Menu
I can use call to run c functions ,but how to run assembly or even shell code directly?
756
From within gdb press Ctrl x 2 and the screen will split into 3 parts. First part will show you the normal code in high level language. Second will show you the assembly equivalent and corresponding instruction Pointer .
You start debugging by clicking Start Debugging on the Debug menu. On the Start Debugging dialog box, check Enable Assembler debugging, then click OK. If you debug the module again during the same session, you can start it by clicking Start Debugging, Run or Debug.
To execute one line of code, type "step" or "s". If the line to be executed is a function call, gdb will step into that function and start executing its code one line at a time. If you want to execute the entire function with one keypress, type "next" or "n".
If AUTO, GDB will display disassembly of next instruction only if the source line cannot be displayed. This setting causes GDB to display some feedback when you step through a function with no line info or whose source file is unavailable.
To execute shell code, you can edit a function's contents directly:
(gdb) b foo
Breakpoint 1 at 0x400608
(gdb) run
Breakpoint 1, 0x0000000000400608 in foo ()
(gdb) x/16bx foo
0x400604 <foo>: 0x55 0x48 0x89 0xe5 0x53 0x48 0x81 0xec
(gdb) set ((unsigned char *)foo)[6] = 0x85
(gdb) x/16bx foo
0x400604 <foo>: 0x55 0x48 0x89 0xe5 0x53 0x48 0x85 0xec
(gdb) cont
I don't know how to execute opcodes from within gdb, but you can certainly do whatever you want with registers. For instance, instead of mov %rbx, %rax you can use set $rax = $rbx:
(gdb) p $rax
$1 = 3671197290184
(gdb) set $rax = $rbx
(gdb) p $rax
$2 = 0
(gdb)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
