gdb
Start gdb:
gdb file
Exit gdb:
q
Breakpoints:
b main set break point at beginning of function main
b phase_1 set break at function phase_1
b *0x08405800 break at address 0x08405800
b *(phase_1 + 0x55) break
disable 1 disable (but don't delete) breakpoint number 1
enable 1 enable existing breakpoint number 1
delete 1 delete breakpoint 1
delete delete all breakpoints
clear phase_1 delete all breakpoints in function phase_1
Conditional Breakpoints:
cond 3
Running:
r (re)run the program (from the beginning)
Examining data:
p command (print)
p $eax print contents of register %eax (Use $eax not %eax)
p $ebp + 8 print the address R[%ebp] + 8
p/d $eax print contents of %eax in decimal
p/x $eax print contents of %eax in hex
p/a $ebp print contents of $ebp as an address
p/d 0x24 print decimal value of 0x24
p/x 36 print hex value of 36
p 0x24 print decimal value of 0x24
p 0x08405800 prints decimal value of 0x08405800
p/x 0x088405800 prints 0x08405800
printf command:
printf "$eax = %d\n", $eax
x command (eXamine)
Syntax: x/nfu
n = number of units (optional, default is 1)
f = format: t (binary), d(decimal), x(hex), c(char), s(string),
a(address), i(instruction)
u = unit size: b, h, w, g (for 1, 2, 4, or 8 bytes)
x $eax prints address in $eax AND the contents of that address
x/d $eax prints address in $eax (in hex) AND contents of
that address in decimal
x/s $eax address in $eax (in hex) AND the string
beginning at that address
x/x $ebp + 8 prints address R[%ebp] + 8 and the contents at
that address in hex
x/xw $ebp + 8 address R[%ebp] + 8 and 4 byte contents in hex
x/2xw $ebp + 8 address R[%ebp] + 8 and two 4 byte values (in hex)
starting at that address
x $_ prints address last examined by x command and
its contents
x $__ prints contents of last address examined as an
address AND prints ITS contents
x/x *(int *)($ebp + 8)
prints the address stored at R[$ebp] + 8 AND
its contents (in hex)
x/s *(int *)($ebp + 8)
prints the address stored at R[$ebp] + 8 AND
the string beginning at that address.
Automatic examining:
watch $eax stop the program and display %eax EVERY time it
changes;
delete 3 watch points are listed and deleted with break points;
so if 3 is a watch point, this deletes it
display $eax display the value of %eax whenever the program
stops; e.g. at each break point
undisplay cancel display's
Examining Code:
disas shows the assembler code for the function
containing the current instruction address
disas phase_1 shows the assembler code for function phase_1
disas 0x08048579 shows the assembler code for function
containing the address 0x08048579
disas $eip $eip + 24
shows assembler code for address range R[%eip]
to R[%eip] + 24
Help/Info
bt prints where you are and a back trace.
where prints where you are and a back trace.
help info
info b shows (numbered) break points (enabled and disabled)
info stack shows instruction addresses in each function
currently on call stack
info reg displays registers and contents and condition codes
info frame shows stack frame info