My GDB cheat sheet

set $esp = 1 -set register esp to value of 1
disas main – disassembles main function
set disassembly-flavor intel -make it read like windows disassembly! (not AT&T)
gdb program core – tell gdb you are working with a core file
list – print sourcecode
gdb -tui – (ctrl-x-a) tui mode shows sourcecode in one windows, takes commands in another
step – single step through code – pauses in the middle of functions
next – execute the next line then pause – pauses after functions exit
next 3 – run the next 3 lines of code
continue – resume running code until breakpoint
tbreak – one time breakpoint
finish – resume execution until end of stack frame
until – execute until the program reaches a source line greater than the current [one].
until 17 – execute until line 17
until functionName – execute until function “functionName”
until swapflaw.c:swap – execute until filename swapflaw.c reaches function “swap”
until swapflaw.c:17 – execute until filename swapflaw.c reaches line 17
break – set breakpoint (break 16) (sets a breakpoint on line 16 of the source)
the break command accepts line numbers and function names
break if (i == 70000) – break only if “i” = 70000

break 180 if string==NULL && i < 0 – break on line number 180 if “string” is null and i is less than 0 info locals – show information about local variable of current stack frame info registers – show info about registers disable 2 – disables breakpoint 2 enable 2 – enables breakpoint 2 commands 1 – enter commands to be executed when breakpoint one is hit (enter “end” to quit entering commands) silent * research more on this command define name_of_macro * research more on this command (used for macros) use in command “commands” as a command (define can take arguments (the macro can)) when your macro takes arguments they are passed in with spaces not commas. enable once breakpoint-list -enables breakpoints for one pass show user – show all macros defined info break – show information on current breakpoints until 600 – //continue until like 600 in the code finish – print variablename – print out the value of variablename watch j – create a hardware breakpoint which will tell you when “j” changes watch (z > 28) – create conditional hardware breakpoints
clear – Clears a breakpoint at the next instruction that GDB will execute.
clear 28 – clears breakpoint on line 28
clear functionName – clears breakpoint for function “functionName”
up – move to parent frame
down – move to child thread
backtrace – show entire stack
gcc -g – tells gcc to save symbol information (line numbers and variables)
condition – makes breakpoints conditional followed by the breakpoint number and condition.
condition 1 num_y==1 – makes breakpoint 1 break only if num_y equals 1.
print variableName – display the contents of variable (print myvariable = contents of myvariable)
delete 1 2 3 4 – delete breakpoints 1,2,3,and 4. use no number after it to delete all breakpoints.
tbreak – set temorary breakpoint (same syntax as break)
break *address – set a breakpoint for when memory address is accessed
break +offset – Set a breakpoint some number of lines forward from the position at which execution stopped in the currently selected stack frame.
break -offset – Set a breakpoint some number of lines back from the position at which execution stopped in the currently selected stack frame.
hbreak – command sets a hardware assisted breakpoint.
thbreak – sets a temporary, hardware-assisted breakpoint
catch – set a catchpoint
call FunctionName – call a function of the debugged program. call myfunction(a) /calls myfunction with argument of a
display variableName – display the contents of variableName everytime you break
set x = 2 – sets x to 2
x *- print memory *more info needed
x/4c 0x400874 -print 4 chars worth of memory starting ad address or $register
x/4c $rax -print 4 chars worth of memory starting ad address or $register
set args myarg1 myarg2 – sets args for argv[x] (myarg1 would be argv[1])
handle
backtrace – prints out the stack (backwards)
frame 1 – starts working with stackframe 1 (frames can be listed with backtrace)
run arguments – run program with arguments
print 0xbffff7bc – 0xbffff7a0 – use gdb to calculate distance between the two addresses
disas – disassemble stack frame
print/f REGISTERNAME -print out floating point value of REGISTERNAME
ptype variableName // print the type for the variable (what type it is)
gdb -c corefile //load a core file
set {int}0xbfb4c8a8 = 0×90909090 – sets value at memory address 0xbfb4c8a8 to 0×90909090
set variable i = 0×40 – sets the value for variable i to 0x40
set variable *x=ee -sets the value that x points at to the value of 0xee. x was a pointer and the * dereferenced it (without the * you would put a memory address)
set variable x=0×90909090 -sets the memory address that x points to (x is a pointer)
maintenance info sections – prints out the allocated memory for the executable and show memory protections
cat /proc/PID_HERE/maps – show memory allocation for a single pid

find 0x7fd608b18000, 0x7fd608cd5000, “/bin/sh”
find memory_address, memory_address, “string”
find memory_address, memory_address, 0x123456789 (hex string)
info files – show files and their locations in memory. does not show memory protection, and for imports you have to set a break point and run the executable, the run the command when it breaks at the

info functions -print out information on all defined functions
p system – show location of libc in memory
p exit – show location of exit call in memory
p printf – show location of printf in memory

info proc mappings -show memory information for a process running

break * main+387 creates breakpoint at main + address (* main+XXX)

gcc -fno-stack-protector -z execstack kills stack cookie and sets execute bit for stack
————————————————————————————————–
TRACEPOINTS:

trace foo.c:121 //

————————————————————————————————–
The register names $pc and $sp are used for the program counter register and the stack pointer.
$fp is used for a register that contains a pointer to the current stack frame, and
$ps is used for a register that contains the processor status
————————————————————————————————–
watch expression – watch watches the value of expression and informs you when things change.
watch a – watch variable a and report if it changes
watch (a =< 10) – watch and report when a = or < than 10 Once the variable no longer exists in any frame of the call stack (when the function con- taining a local variable returns), GDB automatically deletes the watchpoint. GDB is only capable of watching a variable within a single thread. ————————————————————————————————– break filename:function -set a breakpoint upon occurrence of function in filename X break filename:line_number -set a breakpoint upon occurrence of line number in filename X rbreak – sets a breakpoint with perl syntax

Leave a Reply