Difference between revisions of "Gdb"
Line 1: | Line 1: | ||
GDB is a [[bash]] debugger for [[ELF]] binaries. | GDB is a [[bash]] debugger for [[ELF]] binaries. | ||
− | It is a powerful tool to disassemble and view the memory of a process, file or core dump. When inspecting core dumps, it's vital to import the proper debugging symbols to properly understand what generated the core dump. This will require compiling the program with the debugging option for gcc like so: | + | It is a powerful tool to disassemble and view the memory of a process, file or core dump. When inspecting core dumps, it's vital to import the proper debugging symbols to properly understand what generated the core dump. This will require compiling the program with the debugging option for gcc like so by passing the debug flag '-g': |
<pre> | <pre> |
Revision as of 04:56, 30 August 2015
GDB is a bash debugger for ELF binaries.
It is a powerful tool to disassemble and view the memory of a process, file or core dump. When inspecting core dumps, it's vital to import the proper debugging symbols to properly understand what generated the core dump. This will require compiling the program with the debugging option for gcc like so by passing the debug flag '-g':
gcc -o cfm -g cfm.c
Then, you will need load the coredump like this:
gdb cfm core-cfm.1129
Sometimes, you can find packages that have debugging symbols ready to go, they'll usually be named like package-dbg.
To view the stack trace, run:
bt
To view all registers:
i r or info registers
Select a stack frame to inspect:
frame {0,}
List the source code (if you have imported debugging symbols only
list + list - list
Print/inspect memory regions:
print <variable> (print 200 bytes) x/200bx <variable> (print 200 words) x/200wx $rip (print 200 bytes => int => ascii) x/200xc $rip
Print all variables in program (requires debugging symbols)
info variables
This article contains too little information, it should be expanded or updated. |
---|
Things you can do to help:
|