Questions about this topic? Sign up to ask in the talk tab.

Gdb

From NetSec
Revision as of 05:42, 30 August 2015 by User (Talk | contribs)

Jump to: navigation, search

GDB is a bash debugger for ELF binaries, it's a powerful tool to disassemble and view the memory of a process, file or core dump. When inspecting core dumps, it's vital to import the proper debugging symbols to properly understand what generated the core dump. This will require compiling the program with the debugging option for gcc like so by passing the debug flag '-g':

gcc -o cfm -g cfm.c

Then, you will need load the coredump like this:

gdb cfm core-cfm.1129

Sometimes, you can find packages that have debugging symbols ready to go, they'll usually be named like package-dbg.

To view the stack trace, run:

bt full

To view all registers:

i r
or
info registers

Select a stack frame to inspect:

frame {0,}

List the source code (if you have imported debugging symbols only

list +
list -
list

Print/inspect memory regions:

print <variable>
(print 200 bytes) x/200bx <variable>
(print 200 words) x/200wx $rip
(print 200 bytes => int => ascii) x/200xc $rip

Print all variables in program (requires debugging symbols)

info variables

A really useful command to walk through the source code while viewing the disassembled code:

layout split
This article contains too little information, it should be expanded or updated.
Things you can do to help:
  • add more content.
  • update current content.