If you’re working in either IoT or cybersecurity, you’re likely using GDB (and LLVM, WinDbg, and so on). GDB is very powerful, but the commands can be difficult to keep in mind. I mean, so you can see what’s in EIP, it seems okay, but you need to trace a value at the end of some pointer chain staring in RAX. And, you can’t really tell where the valid pointer is, and ARRRRRRGGGH I JUST HIT ‘N’ NOT ‘SI’ SO I NEED TO START OVER.
Yeah, we’ve all been there.
So, I’ve been working on a few different projects over the past few months that make this a bit easier. Specifically, they’re a few projects hosted on GitHub, and they’ve made GDB much faster for me to use, and I was pretty comfortable there, to begin with. They’re GDBInit from OSXReverser, GEF, gdb-dashboard, and PwnDbg.
Let’s start with OSXReverser’s GDBinit. This, or something very similar to it, used to be packaged in BackTrack Linux (the precursor to Kali Linux). I started using it then and really enjoyed it. What I really liked about it was that it was lightweight and showed me most everything I needed to see after each step. I still recommend this configuration, as it’s easy to install, and it’s a great entry point for GDB customization.
GEF (pronounced ‘Jeff’) is a powerful, but still lightweight, configuration for GDB. GEF shows most any information you’d need and has a very similar layout to what you’d see in a graphical binary debugger. It has a layout positioned just above the command line where you can enter typical GDB commands. It shows registers, automatically dereferencing pointers. It also shows the current stack state, again dereferencing pointers for easy data access. It will show disassembly, the state of the debugging session, active threads, and source code, if available. Overall, I really like GEF. I found the layout easy to use and it helped me understand the structure of programs I was working with. I did have problems with paging not working as I would have expected though.
GEF, gdb-dashboard, and PwnDbg all use a somewhat similar interface overall.
Gdb-dashboard uses GDB’s python API to improve the overall user experience. This seems to be the most active project today, as it was just updated while I was writing this. I found it easy to use overall, and not too invasive to install. It provides the ability to display the dashboard or individual modules of the dashboard in other terminals, which is very powerful and makes the overall layout surprisingly customizable. As far as I can tell, this is the only GDB extension that has this particular feature.
PwnDbg is similar to GEF and gdb-dashboard, but has a bit more of a cybersecurity bent, integrating things like ropper into the GDB command line. It has what seems to be the most invasive installation though, installing a significant number of python libraries, as well as python 2. It also uses GDB’s python extensions
Overall, they’re all really powerful, and will make your time in GDB more efficient. Honestly, I use all of them, swapping GDBInit files whenever I get tired of one. Give them a shot! I’m sure one of these will work for you too.