Closed-source Debugging with GDB Cheat Sheet

by fristle via cheatography.com/5574/cs/1012/

GDB: Launching  GDB: Launching  (cont) GDB: Execution  (cont)

Launching GDB gdb$ set The default is on, which continue Any time GDB is stopped, this
gdb programfile Start GDB ready to logging overwrites the existing will continue normal
launch and debug overwrite log file. execution.

progr​amfile off
GDB: Enviro​nment 
gdb --args Start GDB as above gdb$ set Turns on logging.
program arg1 but supplying logging on gdb$ show env
arg2 command line Display the debuggee's current enviro​‐
gdb$ echo With logging on, this will
arguments to the nment variables.
comme​nt\n add a comment to the
target process.
logfile. gdb$ set env varna​me​= v​alue
gdb -p pid Attach GDB to a
Set an enviro​nment variable.
running target GDB: Execution 
gdb$ unset env varname
process.
Displaying the Call Stack
Selecting the Start of Debugg​ing Delete an enviro​nment variable.
gdb$ bt Show the list of stack frames
gdb$ start Run the debuggee gdb$ show args
(BackT​race).
and break at main() Display the comman​d-line arguments of the
gdb$ bt Show the list of stack frames
(if it exists). debuggee process.
full with the local variables of each.
gdb$ attach pid Attach GDB to a gdb$ set args arg1 arg2
gdb$ Show saved stack pointer, call
running target Set the comman​d-line arguments to the
info address, etc. for the selected
process. debuggee process.
frame stack frame.
(gdb) attach (Mac OS X only) gdb$ shell command
Wait for a process to gdb$ Select stack frame number
--waitfor
frame number (and crashed GDB Run shell commands (useful commands
proce​ss-​name launch and immedi​‐
6.3.50 on OS X). may include "ps -e", etc.)
ately attach to it. number
gdb$ pwd | cd
Adding a shim Controlling Execut​ion
Step-into (one or count instru​‐ These two commands can can show or
gdb$ set exec- The dynamic library si
ction forward). change the working directory of GDB
w​rapper env file libfoo
​ .so will be [count]
(useful for logging, etc.).
'LD_PR​ELO​‐ loaded into the ni Step-over (one or count instru​‐
AD=​li​bfo​o.so' address space of the [count] ction, stepping over function
GDB: Breakp​oints 
debuggee. calls).
Logging Managing Breakp​oints
return Immedi​ately return from the
gdb$ set The default logfile is current function, optionally gdb$ set breakpoint pending on
[value]
logging file gdb.txt but you can setting the return value. Bypasses the warning about breakp​oints in
filen​ame use this to change it. finish Stop after finishing execution of modules that aren't loaded yet.
the current function. gdb$ break funct​ion

Sets a breakpoint at function if ("pe​ndi​ng"

off) or when ("pe​nding on") a symbol by
that name exists.

By fristle Published 2nd May, 2013. Sponsored by CrosswordCheats.com

cheatography.com/fristle/ Last updated 12th May, 2016. Learn to solve cryptic crosswords!
Page 1 of 3. http://crosswordcheats.com
 Closed-source Debugging with GDB Cheat Sheet
by fristle via cheatography.com/5574/cs/1012/

GDB: Breakp​oints  (cont) GDB: Concur​rency  GDB: Concur​rency  (cont)

gdb$ break *0x000​01234 Multithreaded Debugg​ing GDB will not detach at a fork() and will also

