Gdb cheat sheet
Source
(gdb) list
1 void f()
2 {
3 printf("How did you do that?\n");
4 }
5 int main()
6 {
7 char name[10];
8 scanf("%s", name);
9 printf("Hello %s\n", name);
10 return 0;
(gdb) list
11 }
Breakpoints
(gdb) b main
Breakpoint 1 at 0x80484c9: file ret.c, line 8.
(gdb) b ret.c:10
Breakpoint 2 at 0x80484f1: file ret.c, line 10.
(gdb) b *0x80484f1
Breakpoint 3 at 0x80484f1: file ret.c, line 10.
(gdb) delete
Delete all breakpoints? (y or n) y
(gdb) info breakpoints
Num Type Disp Enb Address What
4 breakpoint keep y 0x080484f1 in main at ret.c:10
(gdb) info break
Num Type Disp Enb Address What
4 breakpoint keep y 0x080484f1 in main at ret.c:10
5 breakpoint keep y 0x080484c9 in main at ret.c:7
6 breakpoint keep y 0x080484c9 in main at ret.c:8
(gdb) delete 5
(gdb) info break
Num Type Disp Enb Address What
4 breakpoint keep y 0x080484f1 in main at ret.c:10
6 breakpoint keep y 0x080484c9 in main at ret.c:8
Running
(gdb) run
Starting program: /tmp/example/ret
warning: Could not load shared library symbols for linux-gate.so.1.
Do you need "set solib-search-path" or "set sysroot"?
Breakpoint 6, main () at ret.c:8
8 scanf("%s", name);
(gdb) list main
1 void f()
2 {
3 printf("How did you do that?\n");
4 }
5 int main()
6 {
7 char name[10];
8 scanf("%s", name);
9 printf("Hello %s\n", name);
10 return 0;
(gdb) run A B C
Starting program: /tmp/example/ret A B C
(gdb) run < /path/to_file
Starting program: /tmp/example/ret < /path/to_file
Variables
(gdb) print name
$2 = "AAAAAAAAAA"
(gdb) print &name
$4 = (char (*)[10]) 0xffffcd46
(gdb) set var *name = 0x0
(gdb) print name
$3 = "\000AAAAAAAAA"
(gdb) set var name[4]='C'
(gdb) print name
$6 = "\000AAACAAAAA"
Breakpoint 1, main () at ret.c:9
9 scanf("%s", name);
(gdb) next
test
10 len = strlen(name);
(gdb) print len
$1 = -134635948
(gdb) next
11 printf("Hello %s\n", name);
(gdb) print len
$2 = 4
(gdb) set var len = 42
(gdb) print len
$3 = 42
(gdb) set $eax 2
Control flow
Running until next breakpoint: 'continue'
Running until return of current function 'finish'
Stepping to the next line in source code: 'step'
Stepping to the next line in source code without entering functions: 'next'
Equivalents for stepping to the next line of assembly code: 'stepi' and 'nexti'
Frame jumping and backtracing
(gdb) list
1 void f()
2 {
3 int var2 = 5;
4 printf("How did you do that?\n");
5 }
6 int main()
7 {
8 int len = 0;
9 char name[10];
10 scanf("%s", name);
(gdb)
11 len = strlen(name);
12 printf("Hello %s\n", name);
13 f();
14 return 0;
15 }
(gdb) bt
#0 f () at ret.c:3
#1 0x08048545 in main () at ret.c:13
(gdb) info locals
var2 = 0
(gdb) up
#1 0x08048545 in main () at ret.c:13
13 f();
(gdb) info locals
len = 6
name = "test34\000\205\004\b"
(gdb) frame
#1 0x08048545 in main () at ret.c:13
13 f();
(gdb) down
#0 f () at ret.c:3
3 int var2 = 5;
(gdb) frame
#0 f () at ret.c:3
3 int var2 = 5;
(gdb)
(gdb) info locals
len = 42
name = "test\000\000K\205\004\b"
(gdb) info registers
eax 0x4 4
ecx 0x2 2
edx 0x4 4
ebx 0xf7f99e54 -134635948
esp 0xffffcd30 0xffffcd30
ebp 0xffffcd58 0xffffcd58
esi 0x0 0
edi 0x0 0
eip 0x804851d 0x804851d <main+45>
eflags 0x202 [ IF ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
(gdb) info frame
Stack level 0, frame at 0xffffcd60:
eip = 0x804851d in main (ret.c:11); saved eip 0xf7e0fce5
source language c.
Arglist at 0xffffcd58, args:
Locals at 0xffffcd58, Previous frame's sp is 0xffffcd60
Saved registers:
ebp at 0xffffcd58, eip at 0xffffcd5c
(gdb) info proc mappings
process 28754
Mapped address spaces:
Start Addr End Addr Size Offset objfile
0x8048000 0x8049000 0x1000 0x0 /tmp/example/ret
0x8049000 0x804a000 0x1000 0x0 /tmp/example/ret
0x804a000 0x804b000 0x1000 0x1000 /tmp/example/ret
0xf7df2000 0xf7df3000 0x1000 0x0
0xf7df3000 0xf7f98000 0x1a5000 0x0 /lib32/libc-2.17.so
0xf7f98000 0xf7f9a000 0x2000 0x1a5000 /lib32/libc-2.17.so
0xf7f9a000 0xf7f9b000 0x1000 0x1a7000 /lib32/libc-2.17.so
0xf7f9b000 0xf7f9e000 0x3000 0x0
0xf7fd9000 0xf7fdb000 0x2000 0x0
0xf7fdb000 0xf7fdc000 0x1000 0x0 [vdso]
0xf7fdc000 0xf7ffc000 0x20000 0x0 /lib32/ld-2.17.so
0xf7ffc000 0xf7ffd000 0x1000 0x1f000 /lib32/ld-2.17.so
0xf7ffd000 0xf7ffe000 0x1000 0x20000 /lib32/ld-2.17.so
0xfffdc000 0xffffe000 0x22000 0x0 [stack]
Various useful stuff
(gdb) list
5 int main()
6 {
7 int len;
8 char name[10]="bla1";
9 char name1[10]="bla2";
10 char name2[10]="bla3";
(gdb) x /15s &name2
0xffffcd2e: "bla3"
0xffffcd33: ""
0xffffcd34: ""
0xffffcd35: ""
0xffffcd36: ""
0xffffcd37: ""
0xffffcd38: "bla2"
0xffffcd3d: ""
0xffffcd3e: ""
0xffffcd3f: ""
0xffffcd40: ""
0xffffcd41: ""
0xffffcd42: "hau"
0xffffcd46: ""
0xffffcd47: ""
(gdb) x /10i $pc
=> 0x8048552 <main+98>: lea 0x32(%esp),%eax
0x8048556 <main+102>: mov %eax,(%esp)
0x8048559 <main+105>: call 0x80483c0 <strlen@plt>
0x804855e <main+110>: mov %eax,0x3c(%esp)
0x8048562 <main+114>: lea 0x32(%esp),%eax
0x8048566 <main+118>: mov %eax,0x4(%esp)
0x804856a <main+122>: movl $0x8048628,(%esp)
0x8048571 <main+129>: call 0x8048380 <printf@plt>
0x8048576 <main+134>: mov $0x0,%eax
0x804857b <main+139>: leave
(gdb) dump binary memory dump.raw 0x00800000 0x01000000