Start and exit GDB
GDB (the GNU Project Debugger) is suitable for almost all Unix-like systems, small and convenient and yet powerful, Linux / Unix programmers often use it to debug the program.
In general there are several ways to start a few GDB
gdb (without any parameters), if you do not want to print authorization information plus -silent parameter
gdb executable file
gdb executable file core
pid process of running gdb
To exit GDB there are two ways
quit
ctrl+d
Command table (memory)
breakpoint related commands
GDB command parameters common sense exemplary
breakpoint address at break, can be abbreviated as b. Address types include: function name, source file line number, * main memory address BREAK, BREAK 12, BREAK * 0x08048373
Watch expression expression value is changed the program will stop watch * ((int *) 0x80d1ba8 ) immediately
clear address and break contrast, clear main clear breakpoints on the specified address, 12 is Clear, Clear * 0x08048373
info break breakpoint information display, including all breakpoints number, type, enabling state, the address and the location of break info
disable a disabled breakpoint number breakpoint 1 disable
enable enable a disabled breakpoint number of 1 breakpoint enable
the delete to delete a breakpoint breakpoint number, can be abbreviated as d delete 1
command is executed
meaning of the parameters commonly used example GDB command
run command-line parameters to run the program, can be abbreviated is r run vuln
process attach process debugging No. 1022 has been running attach
the continue number (optional) continue to implement, can be abbreviated as 4 CC
the Next number (optional) single step (do not enter function calls), can be abbreviated as 4 nn
the sTEP times (optional) single step (entering function calls), abbreviated as ss 4 may be
performed unitl source file line numbers in the execution address Off 18 can be abbreviated as the Uu
Finish - run the current function until the function exits -
return - immediately exit the current function -
information view the command
parameters common sense example GDB commands
info reg, break, file, args , frame, functions to display various information, info can be abbreviated as i info reg
current function call stack displays the number of frames of the backtrace information can be abbreviated as BT BT
Print / exp f, where f represents a modification, an expression exp, Print display expression can be abbreviated as p values, format: x (hexadecimal), c (character) or the like, print may be abbreviated as PP / C 0x41, P / X 1024, P STR, P / X $ EAX
X / Nfu addr, where n represents the number, f denotes format, u represents the size of the unit, if the address is not set then the last x command displays the specified address after the contents of the address formats are: x (hexadecimal), s (string), I (command) and the like, with a cell size b, h, w, g, b is a byte sequentially twice as large than the previous one X / PC 4i $, X / 16xb $ SP, X / S * (the argv +. 1), X / S 0xbffffc52
List line number, address, or if the function is a program debugging signed compiled , then the list command to list the program source code, list file.c can be abbreviated as LL: 19
disas s function name disassemble the specified function, the default is the current function disass main
other common commands
GDB command parameters meaning commonly exemplary
parameter set set is very large, specifically refer to help set the set value set var = 4, set {int } 0xbffffc52 = 50, set } int {(ESP +. 4 $) = $ EIP
shell outside the outer shell command shell command shell ps -ef
More commonly used commands, such as p, x, disass, break, si, ni, c, finish, set, fly in the ointment is no GDB built-in search function of memory, we can customize a macro script and save the file in the user directory .gdbinit It can be.
Check local variables
info local
Check the value of the memory address and the stack
See gdb memory address specified address value: examine X ----- abbreviations used gdb> help x to view the use
x / (n, f, u is an optional parameter)
n-: the number of memory cells to be displayed, i.e. several memory cells of the display content from the current address back, the size of a memory cell is defined by the following u
f: display format
x (hex) displayed in hexadecimal format variable.
d (decimal) variable display in decimal format.
u (unsigned decimal) displays an unsigned integer in decimal format.
o (octal) display variable octal format.
t (binary) variables displayed in binary format.
a (address) displayed in hexadecimal format variable.
c (char) display by the variable character format.
f (float) floating-point format by the display variable
u: size of each cell is calculated according to the number of bytes. The default is 4 bytes. GDB will read from the specified memory address specified byte, and the value of it as a take out and use the display format to f
b: 1 byte h: 2 bytes w: 4 bytes g: 8 bytes
, such as x / 3uh 0x54320 represents read from the memory address 0x54320, h expressed in two-byte units, 3 denotes an output unit 3, u represents displayed in hexadecimal.
from http://www.cnblogs.com/super119/archive/2011/03/26/1996125.html
gdb print value of the expression: print / f expression
f is the format of the output, x / d / u / o / t / a / c / f
The expression can be a constant const contents of the current program, variables, functions, etc., but GDB can not use the program as defined macros
View the current program stack contents: x / 10x $ sp -> the first 10 elements of the print stack
to view information about the current program stack: info frame ---- list general info about the frame
to view the parameters of the current program stack: info args --- lists arguments to the function
to view the current program stack of local variables: info locals --- list variables stored in the frame
to view the current value of the register: info registers (not including the floating-point registers) info all-registers (floating point comprising register)
to view the current stack frame exception handlers: info catch (exception handlers)