(gdb) list 1 void f() 2 { 3 printf("How did you do that?\n"); 4 } 5 int main() 6 { 7 char name[10]; 8 scanf("%s", name); 9 printf("Hello %s\n", name); 10 return 0; * Showing source code after previous list (gdb) list 11 } == Breakpoints == * Breaking on a function (gdb) b main Breakpoint 1 at 0x80484c9: file ret.c, line 8. * Breaking on a specific line (gdb) b ret.c:10 Breakpoint 2 at 0x80484f1: file ret.c, line 10. * Breaking on a code address (gdb) b *0x80484f1 Breakpoint 3 at 0x80484f1: file ret.c, line 10. * Deleting all breakpoints (gdb) delete Delete all breakpoints? (y or n) y * Viewing all breakpoints (gdb) info breakpoints Num Type Disp Enb Address What 4 breakpoint keep y 0x080484f1 in main at ret.c:10 * Deleting a specific breakpoint (gdb) info break Num Type Disp Enb Address What 4 breakpoint keep y 0x080484f1 in main at ret.c:10 5 breakpoint keep y 0x080484c9 in main at ret.c:7 6 breakpoint keep y 0x080484c9 in main at ret.c:8 (gdb) delete 5 (gdb) info break Num Type Disp Enb Address What 4 breakpoint keep y 0x080484f1 in main at ret.c:10 6 breakpoint keep y 0x080484c9 in main at ret.c:8 == Running == * Starting the executable (gdb) run Starting program: /tmp/example/ret warning: Could not load shared library symbols for linux-gate.so.1. Do you need "set solib-search-path" or "set sysroot"? Breakpoint 6, main () at ret.c:8 8 scanf("%s", name); (gdb) list main 1 void f() 2 { 3 printf("How did you do that?\n"); 4 } 5 int main() 6 { 7 char name[10]; 8 scanf("%s", name); 9 printf("Hello %s\n", name); 10 return 0; * Running with specific arguments (gdb) run A B C Starting program: /tmp/example/ret A B C * Running with input from a file (gdb) run < /path/to_file Starting program: /tmp/example/ret < /path/to_file == Variables == * Printing contents (gdb) print name $2 = "AAAAAAAAAA" * Printing address (gdb) print &name $4 = (char (*)[10]) 0xffffcd46 * Setting a variable (array) (gdb) set var *name = 0x0 (gdb) print name $3 = "\000AAAAAAAAA" (gdb) set var name[4]='C' (gdb) print name $6 = "\000AAACAAAAA" * Setting a variable (non-array) and register Breakpoint 1, main () at ret.c:9 9 scanf("%s", name); (gdb) next test 10 len = strlen(name); (gdb) print len $1 = -134635948 (gdb) next 11 printf("Hello %s\n", name); (gdb) print len $2 = 4 (gdb) set var len = 42 (gdb) print len $3 = 42 (gdb) set $eax 2 == Control flow == * Running until next breakpoint: 'continue' * Running until return of current function 'finish' * Stepping to the next line in source code: 'step' * Stepping to the next line in source code without entering functions: 'next' * Equivalents for stepping to the next line of assembly code: 'stepi' and 'nexti' == Frame jumping and backtracing == (gdb) list 1 void f() 2 { 3 int var2 = 5; 4 printf("How did you do that?