Operator On The Wire
Join
← Back to Knowledge Base
BLUE TEAM / MALWARE REVERSE / ANALYSIS / STATIC / DISASSEMBLY / ASM

Setting

ActionCommandDescription
Set registerset $rax = 1Directly modify a register value
Set memory (value)set {int}0x404000 = 1337Write value to memory address
Set memory (byte)set {char}0x404000 = 0x90Write single byte (useful for patching / NOPs)
Set instruction (opcode)set {unsigned char}($rip) = 0x90Patch instruction at current RIP
Set multiple bytesset {char[3]}0x401000 = {0x90,0x90,0x90}Patch sequence (NOP sled etc.)
Redirect executionset $rip = 0x401000Jump execution to arbitrary address
Force return valueset $rax = 0Control function return result
Skip instructionset $rip += 2Skip current instruction (size-dependent!)
Modify stackset {long}$rsp = 0xdeadbeefOverwrite stack content
Fake argumentset $rdi = 0x404000Change function argument (SysV ABI)
Force syscall numberset $rax = 59Change syscall (e.g. execve)
Modify flags`set $eflags= 0x40`Set Zero Flag (ZF = 1)
Clear flagsset $eflags &= ~0x40Clear Zero Flag
Force condition (ZF=1)`set $eflags= (1 << 6)`Make jz always taken
Force condition (ZF=0)set $eflags &= ~(1 << 6)Make jnz always taken
Inject syscallPatch + syscall opcodeManually execute syscalls via RIP patching
Overwrite stringset {char[8]}0x404000 = "/bin/sh"Inject strings into memory
Continue executioncontinue / cResume execution
Step instructionsiStep one instruction
Step overniStep over calls
Breakpointb *0x401000Set breakpoint at address
Delete breakpointdelRemove breakpoints