GDB Help

This page contains a few notes about gdb that you may find useful for the bomb-defusing and buffer-overflow assignments.

Miscellaneous

Note that in the commands below, $ refers to the regular shell prompt (e.g., the bash prompt) and (gdb) refers to the prompt for commands while running GDB. Also, [Enter] refers to hitting the Enter/Return key on the keyboard.

Command	Description
`$ gcc -g ...`	include symbols (e.g., function and variable names) in the executable
`$ gdb executable`	run `gdb` on the specified executable
`$ gdb sourcefile.c`	nope; doesn’t work
`(gdb) [Enter]`	run the previous command again
`(gdb) [Ctrl-L]`	clean up the “layout” display when it gets corrupted
`(gdb) help name-of-command`	get help on a specific command
`(gdb) kill`	stop your program
`(gdb) quit`	exit `gdb`

All remaining commands on this page are assumed to be within gdb, so the (gdb) will be ommitted.

GDB commands

Looking at code


`list`	view the code wherever you last left off
`layout src`	2-panel display, with C on top and `(gdb)` prompt on the bottom
`layout asm`	2-panel display, with assembly on top

Breakpoints


`br 314`	set a breakpoint at line 314 of the C source code
`br bomb.c:314`	set a breakpoint at line 314 of the C source code in the file `bomb.c`
`clear bomb.c:314`	remove the breakpoint at line 314 of the C source code in the file `bomb.c`
`br *0x403444`	set a breakpoint at the instruction at address `0x403444`
`maintenance info breakpoints`	show all breakpoints
`main i br`	show all breakpoints

Running and stepping through code


`run`	start the program from the beginning
`r`	same as `run`
`r [args...]`	start the program from the beginning, with command-line arguments
`continue`	continue execution from a breakpoint
`c`	continue execution from a breakpoint
`stepi`	execute one instruction (step into function calls)
`si`	same as `stepi`
`nexti`	execute one instruction (step over function calls)
`ni`	same as `nexti`
`finish`	step out of the current function
`fi`	same as `finish`

Examining registers


`info reg`	view all register contents
`i r`	same as `info reg`
`i r rax rbx`	view the contents of specified registers (`%rax` and `%rbx` in this case)
`i r eax`	view the contents of the specified register (`%eax` in this case)
`i r eflags`	view which bits are set in the `EFLAGS` register

Examining memory

The command x/nfu addr allows us to examine memory starting at addr. In this command:

n = number of chunks of memory to examine
f = format in which to display the chunks (defaults to x for hexadecimal)
u = size unit of each chunk (defaults to w for four-byte “words”); choices are b for byte, h for “halfwords” (two bytes), w for “words” (four bytes), and g for “giant words” (eight bytes)

For example, you can use the command x/2g 0x403444 to view 2 8-byte “giant” words starting at memory address 0x403444.

You can use help x to list all possible values of f and u.

More examples:

x/1ss addr: view a null-terminated string
x/5xw addr: view the five 4-byte words starting at addr, formatted in hexadecimal
x/5xg addr: view the five 8-byte “giant” words starting at addr