I decided to mess around with this blog template style sheets and use a better font and change some minor things. I added three new pages at the navigation bar – one with all available gdbinit files in this site, another for my GDB patches and a tag cloud (still have to tag old posts). I will also add a page with all source code published here.
This small gdbinit update implements some fixes and a new command rint3 (check the file header for the changelog). This command will restore a previous int3 patch issued with int3 command. For example, you use the int3 command to manually add a software breakpoint to a chosen memory address. When GDB reaches that point and breaks, you need to manually restore the original byte and EIP/RIP (in most cases). The rint3 command will fix that automatically (the int3 command was modified to store the needed information). For now it only supports a single int3 command. I used this trick to analyse the loader for Armadillo since GDB can’t breakpoint on it, but it will (as expected) intercept any int3 patches we manually insert. It’s still a pain having to copy & paste the address where we want to breakpoint but it’s better than manually fixing everything.
The latest version can always be found here.