gdb

Start gdb:
   gdb file

Exit gdb:
   q

Breakpoints:
   b main              set break point at beginning of function main
   b phase_1           set break at function phase_1
   b *0x08405800       break at address 0x08405800
   b *(phase_1 + 0x55) break
   disable 1           disable (but don't delete) breakpoint number 1
   enable  1           enable existing breakpoint number 1
   delete 1            delete breakpoint 1
   delete              delete all breakpoints
   clear phase_1       delete all breakpoints in function phase_1


Conditional Breakpoints:
   cond 3 
Running:
   r                   (re)run the program (from the beginning)

Examining data:
p command (print)
   p $eax              print contents of register %eax (Use $eax not %eax)
   p $ebp + 8          print the address R[%ebp] + 8
   p/d  $eax           print contents of %eax in decimal
   p/x  $eax           print contents of %eax in hex
   p/a  $ebp           print contents of $ebp as an address
   p/d  0x24           print decimal value of 0x24
   p/x  36             print hex value of 36
   p    0x24           print decimal value of 0x24
   p 0x08405800        prints decimal value of 0x08405800
   p/x 0x088405800     prints 0x08405800

printf command:
   printf "$eax = %d\n", $eax  
                    
x command (eXamine)
Syntax:  x/nfu
      n = number of units (optional, default is 1)
      f = format: t (binary), d(decimal), x(hex), c(char), s(string),
	          a(address), i(instruction)
      u = unit size: b, h, w, g (for 1, 2, 4, or 8 bytes)

   x $eax              prints address in $eax AND the contents of that address
   x/d $eax            prints address in $eax (in hex) AND contents of
                       that address in decimal
   x/s $eax            address in $eax (in hex) AND the string
                       beginning at that address
   x/x $ebp + 8        prints address R[%ebp] + 8 and the contents at
                       that address in hex
   x/xw $ebp + 8       address R[%ebp] + 8 and 4 byte contents in hex
   x/2xw $ebp + 8      address R[%ebp] + 8 and two 4 byte values (in hex)
                       starting at that address
   x  $_               prints address last examined by x command and
                       its contents
   x  $__              prints contents of last address examined as an
                       address AND prints ITS contents

   x/x *(int *)($ebp + 8) 
                       prints the address stored at R[$ebp] + 8 AND
                       its contents (in hex)

   x/s *(int *)($ebp + 8) 
                       prints the address stored at R[$ebp] + 8 AND
                       the string beginning at that address.

Automatic examining:
   watch $eax          stop the program and display %eax EVERY time it
                       changes; 
   delete 3            watch points are listed and deleted with break points;
                       so if 3 is a watch point, this deletes it
         
   display $eax        display the value of %eax whenever the program
                       stops; e.g. at each break point
   undisplay           cancel display's
   



Examining Code:
   disas               shows the assembler code for the function
	               containing the current instruction address
   disas phase_1       shows the assembler code for function phase_1
   disas 0x08048579    shows the assembler code for function
                       containing the address 0x08048579

   disas $eip $eip + 24 
	               shows assembler code for address range R[%eip]
	               to R[%eip] + 24

Help/Info
   bt                  prints where you are and a back trace.
   where               prints where you are and a back trace.

   help info
   info b              shows (numbered) break points (enabled and disabled)
   info stack          shows instruction addresses in each function
                       currently on call stack
   info reg            displays registers and contents and condition codes
   info frame          shows stack frame info