Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Gdb"

From NetSec
Jump to: navigation, search
Line 1: Line 1:
 
GDB is a [[bash]] debugger for [[ELF]] binaries.
 
GDB is a [[bash]] debugger for [[ELF]] binaries.
  
It is a powerful tool to disassemble and view the memory of a process, file or core dump. When inspecting core dumps, it's vital to import the proper debugging symbols to properly understand what generated the core dump. This will require compiling the program with the debugging option for gcc like so:
+
It is a powerful tool to disassemble and view the memory of a process, file or core dump. When inspecting core dumps, it's vital to import the proper debugging symbols to properly understand what generated the core dump. This will require compiling the program with the debugging option for gcc like so by passing the debug flag '-g':
  
 
<pre>
 
<pre>

Revision as of 04:56, 30 August 2015

GDB is a bash debugger for ELF binaries.

It is a powerful tool to disassemble and view the memory of a process, file or core dump. When inspecting core dumps, it's vital to import the proper debugging symbols to properly understand what generated the core dump. This will require compiling the program with the debugging option for gcc like so by passing the debug flag '-g':

gcc -o cfm -g cfm.c

Then, you will need load the coredump like this:

gdb cfm core-cfm.1129

Sometimes, you can find packages that have debugging symbols ready to go, they'll usually be named like package-dbg.

To view the stack trace, run:

bt

To view all registers:

i r
or
info registers

Select a stack frame to inspect:

frame {0,}

List the source code (if you have imported debugging symbols only

list +
list -
list

Print/inspect memory regions:

print <variable>
(print 200 bytes) x/200bx <variable>
(print 200 words) x/200wx $rip
(print 200 bytes => int => ascii) x/200xc $rip

Print all variables in program (requires debugging symbols)

info variables
This article contains too little information, it should be expanded or updated.
Things you can do to help:
  • add more content.
  • update current content.