How to break on instruction with a specific opcode in GDB?

Question

I have the assembly code of some code that will be executed at a point in the program. I don\'t know the address of the code in memory.

Is it possible to make gdb br

Answer 1

As others said, it is likely impossible to do it efficiently because there is no hardware support.

But if you really want to do it, this Python command can serve as a starting point:

class ContinueI(gdb.Command):
    """
Continue until instruction with given opcode.

    ci OPCODE

Example:

    ci callq
    ci mov
"""
    def __init__(self):
        super().__init__(
            'ci',
            gdb.COMMAND_BREAKPOINTS,
            gdb.COMPLETE_NONE,
            False
        )
    def invoke(self, arg, from_tty):
        if arg == '':
            gdb.write('Argument missing.\n')
        else:
            thread = gdb.inferiors()[0].threads()[0]
            while thread.is_valid():
                gdb.execute('si', to_string=True)
                frame = gdb.selected_frame()
                arch = frame.architecture()
                pc = gdb.selected_frame().pc()
                instruction = arch.disassemble(pc)[0]['asm']
                if instruction.startswith(arg + ' '):
                    gdb.write(instruction + '\n')
                    break
ContinueI()

Just source it with:

source gdb.py

and use the command as:

breaki mov
breaki callq

and you will be left on the fist instruction executed with a given opcode.

TODO: this will ignore your other breakpoints.

For the particular common case of syscall, you can use catch syscall: https://reverseengineering.stackexchange.com/questions/6835/setting-a-breakpoint-at-system-call