Difference between revisions of "Command line GDB"
From Klaus' wiki
(Created page with '===Start gdb=== Open a program in gdb: $ gdb ./my_proggie Open a program in gdb with a '''core dump''': $ gdb ./my_proggie core Open a program in gdb and attach to PID: $ g…') |
|||
| Line 3: | Line 3: | ||
Open a program in gdb: | Open a program in gdb: | ||
| + | <source lang=gdb> | ||
$ gdb ./my_proggie | $ gdb ./my_proggie | ||
| + | </source> | ||
Open a program in gdb with a '''core dump''': | Open a program in gdb with a '''core dump''': | ||
| − | + | <source lang=gdb> | |
$ gdb ./my_proggie core | $ gdb ./my_proggie core | ||
| + | </source> | ||
Open a program in gdb and attach to PID: | Open a program in gdb and attach to PID: | ||
| − | + | <source lang=gdb> | |
$ gdb ./my_proggie 15835 | $ gdb ./my_proggie 15835 | ||
| + | </source> | ||
Open a program in gdb and execute all gdb commands in '''commands.gdb''': | Open a program in gdb and execute all gdb commands in '''commands.gdb''': | ||
| − | + | <source lang=gdb> | |
$ gdb -X commands.gdb ./my_proggie | $ gdb -X commands.gdb ./my_proggie | ||
| + | </source> | ||
gdb commands in ./.gdbinit is usually always executed | gdb commands in ./.gdbinit is usually always executed | ||
| Line 25: | Line 30: | ||
Use intel style disassembly: | Use intel style disassembly: | ||
| + | <source lang=gdb> | ||
$ set disassembly-flavor intel | $ set disassembly-flavor intel | ||
| + | </source> | ||
If a program fork wrong follow the child process: | If a program fork wrong follow the child process: | ||
| − | + | <source lang=gdb> | |
$ set follow-fork-mode child | $ set follow-fork-mode child | ||
| + | </source> | ||
Allow auto load of .gdbinit from all paths: | Allow auto load of .gdbinit from all paths: | ||
| − | + | <source lang=gdb> | |
$ set auto-load safe-path / | $ set auto-load safe-path / | ||
| + | </source> | ||
===Execute program=== | ===Execute program=== | ||
Execute the program: | Execute the program: | ||
| − | + | <source lang=gdb> | |
$ r | $ r | ||
| + | </source> | ||
Execute the program with arguments: | Execute the program with arguments: | ||
| − | + | <source lang=gdb> | |
$ r hello world | $ r hello world | ||
| + | </source> | ||
Execute the program with more complex arguments: | Execute the program with more complex arguments: | ||
| − | + | <source lang=gdb> | |
$ r $(python -c "print 'A' * 200 + '\xef\xbe\xad\xde'") | $ r $(python -c "print 'A' * 200 + '\xef\xbe\xad\xde'") | ||
| + | </source> | ||
Execute the program with '''stdin''' from a file: | Execute the program with '''stdin''' from a file: | ||
| − | + | <source lang=gdb> | |
$ r < some_file | $ r < some_file | ||
| + | </source> | ||
| − | + | Kill the running program: | |
| − | + | <source lang=gdb> | |
$ k | $ k | ||
| + | </source> | ||
Execute a shell command: | Execute a shell command: | ||
| − | + | <source lang=gdb> | |
$ shell cyclic 50 | $ shell cyclic 50 | ||
| + | </source> | ||
===Read memory=== | ===Read memory=== | ||
Disassemble 10 instructions from a specific address: | Disassemble 10 instructions from a specific address: | ||
| − | + | <source lang=gdb> | |
$ x/10i 0x08048956 | $ x/10i 0x08048956 | ||
| + | </source> | ||
Disassemble 10 instructions from current line: | Disassemble 10 instructions from current line: | ||
| − | + | <source lang=gdb> | |
$ x/10i $eip | $ x/10i $eip | ||
| + | </source> | ||
Dump a string from a specific address: | Dump a string from a specific address: | ||
| − | + | <source lang=gdb> | |
$ x/s 0x080492d4 | $ x/s 0x080492d4 | ||
| + | </source> | ||
Dump 10 hex words (4 byte integers) from a specific address: | Dump 10 hex words (4 byte integers) from a specific address: | ||
| − | + | <source lang=gdb> | |
$ x/10xw 0x080492d4 | $ x/10xw 0x080492d4 | ||
| + | </source> | ||
Dump 10 hex words from the stack: | Dump 10 hex words from the stack: | ||
| − | + | <source lang=gdb> | |
$ x/10xw $esp | $ x/10xw $esp | ||
| + | </source> | ||
Dump 100 hex bytes from a specific address: | Dump 100 hex bytes from a specific address: | ||
