gdb debugger Flashcards
command use to display contents of a general purpose register.
display /x $eax
view first 16 bits, display /x $ax
view 8L, display /x $al
view 8H, display /x $ah
how to view FPU registers in GDB
by default FPU is not shown,
you can issue: info all-registers to view all registers
this flag is used with the compiler to privide GDB with debugging symbols
-ggdb
in GDB this command is used to view information about functions, * when compiled with debugging symbols.
info functions
in GDB when a program is compiled with symbols, you can use this command to view GLOBAL variables
info variables
to view LOCAL variables in GDB when a program is compiled with debug symbols use this command
you mention scope, info scope “function”
objcopy –only-keep-debug binary debug_output
This will rip off debugging symbols from a binary compiled with debugging symbols
This letter is use to examine a memory address in GDB
x
help x
x/100s 0xabcdef
GDB workflow
break main ( set break point)
run (run the program)
disassemble main ( show instructions starting at main)
x/100s xyz (examine 100 count of strings @ xyz memory address)
examine number of instructions in GDX using x
x/100i 0xabcdef ( where abcdef is a memory address) you can get the memory address from EIP or ESP for example to look at all the instructions)
what are convenience variables in GDB?
they allow you to store your own variables to refuse in the program, they also allow you to call C libraries.
set $test1 = (char *)malloc()
call strcpy($test1, sys.argv[1])
GDB allows you to call functions and parameters using “call”
call EchoInput("hello")
call Addnumbers(10, 20)set a breakpoint in specific instruction when looking at disassemble main for example
break *0x0804850c
you take the memory address of the instruction and prepend * to set the break point.
