Summary of GDB Hints
Post date: Nov 3, 2009 6:11:32 PM
Some GDB usage tips collected from messages posted on the mailing list.
- Prevent bomb explosion:
- (gdb) b explode_bomb
- then when the program is stopped by the debugger, check if the function has been triggered.
- Tracing execution at assembly level. At the beginning of each gdb session, it would help to enter this command first:
- (gdb) display /i $pc
- then gdb will show the upcoming instruction each time your program steps.
- (gdb) nexti # next instruction, skips over function calls. (gdb) ni # shorthand for nexti (gdb) stepi # step instruction, steps into function calls. (gdb) si # shorthand for stepi
- To see the content of registers,
- (gdb) info registers (gdb) i r # shorthand for info registers. Note the space.
- To disassemble a function without running it,
- (gdb) disassemble addr (gdb) disas addr # shorthand for disassemble
- The address "addr" can be a symbol name (e.g. phase_1) or address (e.g. 0x08048ea6) or a register (e.g. $pc).
- To examine memory content,
- (gdb) x /fmt addr
- where /fmt specifies the format at the memory location "addr". Some examples:
- (gdb) x /s 0x8049890 # shows the string at address 0x8049890 (gdb) x /16bc $esi # shows 16 bytes of characters at $esi (gdb) x /4wx &node1 # shows 4 words of hex at symbol name node1 (gdb) x /6wx $ebp - 0x20 # shows 6 words of hex at address $ebp - 0x20.
- Notice that &node1 is the address of that symbol. If you omit the &, it would try to read a word value at that memory location, and then use the value as the address to show for the x command.
- If you see a constant that seems to refer to a memory location, and if you want to see if there is a symbol associated with that address, you can lookup the symbol name like this:
- (gdb) info symbol 0x08048cfb phase_2 in section .text (gdb) info symbol 0x804a5fc node1 in section .data
- Sometimes the symbol name reveals intent of the program.