Here you have the patches I did for GDB:

  • To fix problem with gdbinit
  • To display raw bytes in x/i and disassemble commands
  • To warn about possible number of sections anti-debug trick

You can download a single patch for all changes or one for each individual change. A patched GDB binary for Intel only is available, if you trust my binaries (copy to /usr/libexec/gdb). PHP max upload size doesn’t let me add the patched source package (can’t change it due to its impact on others).

I removed symbolic name printing from the x/i command because I couldn’t find an easy workaround to have all the output aligned. GDB table system has problems and it doesn’t work well with large columns. Nevertheless the symbolic name (when available) is printed everytime breakpoint is hit and if you really need it, you can use the disassemble command to see where you are (not removed there).

The anti-debug patch just warns about the possible trick. Unless dyld bug is fixed there’s no much interest in automatically fixing the headers. If you want to test it, you can use HT Editor to easily modify the nsects. Keep in mind that HTE only supports non-fat binaries!

This is how it looks:

gdb screenshot

Have fun,

SHA1(all_patches.patch)= 74ee59cc213202d2d99c11ca8cde841890a7c7b6
SHA1(number_sects_anti_debug.patch)= 628498adc71b91447ba8860cec3829acf0eb7f46
SHA1(gdbinit_problem.patch)= efd8ab19d2675d601f02aa7f3b7ca21a9bee7704
SHA1(show_raw_bytes.patch)= 6ba57a401c1d3c0f6d7b31743da79ec63603752e
SHA1(gdb-i386-apple-darwin.bz2)= 4ce058eb26639bba0ab9974ace27adeeef446905

If you put the patch inside gdb-768 dir you might want to use -p2 option for patch (the diffs came out of my hg repository).