In 2022, while one of our researchers was developing our Linux Binary Exploitation training, he approached me with a curious issue. During the exploitation of the simplest case of a stack-based buffer overflow, the shellcode was being corrupted on GDB. It took us a while to figure out what was happening, but we understood it. At least, we thought we had understood.
I revisited that topic this week to teach the students of our training about that case and I noticed something that I hadn’t noticed back then. I noticed that the behavior he faced was an illusion! I then started to write this blog post aiming to show the illusion GDB creates and in the middle of it, when experimenting on GDB, I came across weird behaviors that I didn’t understand immediately.
That journey led me to discover much more about GDB than I knew when I started this blog post. The main points I discovered about GDB are that a breakpoint hit is not always caused by hardware or software breakpoints, and that GDB has a feature called Displaced Stepping (or Out-Of-Line execution) that hides the execution of instructions from the user.
Continue reading “Why is my shellcode being corrupted?”