| − | + | <source lang=gdb> | |
$ x/100xb 0x080492d4 | $ x/100xb 0x080492d4 | ||
| + | </source> | ||
Dump 2 hex words relative to register: | Dump 2 hex words relative to register: | ||
| − | + | <source lang=gdb> | |
$ x/2xw $ebp - 0x8 | $ x/2xw $ebp - 0x8 | ||
| + | </source> | ||
===Read or change register=== | ===Read or change register=== | ||
Read register: | Read register: | ||
| − | + | <source lang=gdb> | |
$ i r eax ebx eip esp | $ i r eax ebx eip esp | ||
| + | </source> | ||
Change content of register: | Change content of register: | ||
| − | + | <source lang=gdb> | |
$ set $eax = 0 | $ set $eax = 0 | ||
| + | </source> | ||
===Breakpoints=== | ===Breakpoints=== | ||
Set breakpoint on a specific address: | Set breakpoint on a specific address: | ||
| − | + | <source lang=gdb> | |
$ b *0x080485ec | $ b *0x080485ec | ||
| + | </source> | ||
Set conditional breakpoint on a specific address: | Set conditional breakpoint on a specific address: | ||
| − | + | <source lang=gdb> | |
$ b *0x080485ec if $eax == 0 | $ b *0x080485ec if $eax == 0 | ||
| + | </source> | ||
List breakpoints: | List breakpoints: | ||
| − | + | <source lang=gdb> | |
$ i b | $ i b | ||
| + | </source> | ||
Delete breakpoint number 3: | Delete breakpoint number 3: | ||
| − | + | <source lang=gdb> | |
$ d 3 | $ d 3 | ||
| + | </source> | ||
Execute gdb commandos when a breakpoint is hit: | Execute gdb commandos when a breakpoint is hit: | ||
| − | + | <source lang=gdb> | |
$ b *0x080487cf | $ b *0x080487cf | ||
commands | commands | ||
| Line 126: | Line 154: | ||
continue | continue | ||
end | end | ||
| + | </source> | ||
Step one instruction: | Step one instruction: | ||
| − | + | <source lang=gdb> | |
$ si | $ si | ||
| + | </source> | ||
Step one instruction without following subroutine call (Step over): | Step one instruction without following subroutine call (Step over): | ||
| − | + | <source lang=gdb> | |
$ ni | $ ni | ||
| + | </source> | ||
Continue execution: | Continue execution: | ||
| − | + | <source lang=gdb> | |
$ c | $ c | ||
| + | </source> | ||
Revision as of 11:58, 25 May 2016
Contents
Start gdb
Open a program in gdb:
$ gdb ./my_proggie
Open a program in gdb with a core dump:
$ gdb ./my_proggie core
Open a program in gdb and attach to PID:
$ gdb ./my_proggie 15835Open a program in gdb and execute all gdb commands in commands.gdb:
$ gdb -X commands.gdb ./my_proggie
gdb commands in ./.gdbinit is usually always executed
gdb commands i ~/.gdbinit is usually always executed
gdb set up
Use intel style disassembly:
$ set disassembly-flavor intel
If a program fork wrong follow the child process:
$ set follow-fork-mode child
Allow auto load of .gdbinit from all paths:
$ set auto-load safe-path /
Execute program
Execute the program:
$ r
Execute the program with arguments:
$ r hello world
Execute the program with more complex arguments:
$ r $(python -c "print 'A' * 200 + '\xef\xbe\xad\xde'")
Execute the program with stdin from a file:
$ r < some_file
Kill the running program:
$ k
Execute a shell command:
$ shell cyclic 50Read memory
Disassemble 10 instructions from a specific address:
$ x/10i 0x08048956Disassemble 10 instructions from current line:
$ x/10i $eip
Dump a string from a specific address:
$ x/s 0x080492d4Dump 10 hex words (4 byte integers) from a specific address:
$ x/10xw 0x080492d4Dump 10 hex words from the stack:
$ x/10xw $esp
Dump 100 hex bytes from a specific address:
$ x/100xb 0x080492d4Dump 2 hex words relative to register:
$ x/2xw $ebp - 0x8
Read or change register
Read register:
$ i r eax ebx eip esp
Change content of register:
$ set $eax = 0Breakpoints
Set breakpoint on a specific address:
$ b *0x080485ecSet conditional breakpoint on a specific address:
$ b *0x080485ec if $eax == 0
List breakpoints:
$ i b
Delete breakpoint number 3:
$ d 3Execute gdb commandos when a breakpoint is hit:
$ b *0x080487cf commands set $eax = 0 continue end
Step one instruction:
$ si
Step one instruction without following subroutine call (Step over):
$ ni
Continue execution:
$ c
Thanks to
Robert Larsen www.the-playground.dk
