Quick GDB Information
Displaying stuff
printstuff displays the value in (stuff) or evaluates something (such asprint sizeof(foo)print/xstuff orp/xstuff displays stuff in hexadecimalprint $eaxdisplays the value of register%eaxxstuff displays the value pointed at by stuffdisplaystuff displays stuff after each commandundisplaystuff removes display number stuffinfo registersdisplays the contents of all registers, including some you've never heard of, in both hexadecimal and decimal.layoutgives you a multiple-window view of code, registers, and commands. Trylayout splitandlayout regs.
Any of these commands can have a format argument appended:
/ddecimal/uunsigned/xhex/tbinary/iinstruction/sstring (displays ascii values until a NUL is encounte/cchar
display /i $eip is a useful command. It displays the value pointed at by $eip after each command and interprets it as an instruction. Basically it shows the next instruction to be run. Also, if a size and number are given, it will print that many of those size items after the given thing. So, for example, x/20w $esp displays 20 words at and after $esp. The available sizes are:
/bbyte/w /code> word
Breakpoints
Setting and removing single breakpoints:
break (some function)break (line number)break *(some memory address)delete (breakpoint number)
Removing all breakpoints:
clear[clears current break point]clear (some function)clear (some line number)clear *(some memory address)
Running
runarg1 arg2 ... starts or restarts the program with the given argumentsrunstarts or restarts the program at full speed. If restarting, uses the same arguments used last time.sorstepsteps by one line of source code, going into function calls. This only works after the program is running, so you usually need to set a breakpoint somewhere so that you can get to where you want to start stepping.nornextsteps by one line of source code, not going into function callsstepisteps by one instruction, going into function callsnextisteps by one instruction, not going into function callscorcontinuegoes at full speed after a breakpointkillend the running programfinishstep out of the current function.- [ENTER] do the same command again.
Stack and Variables
btorbacktraceshows the current stack.frameN goes to the _N_th stack frame.info localsprints all local variables.info argsprints all of the arguments to the current function as they are now (as opposed to as they were at the top of the function).callfunction calls function. Arguments can be provided. Note: this works by pushing arguments on the stack, resetting%eipto point the the function, and letting the program run. In some circumstances, this can failwhatissomething prints the type of something
Command Line
set args (stuff)passes stuff as command line arguments to the program the next timerunis used.filestuff sets stuff as the program to be run and debugged.
Lazy Typing
- Enter (the key) at an empty command prompt repeats the last command. This is especially handy for
stepandnextcommands - Ambigious abreviations will resolve to the last command with that abbreviation
Lazy Math
print/d 0xsome hex number will convert it to decimalprint/xsome decimal number will convert it to hexprintcomplicated expression will evaluate the expression and print the result in decimal or hex. You can use standard C notation, variables of your program, and register names ($eax, etc.)
Useful Tricks
info bwill tell you how many times a breakpoint has been hit.continuen (orcn) will continue past a breakpoint n times. For example, if the fourth call to a function is the one that fails, you can use "c 3" to skip the first three calls.- You can combine the two above tricks to deal with a function that crashes after many calls. Set a breakpoint in the function, run the program, and type "
c 9999999". When it crashes, useinfo bto find out how many times the function was called. Then rerun the program and usecontinuen-1 to get to the invocation that crashes.
(When logged in, completion status appears here.)