CyberCheatsheets

GDB (GEF / Pwndbg) Cheat Sheet

GNU debugger for binary analysis with GEF or Pwndbg for heap, registers, and exploit-oriented views.

Exploitation & PayloadsbinarydebuggergefpwndbgUpdated 2026-06-02

Overview

GDB debugs native binaries at runtime. GEF (GDB Enhanced Features) and Pwndbg add context panels, heap commands, ROP search, and VMmap — essential for exploit development and crash triage.

Authorized testing only. Use only on systems, networks, and accounts you own or have explicit written permission to test. Unauthorized access is illegal.

Install

sudo apt install -y gdb gdb-multiarch

GEF

bash -c "$(curl -fsSL https://gef.blah.cat/sh)"

Pwndbg (alternative — do not load both at once)

git clone https://github.com/pwndbg/pwndbg
cd pwndbg && ./setup.sh

Verify

gdb -q -ex "pi print('gef ok')" -ex quit ./binary 2>/dev/null || true

Essential commands

Start / attach

gdb ./vuln
gdb -q ./vuln -ex 'run $(python3 -c "print(\"A\"*100)")'
gdb -p $(pidof vuln)

Inside GDB (all flavors)

break main
break *0x401234
run
continue
next / step / finish
info registers
x/20gx $rsp
disas main
quit

Common workflows

Find buffer overflow offset —

gdb ./vuln
run < <(python3 -c "from pwn import cyclic; import sys; sys.stdout.buffer.write(cyclic(300))")

Inspect crash context (GEF) —

gdb ./vuln
run

On crash

context                    # regs + stack + code
heap chunks               # glibc heap layout
checksec                  # NX, PIE, Canary, etc.
vmmap

In pwndbg

context
telescope $rsp 20
vmmap
rop --grep "pop rdi"
search -t string "/bin/sh"
got
plt

Target

gdbserver 0.0.0.0:1234 ./vuln

Attacker

gdb ./vuln
target remote 10.10.10.5:1234
continue

Conditional breakpoints —

break *0x4012a0 if $rax == 0x41
commands
silent
printf "hit with rax=%p\n", $rax
continue
end

Flags reference

start

Begin at program entry (no main yet)

starti

Stop at first instruction

info breakpoints

List breakpoints

delete N

Remove breakpoint

watch (long)0x601010

Break on memory write

set disable-randomization on

ASLR off for session

set follow-fork-mode child

Trace child after fork

gef config / pwndbgconfig

Plugin settings

Tips

  • Use gdb-multiarch for ARM/MIPS: set architecture arm.
  • gef-remote / pwndbg + target remote for debugging VMs without symbols on host copy.
  • pie break *main works when PIE is enabled (GEF).
  • vmmap before writing exploits — confirm NX and executable regions.
  • Do not load GEF and Pwndbg together; pick one in ~/.gdbinit.

References

Chuletas relacionadas