While searching the web for some GDB patches I stumbled upon this fix to assemble function from gdbinit by Tavis Ormandy (good work!). I modified it a little bit to work with Mac OS X. This function allows you to assemble directly (using nasm, Intel format) to running program or just output the correspondent opcodes for your assembly input. Type help assemble. Very useful to get the opcodes you need to patch the binary....
I wanted to recompile GDB so I can modify its source and add some custom patches to enhance its output… Easier said than done! There’s not much information around about this and my first attempt was by downloading GDB source package from Apple and trying to compile it. Didn’t compile out of the box so I had to fix here and there and finally it compiled, but then it didn’t work....
End of the year is slow and I was a bit inspired so I decided to hack around another features I was missing from gdbinit! First one is about conditional jump display. Original gdbinit doesn’t tell you what will be the decision that will be taken on a conditional jump. You must look at the flags and check that! Well… I can’t memorize this kind of stuff (in reality I can but it’s useless so I refuse to) and computers were created to automate tasks!...
While I was messing with gdbinit three weeks ago, I added a small feature that displays the messages being sent to objc_msgSend. Usually I follow the otool or IDA dump and see what’s being sent, but that it’s not very practical! So I made a dirty hack with gdbinit so that information appears automatically into GDB window. It’s not very pretty, but gdbinit is very limited 😦. Example: gdb$ 0x00002bc5 in main () --------------------------------------------------------------------------[regs] EAX: 9FF43924 EBX: 00002B9D ECX: 9FF37B64 EDX: 00403250 o d I t S z a P c ESI: BFFFF8F4 EDI: BFFFF898 EBP: BFFFF838 ESP: BFFFF7F0 EIP: 00002BC5 CS: 0017 DS: 001F ES: 001F FS: 0000 GS: 0037 SS: 001F [001F:BFFFF7F0]----------------------------------------------------------[stack] BFFFF840 : 01 00 00 00 98 F8 FF BF - A0 F8 FF BF F4 F8 FF BF ....
There is a new version of original +mammon gdbinit, 7.0 (available at http://truthix.dump.cz/files/.gdbinit). GDB version used by Apple has some problems with it (doesn’t recognize global variables outside each function) so it needed some fixes to work. I have changed the colors and removed the data window display (personally I don’t think it’s useful, edit define context and remove the comment for datawin). Grab it here: gdbinit If you want to see what was changed, just diff the two versions!...