gdb stands for GNU Project Debugger. It is, as the name says, a debugger, and can be used in reverse engineering in order to disassemble and analyze binary files.
In order to run it, you must execute:
So, the default syntax of gdb is AT&T. Since here we mainly use Intel syntax we may change it using
set disassembly-flavor intel
So, in order to disassemble a function you must use
It is important to notice that the program will be as it shows in memory, but you can use another software in order to visualize better the control flow of it.
Enter is pressed the last it is equivalent to typing and running the last command again.
run arg1, arg2...
Runs the program and, if provided, with the arguments arg1, arg2, ...
Sets a breakpoint at the given address. Can be used with function name insted of address.
Removes all the breakpoints
Step one instruction
Like si, but not showing execution of function calls (skipping them).
Sets register (eax for example) with value given 'x'
Define hook of stops, like the example below:
define hook-stopinfo registersx/24wx $espx/2i $eipend
Shows the value at the registers of the given program at that moment
Prints register "reg" content as hexadecimal
Prints register "reg" content as ascii
Prints the stack of the program (24 words)
Prints the next two instructions.
Prints address of function
Prints the address and return type of function
info proc mappings
Show the map of memory