Is GDB just for bug hunting?
Paul Koning
paulkoning@comcast.net
Wed Apr 14 18:48:21 GMT 2021
> On Apr 14, 2021, at 2:37 PM, Jason Long <hack3rcon@yahoo.com> wrote:
>
> Thank you for your useful info.
> If a program is close source, then code review canceled. Thus, how a security researcher finds a vulnerability in a program?
Agreed, code review only applies if the source is visible. More precisely, if the source is allowed to be disclosed; researchers looking at the code while under NDA does not count and serves no significant purpose.
In those case, you're left with test stimuli and reverse engineering. For "never seen before" defects, you either need luck (an existing test happens to catch it) or a different kind of luck (you created a new test that happens to catch it) or lots of skill (you saw the issue during a reverse engineering session).
GDB can help with reverse engineering. It's probably not ideal for disassembly let alone decompiling, but it does offer disassembly and it also gives you insight into the state of the running application and how it changes during execution.
paul
More information about the Gdb
mailing list