GDB Cheatsheet

[:  :]

Here are some notes and things I’ve referenced for gdb.

I highly recommend using the gef extension for gdb: https://github.com/hugsy/gef

Unsorted

Basics

Here are some of the most basic gdb commands.

Start the program with arguments

gdb --args ./myprogram -f myfile
Command Description
starti Start at the first instruction
stepi Step 1 assembly instruction
break *0x400000 Set a breakpoint on address 0x400000
continue Continue execution, will stop at breakpoints
vmmap (gef only) Show process memory map
hexdump byte –size 256 0x400000 (gef only) See a hex dump of bytes at a address 0x400000
p *object Show details of object
search-pattern 0x41414141 (gef only) Search for bytes \x41\x41\x41\x41 (“AAAA”) in memory

More Info:

Remote GDB

You can connect to programs on different machines using remote GDB. You can also use it to connect to local programs that support remote GDB like QEMU.

Commands

Adapted this guide from a cheatsheet I found but lost the link to Related cheat sheet: gef

More important commands have !

Startup

Command Description
gdb -help print startup help, show switches
gdb object ! normal debug
gdb object core ! core debug (must specify core file)
gdb object pid attach to running process
gdb use file command to load object

Help

Command Description
help ! list command classes
help running list commands in one command class
help run bottom-level help for a command “run”
help info list info commands (running program state)
help info line help for a particular info command
help show list show commands (gdb state)
help show commands specific help for a show command

Breakpoints

Command Description
break main ! set a breakpoint on a function
break 101 ! set a breakpoint on a line number
break basic.c:101 ! set breakpoint at file and line (or function)
break *0xaddress ! Break on an address
info breakpoints ! show breakpoints
delete 1 ! delete a breakpoint by number
delete delete all breakpoints (prompted)
clear delete breakpoints at current line
clear function delete breakpoints at function
clear line delete breakpoints at line
disable 2 turn a breakpoint off, but don’t remove it
enable 2 turn disabled breakpoint back on
tbreak function line
commands break-no … end set gdb commands with breakpoint
ignore break-no count ignore bpt N-1 times before activation
condition break-no expr break only if condition (expr/expression) is true
condition 2 i == 20 example: break on breakpoint 2 if i equals 20
watch expression set software watchpoint on variable
info watchpoints show current watchpoints

Running the program

Command Description
set step-mode on ! This stops at the first instruction of a function
starti ! Go to the first instruction to execute
run ! run the program with current arguments
run args redirection ! run with args and redirection
set args args… set arguments for run
show args show current arguments to run
cont ! continue the program
step ! single step the program; step into functions
stepi ! step to next instruction
step count single step \fIcount\fR times
next ! step but step over functions
next count next \fIcount\fR times
CTRL-C ! actually SIGINT, stop execution of current program
attach process-id ! attach to running program
detach ! detach from running program
finish ! finish current function’s execution
kill kill current executing program

Stack backtrace

Command Description
x/100x $sp ! print 100 bytes from the stack pointer
bt ! print stack backtrace
frame show current execution position
up move up stack trace (towards main)
down move down stack trace (away from main)
info locals ! print automatic variables in frame
info args print function parameters

Browsing source

Command Description
list 101 ! list 10 lines around line 101
list 1,10 ! list lines 1 to 10
list main ! list lines around function
list basic.c:main ! list from another file basic.c
list - ! list previous 10 lines
list *0x22e4 list source at address
cd dir change current directory to \fIdir\fR
pwd print working directory
search regexpr forward current for regular expression
reverse-search regexpr backward search for regular expression
dir dirname add directory to source path
dir reset source path to nothing
show directories show source path

Browsing Data

Command Description
print expression ! print expression, added to value history
print/x expressionR ! print in hex
print array[i]@count artificial array - print array range
print $ print last value
print *$->next print thru list
print $1 print value 1 from value history
print ::gx force scope to be global
print ‘basic.c’::gx global scope in named file (>=4.6)
print/x &main print address of function
x/countFormatSize address low-level examine command
x/x &gx print gx in hex
x/4wx &main print 4 longs at start of \fImain\fR in hex
x/gf &gd1 print double
help x show formats for x
info locals ! print local automatics only
info functions regexp print function names
info variables regexp print global variable names
ptype name ! print type definition
whatis expression print type of expression
set variable = expression ! assign value
display expression display expression result at stop
undisplay delete displays
info display show displays
show values print value history (>= gdb 4.0)
info history print value history (gdb 3.5)

