Small gdbinit update…

Things have been very quiet since the beginning of September… Well my MBA has started and my free time until now has been ZERO ! It has been a fun but very busy ride and comeback to the world of economics. The first weeks are recruit like, pretty intensive with many assignments to be delivered. The recruit is now over and I should have more free time for playing again with reversing 🙂

I just finished a small update to gdbinit. There were some bugs at the function that signaled conditional jumps so I revised it and everything should be fine now. The other thing that I have added was support for 8 and 16 bit versions of EAX,EBX,ECX and EDX registers. I don’t know why but gdb doesn’t have them and as usual I like to make things easier. So you can just use print or x/x to display $ax,$bx,$cx,$dx and $ah,$al, etc etc etc.

The next thing to update is Onyx for Snow Leopard. I just gave a very quick look at Snow Leopard source and at least proc structure is modified (some small additions). I have to check if the trick still works.

Well that should be everything for now… Gotta get back to my readings (well at least this one is about Information Systems!) 🙂

Have fun!
fG!

gdbinit72 (SHA1(gdbinit72)= cbd9c528e1730978563be2c26e2cd79d2ccdc925)

The latest version can always be found here.

7 thoughts on “Small gdbinit update…

  1. Hi there,

    thx for the cool ‘n interesting stuff … I have snow leopard running and would like to benefit from your gdb/gdbinit patches because i like your “softice” like contex view. However on snow leoprad your compiled binary isn’t working. gdb on 10.6.1 seems to be gdb-1344. Is here any possibility to “port” the patches to this version?

    Greets,

    SF666

    1. Hello,

      You should be able to patch without any problems. For what I saw there were no updates on that version, Apple just increased the build number.
      Just try to apply the patches and compile it with the method that is in a past article.
      I still haven’t upgraded to Snow Leopard so I can’t yet compile a version for it.

      fG!

  2. Hi,

    you’re right! Thank you very much.

    I followed your instructions (Jan 2009) to compile gdb with darwinbuild. I had to make minor modifications for SnowLeopard. To all whom it may concern:

    1.) Build-Target for SnowLeopard 10.6.1 is “10B504”, so change all references from “Build9G55” to “10B504”

    # mkdir Build10B504 (this is for Leopard 10.6.1)
    # cd Build10B504
    # darwinbuild -init 10B504

    2) The “environment-section”

    – changed UNAME_RELEASE to “UNAME_RELEASE = 10.0”
    – changed RC_RELEASE to “RC_RELEASE = SnowLeopard”
    – changed MACOSX_DEPLOYMENT_TARGET to “MACOSX_DEPLOYMENT_TARGET = 10.6”

    3) Patching the sources

    Following the tutorial, now it’s time to build gdb

    # darwinbuild -nochroot gdb

    You get an unpatched gdb. All sources are now expanded.

    * Patch sources located at /Volumes/Builds/Build10B504/BuildRoot/SourceCache/gdb/gdb-1344

    # cd /Volumes/Builds/Build10B504/BuildRoot/SourceCache/gdb/gdb-1344
    # patch -p2 < patchfile

    * create source-archive /Volumes/Builds/Build10B504/Sources/gdb-1344.tar.gz

    # cd /Volumes/Builds/Build10B504/BuildRoot/SourceCache/gdb
    # tar cfz /Volumes/Builds/Build10B504/Sources/gdb-1344.tar.gz gdb-1344/*

    By executing

    # darwinbuild -nochroot gdb

    you get a patched gdb. Copy this file as described.

    SF666

  3. Hey, thanks for the great gdbinit file! It looks real nice.. unfortunately, I have a problem that’s stopping me from using context (and stopping hook-stop from executing context) – I attach here the output I get:

    ————————————————————————–[regs]
    EAX:Error while running hook_stop:
    Value can’t be converted to integer.

    (if running context alone, only “Value..” shows)

    I’ve tried using it with the original gdb, with your binary gdb and with my compiled (+patched) gdb via darwinbuild.. no avail.

    Can you shed some light?

  4. Nevermind my stupidity!

    Forgot to use lipo to extract out the x86_64 / i386.. gdb tried to run the x86_64 hence all the void in eax, ebx..

    1. HEHEHEHEH !!!

      I have to find a way to update the gdbinit for x86_64 without creating two different versions. Need to explore that and see if it’s possible since I plan to move to Snow Leopard soon !

      Have fun !

Leave a Reply

Your email address will not be published. Required fields are marked *