Summary of GDB Hints

Post date: Nov 3, 2009 6:11:32 PM

Some GDB usage tips collected from messages posted on the mailing list.

    • Prevent bomb explosion:
      • (gdb) b explode_bomb
      • then when the program is stopped by the debugger, check if the function has been triggered.
    • Tracing execution at assembly level. At the beginning of each gdb session, it would help to enter this command first:
      • (gdb) display /i $pc
      • then gdb will show the upcoming instruction each time your program steps.
      • (gdb) nexti # next instruction, skips over function calls. (gdb) ni # shorthand for nexti (gdb) stepi # step instruction, steps into function calls. (gdb) si # shorthand for stepi
    • To see the content of registers,
      • (gdb) info registers (gdb) i r # shorthand for info registers. Note the space.
    • To disassemble a function without running it,
      • (gdb) disassemble addr (gdb) disas addr # shorthand for disassemble
      • The address "addr" can be a symbol name (e.g. phase_1) or address (e.g. 0x08048ea6) or a register (e.g. $pc).
    • To examine memory content,
      • (gdb) x /fmt addr
    • where /fmt specifies the format at the memory location "addr". Some examples:
      • (gdb) x /s 0x8049890 # shows the string at address 0x8049890 (gdb) x /16bc $esi # shows 16 bytes of characters at $esi (gdb) x /4wx &node1 # shows 4 words of hex at symbol name node1 (gdb) x /6wx $ebp - 0x20 # shows 6 words of hex at address $ebp - 0x20.
      • Notice that &node1 is the address of that symbol. If you omit the &, it would try to read a word value at that memory location, and then use the value as the address to show for the x command.
    • If you see a constant that seems to refer to a memory location, and if you want to see if there is a symbol associated with that address, you can lookup the symbol name like this:
      • (gdb) info symbol 0x08048cfb phase_2 in section .text (gdb) info symbol 0x804a5fc node1 in section .data
      • Sometimes the symbol name reveals intent of the program.