Some GDB usage tips collected from messages posted on the mailing list.
Prevent bomb explosion:
(gdb) b explode_bomb
then when the program is stopped by the debugger, check if the function has been triggered.
Tracing execution at assembly level. At the beginning of each gdb session, it would help to enter this command first:
(gdb) display /i $pc
then gdb will show the upcoming instruction each time your program steps.
(gdb) nexti # next instruction, skips over function calls. (gdb) ni # shorthand for nexti (gdb) stepi # step instruction, steps into function calls. (gdb) si # shorthand for stepi
To see the content of registers,
(gdb) info registers (gdb) i r # shorthand for info registers. Note the space.
To disassemble a function without running it,
(gdb) disassemble addr (gdb) disas addr # shorthand for disassemble
The address "addr" can be a symbol name (e.g. phase_1) or address (e.g. 0x08048ea6) or a register (e.g. $pc).
To examine memory content,
(gdb) x /fmtaddr
where /fmt specifies the format at the memory location "addr". Some examples:
(gdb) x /s 0x8049890 # shows the string at address 0x8049890 (gdb) x /16bc $esi # shows 16 bytes of characters at $esi (gdb) x /4wx &node1 # shows 4 words of hex at symbol name node1 (gdb) x /6wx $ebp - 0x20 # shows 6 words of hex at address $ebp - 0x20.
Notice that &node1 is the address of that symbol. If you omit the &, it would try to read a word value at that memory location, and then use the value as the address to show for the x command.
If you see a constant that seems to refer to a memory location, and if you want to see if there is a symbol associated with that address, you can lookup the symbol name like this:
(gdb) info symbol 0x08048cfb phase_2 in section .text (gdb) info symbol 0x804a5fc node1 in section .data
Sometimes the symbol name reveals intent of the program.