GDB Cheatsheet
GDB Cheatsheet
I’m always forgetting, so I’m putting this here because I keep forgetting my f0rking cheatsheets on other machines.
So, in case it’s useful, here we go…
Note: this is currently mostly ARM stuff, but the majority of the commands (except the forced mode change stuff) work for x86 and the like.
| Command | Description |
|---|---|
info <var> or i <var> |
print some information |
i b |
Get info about breakpoints |
i r |
dipslay all registers and their values |
i proc map |
display the process map information for the code being analysed |
break label |
break on function label, e.g. break main |
break *0x1000 |
break on 0x1000 |
delete 2 |
delete breakpoint 2 |
set $r0=5 |
set the value of register $r0 to 5 |
stepi or si |
step forward one instr. |
nexti or ni |
step forward one instr., and STEP OVER any calls |
stepi 5 |
Step forward 5 instr. |
nexti 5 |
step forward 5 instr., stepping over any calls |
continue or c or cont |
continue on with the process |
fg |
as in BASH, foregrounds the process (push to background with c&) |
bt |
‘backtrace’ - show the call stack. NB-useful when analysing exceptions |
run arg1 arg2 |
execute the debug target (from cli) with arg1 and arg2 as arguments. |
print system or p system |
print the system symbol table data (stored as the system variable in GDB) NB - very handy for ROP exploring. |
p *(array-var)@20 |
print 20 bytes of array-var |
x 0x1000 |
short for ‘eXamine’, examine 0x1000 in this case |
x/nfu 0xADDR |
Starting from 0xADDR, examine the; 1. (N)umber of bytes, in a specified 2. (F)ormat (any of x/d/u/o/t/a/c/f/s from C’s print formatting, with additional i for instructions - defaults to he(x)adecimal), 3. Specified (U)nit size (any of (b)yte, (h)alfword, (w)ord, or (g)iant/double words), e.g. x/4dw $ps is ‘examine address in $ps, and print 4 words as signed integer values’ [Yeah, that one’s a mouthful…] |
x/10i $pc |
disassemble the next 10 instructions from the addr value in PC |
x/s 0x1000 |
display the string at memory addr. 0x1000 |
x/10xb 0x1000 |
display 10 bytes, as hex, starting at addr 0x1000 |
x/10xw $sp |
Show the 10 32bit words, in hex, starting at $sp |
set *(int*)0x6000 = 42 |
Set an int (32bits) at addr 0x6000 to 42 |
disp <expression> |
do e.g. `disp x/10i $pc` |
dissassemble (label) |
dissassemble the function with the label specified, e.g. disassemble main will dissassemble main. |
disassemble 0x1000 0x2000 |
disassemble from 0x1000 to 0x2000 (replace with addresses in the program) |
set print pretty on |
set print formatting of C structures on (use off to turn off) |
set logging file /path/to/file |
set logging to go to /path/to/file from your session |
set arm force-mode {arm/thumb/auto} |
Set the arm forced instruction mode (arm/thumb/auto) - overrides the symbol table |
show arm force-mode |
Show the current force instruction mode |
Useful Commands
I also find these commands useful when debugging (on linux/posix like environments):
| Command | Descr. |
|---|---|
gdb file |
Debug file in gdb (You never know, I might forget…) |
gdb a.out 789 |
attach GDB to a.out running as process 789 |
gdb a.out core |
open core dump for a.out in GDB |
cat /proc/789/maps |
get address space layout for 789 |
echo 0 > /proc/sys/kernel/randomize_va_space |
turn off dat pesky ASLR… |
execstack -s foo |
Disable XN for foo |
ulimit -c unlimited / ulimit -c 0 |
turn core dumps on / turn core dumps off |
Acknowledgements:
HT @Fox0x01, and MW for their helpful comments and contributions :-D