help + 命令就可以查看这个命令的详细帮助信息
查看信息
info
我用过的
info share : info sharedlibrary 查看加载了什么库,地址好像不准,maps文件的才准(其实直接输入sharedlibrary命令就行了,不过没有地址而已,不过那个地址也不准的样子)
i b :查看断点
i r :查看寄存器, i r eax edx:只查看eax和edx
官方文档:
info address -- Describe where symbol SYM is storedinfo all-registers -- List of all registers and their contentsinfo args -- Argument variables of current stack frameinfo auxv -- Display the inferior's auxiliary vectorinfo breakpoints -- Status of user-settable breakpointsinfo catch -- Exceptions that can be caught in the current stack frameinfo checkpoints -- IDs of currently known checkpointsinfo classes -- All Objective-C classesinfo common -- Print out the values contained in a Fortran COMMON blockinfo copying -- Conditions for redistributing copies of GDBinfo dcache -- Print information on the dcache performanceinfo display -- Expressions to display when program stopsinfo extensions -- All filename extensions associated with a source languageinfo files -- Names of targets and files being debuggedinfo float -- Print the status of the floating point unitinfo frame -- All about selected stack frameinfo functions -- All function namesinfo handle -- What debugger does when program gets various signalsinfo inferiors -- IDs of currently known inferiorsinfo line -- Core addresses of the code for a source lineinfo locals -- Local variables of current stack frameinfo macro -- Show the definition of MACROinfo mem -- Memory region attributesinfo os -- Show OS data ARGinfo proc -- Show /proc process information about any running processinfo program -- Execution status of the programinfo record -- Info record optionsinfo registers -- List of integer registers and their contentsinfo scope -- List the variables local to a scopeinfo selectors -- All Objective-C selectorsinfo set -- Show all GDB settingsinfo sharedlibrary -- Status of loaded shared object librariesinfo signals -- What debugger does when program gets various signalsinfo source -- Information about the current source fileinfo sources -- Source files in the programinfo stack -- Backtrace of the stackinfo symbol -- Describe what symbol is at location ADDRinfo target -- Names of targets and files being debuggedinfo tasks -- Provide information about all known Ada tasksinfo terminal -- Print inferior's saved terminal statusinfo threads -- IDs of currently known threadsinfo tracepoints -- Status of tracepointsinfo types -- All type namesinfo variables -- All global and static variable namesinfo vector -- Print the status of the vector unitinfo warranty -- Various kinds of warranty you do not haveinfo watchpoints -- Synonym for ``info breakpoints''info win -- List of all displayed windows
x
x /50x 0xxxxxx
x /5i 0xxxxxx
1 | Examine memory: x/FMT ADDRESS. |
打印寄存器的值:print $eax
打印符号,如下
1 | print main |
查看栈
backtrace – Print backtrace of all stack frames(查看函数调用栈)[bt full显示的信息更加详细,其实就多显示了当前函数的局部变量]
frame默认跟上面显示的没什么差别
up显示上层函数的调用,不过好像只能看一层
where 好像显示所有调用栈
调试
调试core文件(ulimit -c unlimited开启不限制core文件大小,因为默认是0)
core文件没设置的话应该默认在当前目录
gdb 程序名 core文件路径 或者 gdb 程序名 –core core文件路径
调试命令
r 运行
c 继续运行,直到碰到断点或异常才会停止
ni 单步
si 步入
jump 跳到那里执行
start – Run the debugged program until the beginning of the main procedure
set follow-fork-mode child 跟随fork出来的子进程
更多请查看文档
help running
断点
普通断点
b *0x88888888
b main
b *0x666666 if $rdi==0x666
删除断点
d 序号(那个是 i b的序号)
“硬件断点”
watch 0x66666666
还有 rwatch,awatch
设置成intel格式的汇编
1 | set disassembly-flavor intel |
其他
add-symbol-file 加载符号文件
shell :可临时切换到shell,exit就可以回到gdb了
新发现的东西
checkpoints可以新启动一个进程,运行到当前位置
info checkpoints 可以查看
restart 序号就可以切换了
最近发现的超好用的——202009
条件记录断点
类似windbg的条件记录断点效果
下了断点后,使用command命令,加上断点的序号即可,之后就可以输入命令了,最后以end结尾就行
1 | command <breakpoint_Num> |
1 | gdb-peda$ bl |
给原有断点加上条件
这个是不用加if了
1 | condition <breakpoint_Num> 条件 |
例子
1 | condition 2 $rdx==1 |
执行多个指令,跳过多次断点
1 | # 执行num个指令 |
pwndbg插件
那些很少被人用的功能
vis_heap_chunks,可视化查看chunks
1 | vis_heap_chunks <个数(可选)> <起始地址(可选)> |
