stop 261 | 262 | Version 3 263 | - Incorporated elaine's if/else goodness into the hex/ascii dump 264 | 265 | Version 2 266 | - Radix bugfix by elaine 267 | -------------------------------------------------------------------------------- /README.markdown: -------------------------------------------------------------------------------- 1 | # dotgdb 2 | 3 | This project was based on [Gdbinit](https://github.com/gdbinit/Gdbinit) by 4 | [fG!](http://reverse.put.as/) which in turn is based on work by the following 5 | people: 6 | 7 | * mammon_ 8 | * elaine 9 | * pusillus 10 | * mong 11 | * zhang le 12 | * l0kit 13 | * truthix the cyberpunk 14 | * gln 15 | 16 | 17 | Currently there is support for the following architectures: 18 | 19 | * x86 20 | * x86-64 21 | * arm 22 | * mips 23 | 24 | 25 | ## How do I install it? 26 | 27 | Clone the project from git://github.com/dholm/dotgdb.git and symbolically link 28 | *.gdb* and *.gdbinit* into your home directory. 29 | 30 | 31 | ## Commands 32 | 33 | This section is incomplete. 34 | 35 | ### Data 36 | 37 | ``` 38 | * hexdump 39 | 40 | Display a 16-byte hex/ASCII dump of memory starting at address ADDR. 41 | Optional parameter is the number of lines to display if you want more than 42 | one. 43 | 44 | Usage: hexdump ADDR [nr lines] 45 | ``` 46 | 47 | ``` 48 | * search 49 | 50 | Search for the given pattern beetween $start and $end address. 51 | 52 | Usage: search 53 | ``` 54 | 55 | ``` 56 | * ascii_char 57 | 58 | Print ASCII value of byte at address ADDR. 59 | Print "." if the value is unprintable. 60 | 61 | Usage: ascii_char ADDR 62 | ``` 63 | 64 | ``` 65 | * hex_quad 66 | 67 | Print eight hexadecimal bytes starting at address ADDR. 68 | 69 | Usage: hex_quad ADDR 70 | ``` 71 | 72 | 73 | ### CPU 74 | 75 | ``` 76 | * context 77 | 78 | Print context window, i.e. regs, stack, ds:esi and disassemble cs:eip. 79 | ``` 80 | 81 | ``` 82 | * context-on 83 | 84 | Enable display of context on every program break. 85 | ``` 86 | 87 | ``` 88 | * context-off 89 | 90 | Disable display of context on every program break. 91 | ``` 92 | 93 | ``` 94 | * dis 95 | 96 | Disassemble a specified section of memory. 97 | Default is to disassemble the function surrounding the PC (program counter) 98 | of selected frame. 99 | With one argument, ADDR1, the function surrounding this address is dumped. 100 | Two arguments are taken as a range of memory to dump. 101 | 102 | Usage: dis 103 | ``` 104 | 105 | ``` 106 | * flags 107 | 108 | Print flags register. 109 | ``` 110 | 111 | ``` 112 | * eflags 113 | 114 | Print eflags register. 115 | ``` 116 | 117 | ``` 118 | * reg 119 | 120 | Print CPU registers. 121 | ``` 122 | 123 | ``` 124 | * cfn 125 | 126 | Change Negative/Less Than Flag. 127 | ``` 128 | 129 | ``` 130 | * cfc 131 | 132 | Change Carry Flag. 133 | ``` 134 | 135 | ``` 136 | * cfp 137 | 138 | Change Parity Flag. 139 | ``` 140 | 141 | ``` 142 | * cfa 143 | 144 | Change Auxiliary Carry Flag. 145 | ``` 146 | 147 | ``` 148 | * cfz 149 | 150 | Change Zero Flag. 151 | ``` 152 | 153 | ``` 154 | * cfs 155 | 156 | Change Sign Flag. 157 | ``` 158 | 159 | ``` 160 | * cft 161 | 162 | Change Trap Flag. 163 | ``` 164 | 165 | ``` 166 | * cfi 167 | 168 | Change Interrupt Flag. 169 | Only privileged applications (usually the OS kernel) may modify IF. 170 | This only applies to protected mode (real mode code may always modify IF). 