gdb命令总结

help + 命令就可以查看这个命令的详细帮助信息

查看信息

info

我用过的

info share ： info sharedlibrary 查看加载了什么库，地址好像不准，maps文件的才准（其实直接输入sharedlibrary命令就行了，不过没有地址而已，不过那个地址也不准的样子）

i b :查看断点

i r ：查看寄存器， i r eax edx：只查看eax和edx

官方文档：

info address -- Describe where symbol SYM is stored info all-registers -- List of all registers and their contents info args -- Argument variables of current stack frame info auxv -- Display the inferior's auxiliary vector info breakpoints -- Status of user-settable breakpoints info catch -- Exceptions that can be caught in the current stack frame info checkpoints -- IDs of currently known checkpoints info classes -- All Objective-C classes info common -- Print out the values contained in a Fortran COMMON block info copying -- Conditions for redistributing copies of GDB info dcache -- Print information on the dcache performance info display -- Expressions to display when program stops info extensions -- All filename extensions associated with a source language info files -- Names of targets and files being debugged info float -- Print the status of the floating point unit info frame -- All about selected stack frame info functions -- All function names info handle -- What debugger does when program gets various signals info inferiors -- IDs of currently known inferiors info line -- Core addresses of the code for a source line info locals -- Local variables of current stack frame info macro -- Show the definition of MACRO info mem -- Memory region attributes info os -- Show OS data ARG info proc -- Show /proc process information about any running process info program -- Execution status of the program info record -- Info record options info registers -- List of integer registers and their contents info scope -- List the variables local to a scope info selectors -- All Objective-C selectors info set -- Show all GDB settings info sharedlibrary -- Status of loaded shared object libraries info signals -- What debugger does when program gets various signals info source -- Information about the current source file info sources -- Source files in the program info stack -- Backtrace of the stack info symbol -- Describe what symbol is at location ADDR info target -- Names of targets and files being debugged info tasks -- Provide information about all known Ada tasks info terminal -- Print inferior's saved terminal status info threads -- IDs of currently known threads info tracepoints -- Status of tracepoints info types -- All type names info variables -- All global and static variable names info vector -- Print the status of the vector unit info warranty -- Various kinds of warranty you do not have info watchpoints -- Synonym for ``info breakpoints'' info win -- List of all displayed windows

x

x /50x 0xxxxxx

x /5i 0xxxxxx

Examine memory: x/FMT ADDRESS.
ADDRESS is an expression for the memory address to examine.
FMT is a repeat count followed by a format letter and a size letter.
Format letters are o(octal), x(hex), d(decimal), u(unsigned decimal),
  t(binary), f(float), a(address), i(instruction), c(char) and s(string).
Size letters are b(byte), h(halfword), w(word), g(giant, 8 bytes).
The specified number of objects of the specified size are printed
according to the format.

print

打印寄存器的值：print $eax

打印符号，如下

print main
$2 = {int (int, char , char )} 0x8049ab9 <main>

查看栈

backtrace – Print backtrace of all stack frames（查看函数调用栈）[bt full显示的信息更加详细，其实就多显示了当前函数的局部变量]

frame默认跟上面显示的没什么差别

up显示上层函数的调用，不过好像只能看一层

where 好像显示所有调用栈

调试

调试core文件(ulimit -c unlimited开启不限制core文件大小，因为默认是0)

core文件没设置的话应该默认在当前目录

gdb 程序名 core文件路径 或者 gdb 程序名 –core core文件路径

调试命令

r 运行

c 继续运行，直到碰到断点或异常才会停止

ni 单步

si 步入

jump 跳到那里执行

start – Run the debugged program until the beginning of the main procedure

set follow-fork-mode child 跟随fork出来的子进程

更多请查看文档

help running

断点

普通断点

b *0x88888888

b main

b *0x666666 if $rdi==0x666

删除断点

d 序号（那个是 i b的序号）

“硬件断点”

watch 0x66666666

还有 rwatch，awatch

设置成intel格式的汇编

set disassembly-flavor intel

其他

add-symbol-file 加载符号文件

shell ：可临时切换到shell，exit就可以回到gdb了

新发现的东西

checkpoints可以新启动一个进程，运行到当前位置

info checkpoints 可以查看

restart 序号就可以切换了

最近发现的超好用的——202009

条件记录断点

类似windbg的条件记录断点效果

下了断点后，使用command命令，加上断点的序号即可，之后就可以输入命令了，最后以end结尾就行

command <breakpoint_Num>

gdb-peda$ bl
Num     Type           Disp Enb Address            What
2       breakpoint     keep y   0x0000000000402a00 
3       breakpoint     keep y   0x0000000000402a0a 
gdb-peda$ commands 3
Type commands for breakpoint(s) 3, one per line.
End with a line saying just "end".
>echo rdx=
>print $rdx
>x /20gx 0x620000
>end
gdb-peda$

给原有断点加上条件

这个是不用加if了

condition <breakpoint_Num> 条件

例子

condition 2 $rdx==1

执行多个指令，跳过多次断点

# 执行num个指令
ni <num>
# 跳过num个断点
c <num>

pwndbg插件

那些很少被人用的功能

vis_heap_chunks，可视化查看chunks

vis_heap_chunks <个数(可选)> <起始地址(可选)>