A book on binary analysis using tools in Linux would not be complete without also covering the GDB. As you may recall from the previous chapter, GDB is used in the dynamic analysis phase of our methodology. GDB is a very feature-rich tool with plenty of extensibility. For example, PWNDBG is a Python-based module for GDB that simplifies some of the commands and tasks of a vanilla installation of GDB. It can come in handy if using GDB is your only option for debuggers during dynamic analysis. While there is no GUI for GDB, there are some display options to cleanly format the output with pertinent information. We will examine a couple of these layout options in this recipe.

This tool can fill an entire book on its own, and sort of already has. There's no way we could cover GDB in its entirety in just one recipe, so instead, we'll cover as much of the important commands and functionality as we are able to fit in the confines of these pages. In this recipe, we'll work on using commands to interrogate registers, alter variables, and configure default syntax to use the Intel syntax format. We'll also step through instructions, examine the stack, learn how to set breakpoints, and more. This will be a long recipe, but it will be well worth it to spend sufficient time learning this tool. The rest of this book is going to focus on examining a disassembled binary using the tools we've already covered thus far. GDB will be an important part of each recipe going forward.