171 | ``` 172 | 173 | ``` 174 | * cfd 175 | 176 | Change Direction Flag. 177 | ``` 178 | 179 | ``` 180 | * cfo 181 | 182 | Change Overflow Flag. 183 | ``` 184 | 185 | ``` 186 | * cfv 187 | 188 | Change Overflow Flag. 189 | ``` 190 | 191 | 192 | ### Patch 193 | 194 | ``` 195 | * nop 196 | 197 | Patch a single byte at address ADDR1, or a series of bytes between ADDR1 and 198 | ADDR2 to a NOP instruction. 199 | 200 | Usage: nop ADDR1 [ADDR2] 201 | ``` 202 | 203 | ``` 204 | * null 205 | 206 | Patch a single byte at address ADDR1 to NULL (0x00), or a series of bytes 207 | between ADDR1 and ADDR2. 208 | 209 | Usage: null ADDR1 [ADDR2] 210 | ``` 211 | 212 | ``` 213 | * assemble 214 | 215 | Assemble instructions using nasm. 216 | Type a line containing "end" to indicate the end. 217 | If an address is specified, insert/modify instructions at that address. 218 | If no address is specified, assembled instructions are printed to stdout. 219 | Use the pseudo instruction "org ADDR" to set the base address. 220 | ``` 221 | 222 | ``` 223 | * assemble_gas 224 | 225 | Assemble instructions to binary opcodes. Uses GNU as and objdump. 226 | 227 | Usage: assemble_gas 228 | ``` 229 | 230 | ``` 231 | * dump_hexfile 232 | 233 | Write a range of memory to a file in Intel ihex (hexdump) format. 234 | The range is specified by ADDR1 and ADDR2 addresses. 235 | 236 | Usage: dump_hexfile FILENAME ADDR1 ADDR2 237 | ``` 238 | 239 | ``` 240 | * dump_binfile 241 | 242 | Write a range of memory to a binary file. 243 | The range is specified by ADDR1 and ADDR2 addresses. 244 | 245 | Usage: dump_binfile FILENAME ADDR1 ADDR2 246 | ``` 247 | 248 | ``` 249 | * dumpmacho 250 | 251 | Dump the Mach-O header to a file. 252 | You need to input the start address (use info shared command to find it). 253 | 254 | Usage: dumpmacho STARTADDRESS FILENAME 255 | ``` 256 | 257 | 258 | ### Tracing 259 | 260 | ``` 261 | * n 262 | 263 | Step one instruction, but proceed through subroutine calls. 264 | If NUM is given, then repeat it NUM times or till program stops. 265 | This is alias for nexti. 266 | 267 | Usage: n 268 | ``` 269 | 270 | ``` 271 | * go 272 | 273 | Step one instruction exactly. 274 | If NUM is given, then repeat it NUM times or till program stops. 275 | This is alias for stepi. 276 | 277 | Usage: go 278 | ``` 279 | 280 | ``` 281 | * init 282 | 283 | Run program and break on _init(). 284 | ``` 285 | 286 | ``` 287 | * start 288 | 289 | Run program and break on _start(). 290 | ``` 291 | 292 | ``` 293 | * sstart 294 | 295 | Run program and break on __libc_start_main(). 296 | Useful for stripped executables. 297 | ``` 298 | 299 | ``` 300 | * main 301 | 302 | Run program and break on main(). 303 | ``` 304 | 305 | ``` 306 | * stepo 307 | 308 | Step over calls (interesting to bypass the ones to msgSend in Objective-C). 309 | This function will set a temporary breakpoint on next instruction after the 310 | call so the call will be bypassed. 311 | You can safely use it instead nexti or n since it will single step code if 312 | it's not a call instruction (unless you want to go into the call function). 313 | ``` 314 | 315 | ``` 316 | * stepoh 317 | 318 | Same as stepo command but uses temporary hardware breakpoints. 319 | ``` 320 | 321 | ``` 322 | * step_to_call 323 | 324 | Single step until a call instruction is found. 325 | Stop before the call is taken. 326 | Log is written into the file ~/gdb.txt. 327 | ``` 328 | 329 | ``` 330 | * trace_calls 331 | 332 | Create a runtime trace of the calls made by target. 333 | Log overwrites(!) the file ~/gdb_trace_calls.txt. 334 | ``` 335 | 336 | ``` 337 | * trace_run 338 | 339 | Create a runtime trace of target. 