echo '/tmp/core.%e.%p.%t' | sudo tee /proc/sys/kernel/core_pattern
(gdb) info sharedlibrary
gdb -ex "layout asm" ./foo gdb -q ./foo -ex "b main" -ex "r"
set history save
set confirm off
set disassemble-next-line on
set disassembly-flavor intel
l : load debug file default f : file
1、examine命令(简写是x)来查看内存地址中的值
gdb x/nfu ADDR
n 是一个正整数,表示显示内存的长度,也就是说从当前地址向后显示几个地址的内容。
f 表示显示的格式,如果地址所指的是字符串,那么格式可以是s,如果地十是指令地址,那么格式可以是i。
u 表示从当前地址往后请求的字节数,如果不指定的话,GDB默认是4个bytes。u参数可以用下面的字符来代替,b表示单字节,h表示双字节,w表示四字 节,g表示八字节。当我们指定了字节长度后,GDB会从指内存定的内存地址开始,读写指定字节,并把其当作一个值取出来。
举例:
(gdb) x/9i 0x7c00
0x7c00: cli
=> 0x7c01: cld
0x7c02: xor %ax,%ax
0x7c04: mov %ax,%ds
0x7c06: mov %ax,%es
0x7c08: mov %ax,%ss
0x7c0a: in $0x64,%al
0x7c0c: test $0x2,%al
0x7c0e: jne 0x7c0a
- Compile with debugging symbols using the
-g
flag ingcc
. - Run program with
gdb
:
$ gdb program_name
$ (gdb) r[un] arg1 "arg2" ...
Resuming code:
c[ontinue]
Step into (C):
s[tep]
Step over (C):
n[ext]
Step out of a function (C):
f[inish]
Step into (Assembly):
s[tep]i
Step over (Assembly):
n[ext]i
Set breakpoint at a line:
b[reak] file:line_num
Set breakpoint at a function:
b[reak] function_name
Delete all break points:
d[elete]
Delete a specific breakpoint:
d[elete] b[reakpoints] breakpoint_number
Viewing registers:
i[nfo] r[egisters] register_name
Setting registers:
set $register_name = value
View a variable:
p[rint] var
Dereference a variable:
p[rint] *var
View reference:
p[rint] &var
View struct fields:
p[rint] stuct_ptr->field
p[rint] stuct.field
Set variable by variable name:
set var = value
Set variable by address:
set {type}address = value
View address of a symbol:
i[nfo] address symbol_name
Print the call stack:
b[ack]t[race]
View current and following lines:
l[ist]
View current and previous lines:
l[ist] -
View code centered around line_num:
l[ist] line_num
View code centered around function_name:
l[ist] function_name
Stop execution:
kill
Quit gdb
q[uit]
x/20s [variable] to see strings