Sets a breakpoint at address 0x0000​1234. gdb$ info threads attach to the child process (both will be
debugged).
gdb$ break 0x000​01234 if symbo​‐ List the threads of the target process.
gdb$ show detach​-on​-fork
l=​= s​ome​value* gdb$ thread threa​dID
Display the current setting value.
This is an example of the condit​ional Attach GDB to the thread threa​dID.
breakpoint syntax. gdb$ info inferiors
gdb$ set non-stop on
gdb$ catch syscall name List all processes under GDB's control. (On
Only the debugged thread is halted in GDB,
Mac OS X: info files)
Stop when the syscall name is called. Omit the rest continue to run non-stop (unless
name to stop on every syscall. Instead of they are blocking on the thread being
name, you can also specify a syscall by GDB: Memory 
debugged).
number. Memory Images
gdb$ set scheduler-locking on
gdb$ catch load gdb program -c dumpf​ile
Only the debugged thread will run when the
(not in Mac OS X) Stop when the debuggee debuggee is resumed. Debug program using a memory dump file,
loads any dynamic library. Also: catch image​file.
gdb$ set schedu​ler​-lo​cking step
unload. gdb$ generate-core-file
Only the debugged thread will step when
gdb$ info break
being step-d​ebu​gged. (not in Mac OS X) Dump the debuggee
List all breakp​oints and watchp​oints. process memory to disk.
gdb$ show schedu​ler​-lo​cking
gdb$ clear [ brea​kpo​int​id] Reading Disass​embly and Memory
Display the current setting value.
Deletes one or all existing breakp​oints. gdb$ set disass​emb​ly-​flavor
Without this cheat sheet, the user would be intel
Multiprocess Debugg​ing
forced to guess what is being cleared.
gdb$ set follow​-fo​rk-mode child Use the modern syntax for x86-64
gdb$ disable [ brea​kpo​int​id] assembly. This is not the default.
GDB will detach at a fork() and attach to the
Disables one or all breakp​oints. gdb$ set disass​emb​le-​nex​t-line
new process.
on
gdb$ set follow​-fo​rk-mode parent
Managing Watchp​oints (Data Breakp​oin​‐ Disassemble the next instru​ction every time
(Default) GDB will not detach at a fork().
ts) GDB stops. You want to turn this on.
gdb$ show follow​-fo​rk-​mode
gdb$ watch *0x123​45678 [mask gdb$ x/4i 0x0000​1234
0xffff​ff00] Display the current setting value.
Disassemble (eXamine) the first 4 instru​‐
Break on any change to the 24 most signif​‐ gdb$ set follow​-ex​ec-mode new ctions at address 0x0000​1234.
icant bits of a 32-bit value at address GDB will detach at an exec() and attach to gdb$ x/32i $rip
0x1234​5678. the new process.
Disassemble the first 32 instru​ctions
gdb$ awatch *0x123​45678 gdb$ set follow​-ex​ec-mode same starting at the current instru​ction ($RIP on
Like watch, but also stops on any write or (Default) GDB will not detach at an exec(). x86-64).
read accesses to the given address.
gdb$ show follow​-ex​ec-​mode gdb$ x/32i $rip-16
gdb$ rwatch *0x123​45678
Display the current setting value. Same command, but attempting to disass​‐
Like watch, but only stops on read emble both forward and backward from the
gdb$ set detach​-on​-fork off
accesses. current instru​ction.
gdb$ info address symbo​lname

Display the address in memory of a given

symbol, specified by name.

By fristle Published 2nd May, 2013. Sponsored by CrosswordCheats.com

cheatography.com/fristle/ Last updated 12th May, 2016. Learn to solve cryptic crosswords!
Page 2 of 3. http://crosswordcheats.com
 Closed-source Debugging with GDB Cheat Sheet
by fristle via cheatography.com/5574/cs/1012/

GDB: Memory  (cont) GDB: Advanced 

gdb$ info symbol 0x0000​1234 Anti-Anti Debugg​ing

Displays the symbol name (if any), gdb$ handle signal [keyw​ord​s...]
executable segment, and executable (Untested) might bypass except​ion​-based
module associated with the given address. anti-d​ebu​gging
gdb$ x/1s 0x0000​1234 gdb$ catch syscall ptrace
Display one null-t​erm​inated string at (Untested) Use this breakpoint to return 0
address 0x0000​1234. (set $rax = 0; continue), should bypass
gdb$ x/8xb 0x0000​1234 ptrace() checking by the debuggee.

Display 8 heXade​cimal Bytes of memory

starting at address 0x0000​1234.
gdb$ info registers

Display the value of the regular CPU

registers.
gdb$ info all-re​gis​ters

Display the value of all CPU registers

including floati​ng-​point and vector registers.
Does not include special Machine Specific
Registers (MSRs).
gdb$ find start​_ad​dress, dista​‐
nce, value [, anoth​er_​value,
...]

(not in Mac OS X) Search memory for a

value, given a starting point and a search
distan​ce/​offset.
gdb$ info shared

Display info about all of the executable

modules of the debuggee (name, load
address, file path, etc.).
gdb$ info functions

Display all of the function symbols available

and their associated addresses.
gdb$ info variables

Display all of the variable symbols available

and their associated addresses.

By fristle Published 2nd May, 2013. Sponsored by CrosswordCheats.com

cheatography.com/fristle/ Last updated 12th May, 2016. Learn to solve cryptic crosswords!
Page 3 of 3. http://crosswordcheats.com