how debuggers work int3 and ptrace

beej’s quick guide to gdb

help command. lots of stuff

  • ni next instruction. next / nexti
  • si step stepi
  • info all-registers registers
  • where
  • jump
  • display $rax - always print rax. display/10i *$rip
  • x/10i $pc - next 10 instructions
  • x/10x $sp look at stack. x/s look at string
  • list *$rip shows you a few lines before and after
  • layout split asm src. tui disable. tui enable


python debugger breakpoint

Core Crash Dumps


Stack unwindning

snetry crash reporting as a service

core dumps

pwnlib corefile crashpad newer breakpad

Linux turn on core dumps. ulimit

apport reporter

ECFS Ryan’s extended core file snapshotting


symbolication - annotating symbols back in debugger from scratch how windbg works expert windbg debugging

dynamorio frida are kind of like debuggers. Binary instrumentation

Fault localization


lldb - fast expression exavliation. llvm debugger.

ptrace - see binary patching

int1 int3

RAD Debugger machine architecture assisted debgged rr - time travel debugging timeless debugger windbg Time trvael debugging

  • pwndbg
  • heap commands. For exminging heap structur

  • gef can track malloc and free. That makes sense

  • gdb - See notes in C.
  • cemu an ide of sorts for writing assembly and running it
  • [ollydbg]
  • edb an ollydbg for linux. Seems nice. A graphical debugger.
  • x64dbg windows only