1. Install GDB enhancement tools (gef)
* GDB version greater than 7.7
* wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh
* Make sure network connectivity and successfully updated ubuntu (updated source.list using the apt-get update)
2. GDB install plug
git clone https://github.com/gatieme/GdbPlugins.git ~/GdbPlugins
echo "source ~/GdbPlugins/peda/peda.py" > ~/.gdbinit
echo "source ~/GdbPlugins/gef/gef.py" > ~/.gdbinit
echo "source ~/GdbPlugins/gdbinit/gdbinit" > ~/.gdbinit
3.Linux program publishing process
* Determine whether there is a symbol table program
readelf -s test-1
* Generate a symbol table
objcopy --only-keep-debug test-1 test-1.symbol
* Generate publisher
objcopy --strip-debug test-1 test-release
* Use the program debug symbol table
gdb -q --symbol=test-1.symbol --exec=test-release
Use 4.gdb syntax
Number of display lines is set listsize num disposed l
list / l (code / num) Check to see a function code or a look at the code lines other files l xxx.c:. (code / num)
break / b num break point conditional breakpoint b num if var == may be off to a function b func
continue / c skip to the next breakpoint
disable num failure of the breakpoint breakpoint re-enable num make effective
run / r operating procedures
Debugger is already running
info breakpoints view breakpoints delete / d num delete a breakpoint breakpoint list
Print the value of a variable debugging print / p code can also choose to print such a manner: Results p / d code print decimal p / s printing result string
p var = 100 modify memory
Performing a code at step / s with a function entry function
next / n code has the function of performing a skip
until / u out of the current cycle
finish to exit the current function
info locals to see all the local variables in the current function
bt View function call stack, such as: when entering a function bt it can know which function to call a function of the current entry or function which can be viewed at
info frame Print the stack so Information
x & code to view a variable memory address
#Observation Point
Whether watch var / add memory is changed if the change observed automatically break
gdb variables have the same name if the principle of proximity want to view any variables within a function watch func :: var
info watchpoints View observation point list
Whether rwatch var / add is read if the memory was observed is read Breakpoints
# Set snap point
catch event/throw
throw throw a C ++ exception catch throw
catch catch catch catch the exception of a C ++
Stop catch exec system call when calling exev exec
exec to start another program in a process
Stop when you call the catch fork fork fork system call
catch load / catch load libname when load / load libname loaded dynamic link library
unload
# Source code search
search var / func memory search only calls a function in memory or to search for
reverse-search var / func text search can not take up memory as long as the search code segments
# View Memory
x/nfu
n is a positive integer representative of the length of the memory with the number of u is un units (bytes)
F represents the same display format and print placeholder
x hexadecimal format
d decimal format
u hexadecimal format unsigned integer
o octal format
t binary formats
a hexadecimal format
c display format by character
f appear as floating-point format
u can be replaced with the following characters:
b represents a single byte
h double-byte
w represents four bytes
g represents the octet
A two-digit hexadecimal byte
Such as: Hex x / 3uh 0x80494a4 subsequent display only three unsigned two-byte address
x/3uh 0x80494a4 1 0 16
x/3xh 0x80494a4 0x0001 0x0000 0x0010
View array address p * arr @ len
# Insert command
In certain breakpoint is triggered to perform insert commands not really inserted in the source code
conmades bnum
...
...
end
Generally do not use scripts such as gef
################################################################################
5.gdb multi-process multi-threaded debugging
1 int main() 2 3 { 4 pid_t pid = fork();//创建子进程 5 if(pid == -1) 6 { 7 perror("fork error"); 8 return -1; 9 } 10 else if(pid == 0)//child 11 { 12 printf("i am a child:my pid is %d,my father is%d\n",getpid(),getppid()); 13 is } 14 the else // Father 15 { 16 the printf ( " I AM A Father: My IS PID% D \ n- " , getpid ()); . 17 the wait (NULL); // wait for the child 18 is } . 19 return 0 ; 20 is }
Inter ################## process is completely independent independently of each other but can communicate
fork and create a completely different child process parent process, two parallel processes are performed to see the CPU has random scheduling
fork return value is the parent process pid number of child processes
fork child process return value is 0
After blocking wait function waits for the child process exits the parent process only exit
## gdb determined in the process of tracking mode
Switching between show / set follow-fork-mode parent / child tracking of parent and child
detach-on-fork
show detach-on-fork tracking and process related only responsible on and off, the parent is responsible for tracking the parent process on / off, tracking child process is responsible for the child process on / off
parent on debugging only the parent process, the child process running
child on debugging only child process, the parent process uptime
parent off while debugging two processes, sub-processes suspended fork position
child off to debug two processes, the parent process suspended fork position
shell ps -ef | grep num / programName view to specify the program name or pid process shell ps -A view all processes
Switching between ## switchover process debugging process at the time of detach off
info inferiors to view the debug process
inferiors num Toggle debugging process
Process management #
add-inferior [-copies n] a copy process list num process -copies +
[-Exec executable] open a new path to the program's process +
detach
kill
remove-inferior removal process
###########Multithreading
show / set scheduler-locking off the lock does not lock any thread other threads on only the current thread executes step only the thread running debugging
gdb version is too low may not be able to lock
info thread View all threads
threads num switch to the specified thread
. 1 int main () 2 { . 3 pthread_t TID1, TID2; . 4 pthread_create (& TID1, NULL, Thread1, NULL); // Create a thread. 1 . 5 pthread_create (& TID2, NULL, Thread2, NULL); // Create a thread 2 . 6 pthread_join ( TID1, NULL); // wait for a thread. 1 . 7 pthread_join (TID2, NULL); // wait for a thread 2 . 8 return 0 ; . 9 }
After switching to the specified thread debug, breakpoint hit the thread does not interfere with the primary function of the main thread will execute three threads so