\n"); 5 } 6 int main() 7 { 8 int len = 0; 9 char name[10]; 10 scanf("%s", name); (gdb) 11 len = strlen(name); 12 printf("Hello %s\n", name); 13 f(); 14 return 0; 15 } (gdb) bt #0 f () at ret.c:3 #1 0x08048545 in main () at ret.c:13 (gdb) info locals var2 = 0 (gdb) up #1 0x08048545 in main () at ret.c:13 13 f(); (gdb) info locals len = 6 name = "test34\000\205\004\b" (gdb) frame #1 0x08048545 in main () at ret.c:13 13 f(); (gdb) down #0 f () at ret.c:3 3 int var2 = 5; (gdb) frame #0 f () at ret.c:3 3 int var2 = 5; (gdb) == Information == * Seeing current local variable values (gdb) info locals len = 42 name = "test\000\000K\205\004\b" * Seeing current register values (gdb) info registers eax 0x4 4 ecx 0x2 2 edx 0x4 4 ebx 0xf7f99e54 -134635948 esp 0xffffcd30 0xffffcd30 ebp 0xffffcd58 0xffffcd58 esi 0x0 0 edi 0x0 0 eip 0x804851d 0x804851d eflags 0x202 [ IF ] cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x63 99 * Seeing current frame information (gdb) info frame Stack level 0, frame at 0xffffcd60: eip = 0x804851d in main (ret.c:11); saved eip 0xf7e0fce5 source language c. Arglist at 0xffffcd58, args: Locals at 0xffffcd58, Previous frame's sp is 0xffffcd60 Saved registers: ebp at 0xffffcd58, eip at 0xffffcd5c * Seeing current address space layout (gdb) info proc mappings process 28754 Mapped address spaces: Start Addr End Addr Size Offset objfile 0x8048000 0x8049000 0x1000 0x0 /tmp/example/ret 0x8049000 0x804a000 0x1000 0x0 /tmp/example/ret 0x804a000 0x804b000 0x1000 0x1000 /tmp/example/ret 0xf7df2000 0xf7df3000 0x1000 0x0 0xf7df3000 0xf7f98000 0x1a5000 0x0 /lib32/libc-2.17.so 0xf7f98000 0xf7f9a000 0x2000 0x1a5000 /lib32/libc-2.17.so 0xf7f9a000 0xf7f9b000 0x1000 0x1a7000 /lib32/libc-2.17.so 0xf7f9b000 0xf7f9e000 0x3000 0x0 0xf7fd9000 0xf7fdb000 0x2000 0x0 0xf7fdb000 0xf7fdc000 0x1000 0x0 [vdso] 0xf7fdc000 0xf7ffc000 0x20000 0x0 /lib32/ld-2.17.so 0xf7ffc000 0xf7ffd000 0x1000 0x1f000 /lib32/ld-2.17.so 0xf7ffd000 0xf7ffe000 0x1000 0x20000 /lib32/ld-2.17.so 0xfffdc000 0xffffe000 0x22000 0x0 [stack] == Various useful stuff == * Searching for strings in memory: 'x /15s 0xffffcd42' (searches for 15 strings from that address onwards) (gdb) list 5 int main() 6 { 7 int len; 8 char name[10]="bla1"; 9 char name1[10]="bla2"; 10 char name2[10]="bla3"; (gdb) x /15s &name2 0xffffcd2e: "bla3" 0xffffcd33: "" 0xffffcd34: "" 0xffffcd35: "" 0xffffcd36: "" 0xffffcd37: "" 0xffffcd38: "bla2" 0xffffcd3d: "" 0xffffcd3e: "" 0xffffcd3f: "" 0xffffcd40: "" 0xffffcd41: "" 0xffffcd42: "hau" 0xffffcd46: "" 0xffffcd47: "" * Displaying instructions from an address onwards, in this case the address of the current program counter (gdb) x /10i $pc => 0x8048552 : lea 0x32(%esp),%eax 0x8048556 : mov %eax,(%esp) 0x8048559 : call 0x80483c0 0x804855e : mov %eax,0x3c(%esp) 0x8048562 : lea 0x32(%esp),%eax 0x8048566 : mov %eax,0x4(%esp) 0x804856a : movl $0x8048628,(%esp) 0x8048571 : call 0x8048380 0x8048576 : mov $0x0,%eax 0x804857b : leave * Dump memory to a file (e.g. for unpacking) (gdb) dump binary memory dump.raw 0x00800000 0x01000000