# Debuggers ## GDB #### Load file into gdb start gdb with the file ``` gdb ``` or load it within gdb ``` file ``` #### Quit **q**. As simple as that. ### Info **i** is an abbreviation for **info**. #### List functions ``` i functions ``` #### List breakpoints ``` i b ``` #### List registers ``` i registers ``` #### Info about stack frame ``` i frame ``` ### Breakpoints **b** is an abbreviation for **break**. #### Break by address ``` b *
``` instead of the address, a symbol can be used \[like functions name]. #### Break by line number ``` b : ``` if filename is not specified the current one is used. #### Break by offset ``` b <+/-> ``` ### Execution flow #### Running * Use **r** to run the binary. * Use **c** to continue the execution. * Use **finish** to continue until the current stack frame returns. #### Stepping * Use **s** \[abbreviation of step] to execute a line of source code. * Use **si** \[abbreviation of stepi] to step into the next machine instruction. * Use **ni** \[abbreviation of nexti] to step into the next machine instruction \[step over function calls]. ### Examine Memory **x** is an abbreviation for **examine**. the command structure is **x/nfu \
**: * **n** - Integer indicating how much memory to examine. * **f** - Display format * **u** - unit size **Example 1** - Examine 32 words in hexadecimal form, starting at EIP's value ``` x/32xw $eip ``` **Example 2** - Examine the first 5 instructions of the function "func" ``` x/5i *func ``` #### Disassemble disassemble a function, range, length and more. ``` disas *main ``` To save yourself the complication of AT\&T assembly, change it to Intel with: ``` set disassembly-flavor intel ``` ### Set Chage register value with **set**: ``` set $ = ``` ## WinDbg #### Set breakpoint ``` bp
``` #### Execution flow ``` p [COUNT] # Step over (or F10) t [COUNT] # Step into (or F8) g # Go ``` #### Examine memory ``` d [END_ADDRESS] ```