Object File Manipulation

Command Description
file object load new file for debug (sym+exec)
file discard sym+exec file info
symbol-file object load only symbol table
exec-file object specify object to run (not sym-file)
core-file core post-mortem debugging

Signal Control

Command Description
info signals print signal setup
handle signo actions set debugger actions for signal
handle INT print print message when signal occurs
handle INT noprint don’t print message
handle INT stop stop program when signal occurs
handle INT nostop don’t stop program
handle INT pass allow program to receive signal
handle INT nopass debugger catches signal; program doesn’t
signal signo continue and send signal to program
signal 0 continue and send no signal to program

Machine-level Debug

Command Description
info registers print registers sans floats
info all-registers print all registers
print/x $pc print one register
stepi single step at machine level
si single step at machine level
nexti single step (over functions) at machine level
ni single step (over functions) at machine level
display/i $pc print current instruction in display
x/x &gx print variable gx in hex
info line 22 print addresses for object code for line 22
info line *0x2c4e print line number of object code at address
x/10i main disassemble first 10 instructions in \fImain\fR
disassemble addr dissassemble code for function around addr

History Display

Command Description
show commands print command history (>= gdb 4.0)
info editing print command history (gdb 3.5)
ESC-CTRL-J switch to vi edit mode from emacs edit mode
set history expansion on turn on c-shell like history
break class::member set breakpoint on class member. may get menu
list class::member list member in class
ptype class print class members
print *this print contents of this pointer
rbreak regexpr useful for breakpoint on overloaded member name

Miscellaneous

Command Description
define command … end define user command
*(gdb) RETURN repeat last command
*(gdb) shell command args execute shell command
*(gdb) source file load gdb commands from file
*(gdb) quit quit gdb

GDB Scripting

The following example is from https://stackoverflow.com/questions/4060565/how-to-script-gdb-with-python-example-add-breakpoints-run-what-breakpoint-d

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

class DebugPrintingBreakpoint(gdb.Breakpoint):
    debugging_IDs = frozenset({37, 153, 420})
    def stop(self):
        top = gdb.newest_frame()
        someVector = top.read_var('aVectorVar')
        # Access the begin() & end() pointer of std::vector in GNU Standard C++ lib
        first = someVector['_M_impl']['_M_start']
        last = someVector['_M_impl']['_M_finish']
        values = []
        while first != last:
            values.append(int(first.dereference()['intID']))
            first = first + 1
        if not set(values) & debugging_IDs:
            return False # skip: none of the items we're looking for can be found by ID in the vector on the stack
        print("Found other accompanying IDs: {}".format(values))
        return True # drop to gdb's prompt
# Ensure shared libraries are loaded already
gdb.execute("start")
# Set our breakpoint, which happens to reside in some shared lib, hence the "start" previously
DebugPrintingBreakpoint("source.cpp:42")
gdb.execute("continue")

You can execute this script from gdb’s prompt like this:

(gdb) source script.py

Or from the command-line:

$ gdb --command script.py ./executable.elf

Events

According to the Events doc, this is an event handler:

1
2
3
4
5
6
7
8

def exit_handler (event):
    print ("event type: exit")
    if hasattr (event, 'exit_code'):
        print ("exit code: %d" % (event.exit_code))
    else:
        print ("exit code not available")

gdb.events.exited.connect (exit_handler)

The types of events are

The stop_signal and exit_code Event attributes may have changed. They don’t seem to work anymore.

I got the stop hook writing to a file, as well as other hooks that update “gdb_status.txt”. The gdb.SignalEvent thing doesn’t seem to fire though…

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

def signal_stop_handler (event):
    if (isinstance (event, gdb.StopEvent)):
        print ("event type: stop")
        with open("gdb_status.txt", "w") as f:
            f.write("Stopped\n")
        f.close()
    if (isinstance (event, gdb.SignalEvent)):
        print ("stop reason: signal")
        print ("stop signal: %s" % (event.stop_signal))
        if ( event.inferior_thread is not None) :
            print ("thread num: %s" % (event.inferior_thread.num))

gdb.events.stop.connect(signal_stop_handler)

TODO: Update this with real info hahah

Tags
Cheatsheet · Debugging · Linux · Vulndev · Todo