Python RE extensions for GDB
Over at ‘The Grey Corner’ blog, there’s a nice article presenting the author’s Python extensions to aid in reverse engineering with GDB.
If you started to learn reverse engineering and exploit development on 32 bit Windows systems as I did, you were probably very unimpressed when you first attempted to try out your skills on *nix machines and started (trying to) use gdb. I know I was.
Gdb is quite powerful, but it seems to be focused more on debugging applications with source and debug symbols. While its certainly possible to debug applications while only having access to the stripped binary, a lot of gdb’s frequently used features aren’t that useful. Gdb wasnt designed with a focus on reverse engineering in mind, and neither were a lot of the various gdb GUI front ends. Things that are simple in OllyDbg such as getting an immediate view of the stack, disassembly and register values every time the program stopped, or searching for a particular value through all of program memory are just painful.
Thats why the last time I had to reverse engineer an application on Mac OSX, I wrote some extensions for gdb using the Python API that was added to gdb in version 7. These extensions consisted of a few new gdb commands, as well as some nifty hooks that enabled me to get the necessary information out of the program in a way that I was familiar with.