Reputation: 21
Is there a way of mainpulating the zero flag in gdb?
i want to reverse engineer an executable and in process i want to cause a stack overflow, because of the strcpy function. When disassembling there is a jne after a compare and when is false code continues to an exit function and as a result exiting the program.If it is true it jumps and goes to a custom function, where the strcpy is used.I was thinking that i have to manipulate the zero flag to avoid calling the exit function.Is my thought correct and if so is there a technique in gdb to use? Thank you in the process
Upvotes: 2
Views: 2756
Answers (1)
Reputation: 33717
I assume this is about x86. You can set the EFLAGS register (which contains ZF) using:
(gdb) set $eflags = 0
This will clear all bits that can actually be cleared, including the ZF bit. If you just want to clear the ZF flag, you can use the fact that its bit has value 0x40:
(gdb) set $eflags = $eflags & ~0x40
info reg eflags shows the effect of such manipulations.
Upvotes: 3
Related Questions
- Can a gdb backtrace somehow omit the argument values?
- tell gdb to disassemble "unknown" code
- Stopping at the first machine code instruction in GDB
- Is there a way to completely disable gdb output?
- gdb: breakpoint when register will have value 0xffaa
- load a fake debug symbol in gdb when debugging a stripped program
- GDB print binary with leading zeros
- Stripping all but specified debug information from executable
- How to make gdb show negative numbers during disassembly
- Using GDB without debugging symbols on x86?