ARM GDB script

GDB is not quite friendly for someone who is used to ollydbg , immunity or ida but GDB script is an amazing tool for analyse code if you know some nifty trick. For some reverse engineering job, I was lucky to have a go at it and here are a few notes for the future me:

#Saving breakpoints
define bsave
    save-breakpoints san.bp
end
#Restore breakpoints
define brestore
  source san.bp
end

#Logging stuffs to a file
define sanLog
  set logging file /var/root/san.out
  set logging on
end
#Logging without stdout
define sanLogNoSTDOUT
  set logging redirect on
  set logging file /var/root/san.out
  set logging on
end

define gothoughAllinstruction
        while(1)
        if ($pc < 0x00C25494)  #size of main code
                p/x $pc
                ni             #next instruction
        else
                n              #if the code is outside of main (import lib for ex) then get past it ASAP
        end
end

define sanMod
#       i reg r0 r1 r3 r4 r5 r6 r7 r8 r9 r10 r11 r12 sp lr pc   #print out all registers
        if ($pc == 0x00859fff)   
                printf "something meaningful here:"
                x/s $r0 #print r0 register in string form
                x/x $r1  #print r1 in hex form
        end
        thread apply 1 where   #if there are multiple thread, this would run "where"(similar to "i stacks") on thread 1(eg main thread (you can get this info by running "i threads"))
        printf "\n--------------------------------------------------\n"
end

In IDA, we can use this information to color the code and see which instruction the device goes through:

 

from idautils import *
from idc import *

def main():
#  SetColor(int("0039EAE8",16), CIC_ITEM, 0xF4A430)
  print "Color it up!"
  f = open('c:\\blah\\firstrun.out','r')
  for i in f:
    if (i[0:2] == "0x"):
      SetColor(int(i[2:10],16), CIC_ITEM, 0xF4A430)

if __name__ == '__main__':
  main()