gdb help
A few gdb notes that should help with the bomb-defusing and buffer-overflow projects.
Miscellaneous
$ gcc -g ... | include symbols (e.g., function & variable names) in the executable |
$ gdb executable | run gdb on the specifed executable |
$ gdb sourcefile.c | nope; doesn't work |
(gdb) [Enter] | run the previous command again |
(gdb) [Ctrl-L] | clean up the "layout" display when it gets corrupted |
(gdb) help name-of-command | get help |
Look at code
list | View code near wherever you last left off |
layout src | 2-panel display, C on top and (gdb) prompt on bottom |
layout asm | 2-panel display, assembly on top |
Breakpoints
x/1ss addr | View a null-terminated string |
x/5xw addr | View the 5 4-byte words starting at addr in hexadecimal |
x/5xg addr | View the 5 8-byte "giant" words starting at addr |
Running & stepping through code
run | Start the program from beginning |
r | Start the program from beginning |
r [args...] | Include command-line arguments |
continue | Continue execution from a breakpoint |
c | Continue execution from a breakpoint |
stepi | Execute one instruction (step into function calls) |
si | Execute one instruction (step over function calls) |
nexti | Execute one instruction (step into function calls) |
ni | Execute one instruction (step over function calls) |
finish | Step out of the current function |
fi | Step out of the current function |
Examining registers
info reg | View all register contents |
i r | View all register contents |
i r rax rbx | View the contents of the specified registers |
i r eax | View the contents of the specified register |
i r eflags | View which bits are set in the EFLAGS register |
Examining memory
x/nfu addr allows us to examine memory starting at addr. Here:
- n = number of chunks of memory to examine
- f = the format in which to display the chunks
- u = the size unit of each chunk
Do help x to get the possible values of f and u.
x/1ss addr | View a null-terminated string |
x/5xw addr | View the 5 4-byte words starting at addr in hexadecimal |
x/5xg addr | View the 5 8-byte "giant" words starting at addr |