Debuggers

GDB

Load file into gdb

start gdb with the file

gdb <FILE NAME>

or load it within gdb

file <FILE NAME>

Quit

q. As simple as that.

Info

i is an abbreviation for info.

List functions

i functions

List breakpoints

i b

List registers

i registers

Info about stack frame

i frame

Breakpoints

b is an abbreviation for break.

Break by address

b *<ADDRESS>

instead of the address, a symbol can be used [like functions name].

Break by line number

b <FILE NAME>:<LINENUM>

if filename is not specified the current one is used.

Break by offset

b <+/-><OFFSET>

Execution flow

Running

  • Use r to run the binary.

  • Use c to continue the execution.

  • Use finish to continue until the current stack frame returns.

Stepping

  • Use s [abbreviation of step] to execute a line of source code.

  • Use si [abbreviation of stepi] to step into the next machine instruction.

  • Use ni [abbreviation of nexti] to step into the next machine instruction [step over function calls].

Examine Memory

x is an abbreviation for examine.

the command structure is x/nfu <ADDRESS>:

  • n - Integer indicating how much memory to examine.

  • f - Display format

  • u - unit size

Example 1 - Examine 32 words in hexadecimal form, starting at EIP's value

x/32xw $eip

Example 2 - Examine the first 5 instructions of the function "func"

x/5i *func

Disassemble

disassemble a function, range, length and more.

disas *main

To save yourself the complication of AT&T assembly, change it to Intel with:

set disassembly-flavor intel

Set

Chage register value with set:

set $<REGISTER> = <VALUE>

WinDbg

Set breakpoint

bp <ADDRESS>

Execution flow

p [COUNT] # Step over (or F10)
t [COUNT] # Step into (or F8)
g # Go

Examine memory

d <START_ADDRESS> [END_ADDRESS]

Last updated