2. 程式人生 > >GDB命令,逆向除錯很有用

GDB命令,逆向除錯很有用

阿新 發佈:2019-01-09

感覺比很多網站的教程有用,分享一下

對於我自己用gdb反彙編十分有幫助啊,感謝外國友人了~

實用的幾個command:

Restart>>>run / r

Break any point>>>break *address Break func >>> break [function] F9>>>continue F7>>>step,next finish this function >>> finish show current code >>> x /10i  (10 lines)

GDB Command Line Arguments:

Starting GDB:

  • gdbname-of-executable
  • gdb -ename-of-executable-cname-of-core-file
  • gdbname-of-executable--pid=process-id
    Useps -auxwto list process id's:
    Attach to a process already running: 
    [prompt]$ ps -auxw | grep myapp
user1     2812  0.7  2.0 1009328 164768 ?      Sl   Jun07   1:18 /opt/bin/myapp
[prompt]$
     
     gdb /opt/bin/myapp 2812
OR
[prompt]$ gdb /opt/bin/myapp --pid=2812

Command line options: (version 6. Older versions use a single "-")

Option Description
--help
-h		 List command line arguments
--exec=file-name
-efile-name		 Identify executable associated with core file.
--core=name-of-core-file
-cname-of-core-file		 Specify core file.
--command=command-file
-xcommand-file		 File listing GDB commands to perform. Good for automating set-up.
--directory=directory
-ddirectory		 Add directory to the path to search for source files.
--cd=directory Run GDB using specified directory as the current working directory.
--nx
-n		 Do not execute commands from~/.gdbinitinitialization file. Default is to look at this file and execute the list of commands.
--batch -xcommand-file Run in batch (not interactive) mode. Execute commands from file. Requires-xoption.
--symbols=file-name
-sfile-name		 Read symbol table from file file.
--se=file-name Use FILE as symbol file and executable file.
--write Enable writing into executable and core files.
--quiet
-q		 Do not print the introductory and copyright messages.
--tty=device Specifydevicefor running program's standard input and output.
--tui Use a terminal user interface. Console curses based GUI interface for GDB. Generates a source and debug console area.
--pid=process-id
-pprocess-id		 Specify process ID number to attach to.
--version Print version information and then exit.
GDB Commands:

Commands used within GDB:

