Debuggers
GDB
Load file into gdb
start gdb with the file
or load it within gdb
Quit
q. As simple as that.
Info
i is an abbreviation for info.
List functions
List breakpoints
List registers
Info about stack frame
Breakpoints
b is an abbreviation for break.
Break by address
instead of the address, a symbol can be used [like functions name].
Break by line number
if filename is not specified the current one is used.
Break by offset
Execution flow
Running
Use r to run the binary.
Use c to continue the execution.
Use finish to continue until the current stack frame returns.
Stepping
Use s [abbreviation of step] to execute a line of source code.
Use si [abbreviation of stepi] to step into the next machine instruction.
Use ni [abbreviation of nexti] to step into the next machine instruction [step over function calls].
Examine Memory
x is an abbreviation for examine.
the command structure is x/nfu <ADDRESS>:
n - Integer indicating how much memory to examine.
f - Display format
u - unit size
Example 1 - Examine 32 words in hexadecimal form, starting at EIP's value
Example 2 - Examine the first 5 instructions of the function "func"
Disassemble
disassemble a function, range, length and more.
To save yourself the complication of AT&T assembly, change it to Intel with:
Set
Chage register value with set:
WinDbg
Set breakpoint
Execution flow
Examine memory
Last updated