posted Nov 3, 2009, 10:11 AM by Likai Liu
Some GDB usage tips collected from messages posted on the mailing list.
- Prevent bomb explosion:
(gdb) b explode_bomb
then when the program is stopped by the debugger, check if the function has been triggered.
- Tracing execution at assembly level. At the beginning of each gdb session, it would help to enter this command first:
(gdb) display /i $pc
then gdb will show the upcoming instruction each time your program steps.
(gdb) nexti # next instruction, skips over function calls.
(gdb) ni # shorthand for nexti
(gdb) stepi # step instruction, steps into function calls.
(gdb) si # shorthand for stepi
To see the content of registers,
(gdb) info registers
(gdb) i r # shorthand for info registers. Note the space.
- To disassemble a function without running it,
(gdb) disassemble addr
(gdb) disas addr # shorthand for disassemble
The address "addr" can be a symbol name (e.g. phase_1) or address (e.g. 0x08048ea6) or a register (e.g. $pc).
- To examine memory content,
(gdb) x /fmt addr
where /fmt specifies the format at the memory location "addr". Some examples:
(gdb) x /s 0x8049890 # shows the string at address 0x8049890
(gdb) x /16bc $esi # shows 16 bytes of characters at $esi
(gdb) x /4wx &node1 # shows 4 words of hex at symbol name node1
(gdb) x /6wx $ebp - 0x20 # shows 6 words of hex at address $ebp - 0x20.
Notice that &node1 is the address of that symbol. If you omit the &, it would try to read a word value at that memory location, and then use the value as the address to show for the x command.
- If you see a constant that seems to refer to a memory location, and if you want to see if there is a symbol associated with that address, you can lookup the symbol name like this:
(gdb) info symbol 0x08048cfb
phase_2 in section .text
(gdb) info symbol 0x804a5fc
node1 in section .data
Sometimes the symbol name reveals intent of the program.