Command Description
help List gdb command topics.
helptopic-classes List gdb command within class.
helpcommand Command description.
eghelp showto list the show commands
apropossearch-word Search for commands and command topics containingsearch-word.
info args
i args		 List program command line arguments
info breakpoints List breakpoints
info break List breakpoint numbers.
info breakbreakpoint-number List info about specific breakpoint.
info watchpoints List breakpoints
info registers List registers in use
info threads List threads in use
info set List set-able option
Break and Watch
breakfuntion-name
breakline-number
breakClassName::functionName		 Suspend program at specified function of line number.
break +offset
break -offset		 Set a breakpoint specified number of lines forward or back from the position at which execution stopped.
breakfilename:function Don't specify path, just the file name and function name.
breakfilename:line-number Don't specify path, just the file name and line number.
breakDirectory/Path/filename.cpp:62
break *address Suspend processing at an instruction address. Used when you do not have source.
breakline-numberifcondition Where condition is an expression. i.e.x > 5
Suspend when boolean expression is true.
breaklinethreadthread-number Break in thread at specified line number. Useinfo threadsto display thread numbers.
tbreak Temporary break. Break once only. Break is then removed. See "break" above for options.
watchcondition Suspend processing when condition is met. i.e.x > 5
clear
clearfunction
clearline-number		 Delete breakpoints as identified by command option.
Delete all breakpoints infunction
Delete breakpoints at a given line
delete
d		 Delete all breakpoints, watchpoints, or catchpoints.
deletebreakpoint-number
deleterange		 Delete the breakpoints, watchpoints, or catchpoints of the breakpoint ranges specified as arguments.
disablebreakpoint-number-or-range
enablebreakpoint-number-or-range		 Does not delete breakpoints. Just enables/disables them.
Example:
Show breakpoints:info break
Disable:disable 2-9
enablebreakpoint-numberonce Enables once
continue
c		 Continue executing until next break point/watchpoint.
continuenumber Continue but ignore current breakpointnumbertimes. Usefull for breakpoints within a loop.
finish Continue to end of function.
Line Execution
step
s
stepnumber-of-steps-to-perform		 Step to next line of code. Will step into a function.
next
n
nextnumber		 Execute next line of code. Will not enter functions.
until
untilline-number		 Continue processing until you reach a specified line number. Also: function name, address, filename:function or filename:line-number.
info signals
info handle
handleSIGNAL-NAMEoption		 Perform the following option when signal recieved: nostop, stop, print, noprint, pass/noignore or nopass/ignore
where Shows current line number and which function you are in.
Stack
backtrace
bt
btinner-function-nesting-depth
bt -outer-function-nesting-depth		 Show trace of where you are currently. Which functions you are in. Prints stack backtrace.
backtrace full Print values of local variables.
frame
framenumber
fnumber		 Show current stack frame (function where you are stopped)
Select frame number. (can also user up/down to navigate frames)
up
down
upnumber
downnumber		 Move up a single frame (element in the call stack)
Move down a single frame
Move up/down the specified number of frames in the stack.
info frame List address, language, address of arguments/local variables and which registers were saved in frame.
info args
info locals
info catch		 Info arguments of selected frame, local variables and exception handlers.
Source Code
list
l
listline-number
listfunction
list -
liststart#,end#
listfilename:function		 List source code.
set listsizecount
show listsize		 Number of lines listed whenlist command given.
directorydirectory-name
dirdirectory-name
show directories		 Add specified directory to front of source code path.
directory Clear sourcepath when nothing specified.
Machine Language
info line
info linenumber		 Displays the start and end position in object code for the current line in source.
Display position in object code for a specified line in source.
disassemble0xstart 0xend Displays machine code for positions in object code specified (can use start and end hex memory values given by theinfo linecommand.
stepi
si
nexti
ni		 step/next assembly/processor instruction.
x0xaddress
x/nfu0xaddress		 Examine the contents of memory.
Examine the contents of memory and specify formatting.
  • n: number of display items to print
  • f: specify the format for the output
  • u: specify the size of the data unit (eg. byte, word, ...)
Example:x/4dw var
Examine Variables
printvariable-name
pvariable-name
pfile-name::variable-name
p 'file-name'::variable-name		 Print value stored in variable.
p *array-variable@length Print first # values of array specified bylength. Good for pointers to dynamicaly allocated memory.
p/xvariable Print as integer variable in hex.
p/dvariable Print variable as a signed integer.
p/uvariable Print variable as a un-signed integer.
p/ovariable Print variable as a octal.
p/tvariable
x/baddress
x/b &variable		 Print as integer value in binary. (1 byte/8bits)
p/cvariable Print integer as character.
p/fvariable Print variable as floating point number.
p/avariable Print as a hex address.
x/waddress
x/4b &variable		 Print binary representation of 4 bytes (1 32 bit word) of memory pointed to by address.
ptypevariable
ptypedata-type		 Prints type definition of the variable or declared variable type. Helpful for viewing class or struct definitions while debugging.
GDB Modes
setgdb-optionvalue Set a GDB option
set logging on
set logging off
show logging
set logging filelog-file		 Turn on/off logging. Default name of file isgdb.txt
set print array on
set print array off
show print array		 Default is off. Convient readable format for arrays turned on/off.
set print array-indexes on
set print array-indexes off
show print array-indexes		 Default off. Print index of array elements.
set print pretty on
set print pretty off
show print pretty		 Format printing of C structures.
set print union on
set print union off
show print union		 Default is on. Print C unions.
set print demangle on
set print demangle off
show print demangle		 Default on. Controls printing of C++ names.
Start and Stop
run
r
runcommand-line-arguments
run <infile>outfile		 Start program execution from the beginning of the program. The commandbreak mainwill get you started. Also allows basic I/O redirection.
continue
c		 Continue execution to next break point.
kill Stop program execution.
quit
q		 Exit GDB debugger.
GDB Operation:
  • Compile with the "-g" option (for most GNU and Intel compilers) which generates added information in the object code so the debugger can match a line of source code with the step of execution.
  • Do not use compiler optimization directive such as "-O" or "-O2" which rearrange computing operations to gain speed as this reordering will not match the order of execution in the source code and it may be impossible to follow.
  • control+c: Stop execution. It can stop program anywhere, in your source or a C library or anywhere.
  • To execute a shell command:!command
    orshellcommand
  • GDB command completion: Use TAB key
    info bre+ TAB will complete the command resulting ininfo breakpoints
    Press TAB twice to see all available options if more than one option is available or type "M-?" + RETURN.
  • GDB command abreviation:
    info bre+ RETURN will work asbreis a valid abreviation forbreakpoints
De-Referencing STL Containers:

Displaying STL container classes using the GDB "pvariable-name" results in an cryptic display of template definitions and pointers. Use the followingfile (V1.03 09/15/08). Now works with GDB 4.3+.
(Archived versions: [V1.01GDB 6.4+ only])
Thanks toDr. Eng. Dan C. Marinescufor permission to post this script.