340 | Log overwrites(!) the file ~/gdb_trace_run.txt. 341 | ``` 342 | 343 | ``` 344 | * dumpjump 345 | 346 | Display if conditional jump will be taken or not. 347 | ``` 348 | 349 | 350 | ### Breakpoints 351 | 352 | ``` 353 | * bpl 354 | 355 | List all breakpoints. 356 | ``` 357 | 358 | ``` 359 | * bp 360 | 361 | Set breakpoint. 362 | 363 | Usage: bp LOCATION 364 | LOCATION may be a line number, function name, or "*" and an address. 365 | To break on a symbol you must enclose symbol name inside "". 366 | Example: 367 | bp "[NSControl stringValue]" 368 | Or else you can use directly the break command (break [NSControl 369 | stringValue]) 370 | ``` 371 | 372 | ``` 373 | * bpc 374 | 375 | Clear breakpoint. 376 | 377 | Usage: bpc LOCATION 378 | LOCATION may be a line number, function name, or "*" and an address. 379 | ``` 380 | 381 | ``` 382 | * bpe 383 | 384 | Enable breakpoint with number NUM. 385 | 386 | Usage: bpe NUM 387 | ``` 388 | 389 | ``` 390 | * bpd 391 | 392 | Disable breakpoint with number NUM. 393 | 394 | Usage: bpd NUM 395 | ``` 396 | 397 | ``` 398 | * bpt 399 | 400 | Set a temporary breakpoint. 401 | This breakpoint will be automatically deleted when hit!. 402 | 403 | Usage: bpt LOCATION 404 | LOCATION may be a line number, function name, or "*" and an address. 405 | ``` 406 | 407 | ``` 408 | * bpm 409 | 410 | Set a read/write breakpoint on EXPRESSION, e.g. *address. 411 | 412 | Usage: bpm EXPRESSION 413 | ``` 414 | 415 | ``` 416 | * bhb 417 | 418 | Set hardware assisted breakpoint. 419 | 420 | Usage: bhb LOCATION 421 | LOCATION may be a line number, function name, or "*" and an address. 422 | ``` 423 | 424 | ``` 425 | * bht 426 | 427 | Set a temporary hardware breakpoint. 428 | This breakpoint will be automatically deleted when hit! 429 | 430 | Usage: bht LOCATION 431 | LOCATION may be a line number, function name, or "*" and an address. 432 | ``` 433 | 434 | 435 | ### Information 436 | 437 | ``` 438 | * stack 439 | 440 | Print backtrace of the call stack, or innermost COUNT frames. 441 | 442 | Usage: stack 443 | ``` 444 | 445 | ``` 446 | * frame 447 | 448 | Print stack frame. 449 | ``` 450 | 451 | ``` 452 | * func 453 | 454 | Print all function names in target, or those matching REGEXP. 455 | 456 | Usage: func 457 | ``` 458 | 459 | ``` 460 | * var 461 | 462 | Print all global and static variable names (symbols), or those matching 463 | REGEXP. 464 | 465 | Usage: var 466 | ``` 467 | 468 | ``` 469 | * lib 470 | 471 | Print shared libraries linked to target. 472 | ``` 473 | 474 | ``` 475 | * sig 476 | 477 | Print what debugger does when program gets various signals. 478 | Specify a SIGNAL as argument to print info on that signal only. 479 | 480 | Usage: sig 481 | ``` 482 | 483 | ``` 484 | * threads 485 | 486 | Print threads in target. 487 | ``` 488 | 489 | 490 | ### Tips 491 | 492 | ``` 493 | * tips 494 | 495 | Provide a list of tips from users on various topics. 496 | ``` 497 | 498 | ``` 499 | * tip_patch 500 | 501 | Tips on patching memory and binary files. 502 | ``` 503 | 504 | ``` 505 | * tip_strip 506 | 507 | Tips on dealing with stripped binaries. 508 | ``` 509 | 510 | ``` 511 | * tip_syntax 512 | 513 | Summary of Intel and AT&T syntax differences. 514 | ``` 515 | 516 | ``` 517 | * tip_display 518 | 519 | Tips on automatically displaying values when a program stops. 520 | ``` 521 | 522 | ### MacsBug 523 | Type `MACSBUG_HELP` to summarize the MacsBug commands 524 | 525 | --------------------------------------------------------------------------------