Difference between revisions of "Gdb"
Line 51: | Line 51: | ||
<pre> | <pre> | ||
info variables | info variables | ||
+ | </pre> | ||
+ | |||
+ | A really useful command to walk through the source code while viewing the disassembled code: | ||
+ | |||
+ | <pre> | ||
+ | layout split | ||
</pre> | </pre> | ||
{{expand}} | {{expand}} | ||
[[Category:Reverse Engineering]] | [[Category:Reverse Engineering]] |
Revision as of 05:05, 30 August 2015
GDB is a bash debugger for ELF binaries.
It is a powerful tool to disassemble and view the memory of a process, file or core dump. When inspecting core dumps, it's vital to import the proper debugging symbols to properly understand what generated the core dump. This will require compiling the program with the debugging option for gcc like so by passing the debug flag '-g':
gcc -o cfm -g cfm.c
Then, you will need load the coredump like this:
gdb cfm core-cfm.1129
Sometimes, you can find packages that have debugging symbols ready to go, they'll usually be named like package-dbg.
To view the stack trace, run:
bt
To view all registers:
i r or info registers
Select a stack frame to inspect:
frame {0,}
List the source code (if you have imported debugging symbols only
list + list - list
Print/inspect memory regions:
print <variable> (print 200 bytes) x/200bx <variable> (print 200 words) x/200wx $rip (print 200 bytes => int => ascii) x/200xc $rip
Print all variables in program (requires debugging symbols)
info variables
A really useful command to walk through the source code while viewing the disassembled code:
layout split
This article contains too little information, it should be expanded or updated. |
---|
Things you can do to help:
|