GDB is not quite friendly for someone who is used to ollydbg , immunity or ida but GDB script is an amazing tool for analyse code if you know some nifty trick. For some reverse engineering job, I was lucky to have a go at it and here are a few notes for the future me:
#Saving breakpoints
define bsave
save-breakpoints san.bp
end
#Restore breakpoints
define brestore
source san.bp
end
#Logging stuffs to a file
define sanLog
set logging file /var/root/san.out
set logging on
end
#Logging without stdout
define sanLogNoSTDOUT
set logging redirect on
set logging file /var/root/san.out
set logging on
end
define gothoughAllinstruction
while(1)
if ($pc < 0x00C25494) #size of main code
p/x $pc
ni #next instruction
else
n #if the code is outside of main (import lib for ex) then get past it ASAP
end
end
define sanMod
# i reg r0 r1 r3 r4 r5 r6 r7 r8 r9 r10 r11 r12 sp lr pc #print out all registers
if ($pc == 0x00859fff)
printf "something meaningful here:"
x/s $r0 #print r0 register in string form
x/x $r1 #print r1 in hex form
end
thread apply 1 where #if there are multiple thread, this would run "where"(similar to "i stacks") on thread 1(eg main thread (you can get this info by running "i threads"))
printf "\n--------------------------------------------------\n"
end
In IDA, we can use this information to color the code and see which instruction the device goes through:
from idautils import *
from idc import *
def main():
# SetColor(int("0039EAE8",16), CIC_ITEM, 0xF4A430)
print "Color it up!"
f = open('c:\\blah\\firstrun.out','r')
for i in f:
if (i[0:2] == "0x"):
SetColor(int(i[2:10],16), CIC_ITEM, 0xF4A430)
if __name__ == '__main__':
main()