Use the following commands provided by the script:

Data type GDB command
std::vector<T> pvectorstl_variable
std::list<T> pliststl_variableT
std::map<T,T> pmapstl_variable
std::multimap<T,T> pmapstl_variable
std::set<T> psetstl_variableT
std::multiset<T> psetstl_variable
std::deque<T> pdequeuestl_variable
std::stack<T> pstackstl_variable
std::queue<T> pqueuestl_variable
std::priority_queue<T> ppqueuestl_variable
std::bitset<n>td> pbitsetstl_variable
std::string pstringstl_variable
std::widestring pwstringstl_variable
Where T refers to native C++ data types. While classes and other STL data types will work with the STL container classes, this de-reference tool may not handle non-native types.
De-Referencing a vector:

Example:STL_vector_int.cpp

01 #include <iostream>
02 #include <vector>
03 #include <string>
04
05 usingnamespacestd;
06

相關推薦

GDB命令逆向除錯有用

感覺比很多網站的教程有用,分享一下 對於我自己用gdb反彙編十分有幫助啊,感謝外國友人了~ 實用的幾個command: Restart>>>run / r Break any point>>>break *address

原始碼參考網址對初學者有用

優秀網站原始碼、程式設計原始碼下載網站大集中 1.51原始碼:http://www.51aspx.com/ 2.原始碼之家:http://www.codejia.com/ 3.原始碼網:http://www.codepub.com/ 4.蝦客原始碼:http://www.xkxz.com/ 5.多多

經典的GDB除錯命令包括檢視變數檢視記憶體

在你除錯程式時,當程式被停住時,你可以使用print命令(簡寫命令為p),或是同義命令inspect來檢視當前程式的執行資料。print命令的格式是: print print / 是表示式,是你所除錯的程式的語言的表示式(GDB可以除錯多種程式語言),是輸出的格式,比如,

Linux系統一些不大常用卻有用命令

程序 man手冊 給定 內核 lease and 變量 bsp 使用 which命令 用於查找並顯示給定命令的絕對路徑,環境變量PATH中保存了查找命令時需要遍歷的目錄。which命令會在環境變量PATH設置的目錄裏查找符合條件的文件。也就是說,使用which命令,就可

oracle trunc 函數處理日期格式日期類型有用的幾個sql

char mon 函數 -m span 截取 報錯 sys 默認 select to_char(sysdate,‘yyyy-mm-dd hh24:mi:ss‘) from dual; --顯示當前時間 2011-12-29 16:24:34 select trunc(

發現一個牛逼的技能部署程序時有用

nta over change 方便 AI maintain 沒有 rec zip 一、問題簡述 目前公司在蓉城,總公司在北京。新開發了一個項目,需要部署到北京的服務器進行演示。 項目是spring boot開發的,打出來的jar包並不算大,40多M。但是北京那邊給的服

除了vim, 還有哪些常用的牛逼的編輯器除了gcc, 還有哪些常用的牛逼的編譯器為什麼除錯的時候需要編譯選項中新增 -g調研readelf命令Linux下實現進度條程式.

除了vim, 還有哪些常用的牛逼的編輯器 Brackets Brackets也是一款為Linux開發者設計的開原始碼編輯器,使用Brackets寫程式碼,你不會被任何事情所打斷。比如在寫HTML程式碼時,即便你沒有儲存程式碼也可以及時預覽你的Web頁面效果。你也可以使用T

Linux下重要命令許可權及gcc/g++,gdb,vim的安裝

Linux重要命令: su 切換使用者 -c<指令>或–command=<指令>:執行完指定的指令後,即恢復原來的身份; -f或——fast:適用於csh與tsch,使shell不用去讀取啟動檔案; -l或——login:改變身份時,

學習Linux不停的敲命令真的能起到好的作用嗎?

不停地敲命令真的能起到很好的作用嗎? 記得在初學Linux的時候,聽朋友說:要學習Linux,學好Linux你得每天不停的敲Linux命令。從他們口中大概意思: 多敲、多練即可學會Linux。 當然,我不否定這個說法,在初學Linux以及正在入門學習Linux的同學來說,確實多

Linux下的編輯器和編譯器為什麼除錯的時候需要編譯選項中新增 -g. 同學們自行調研readelf命令原始碼安裝, rpm安裝, yum安裝

1、除了vim, 還有哪些常用的牛逼的編輯器, 並能夠橫向對比編輯器之間的區別和優缺點 vim是從vi發展出來的一個文字編輯器。程式碼補完、編譯錯誤跳轉等方便程式設計的功能特別豐富,在程式設計師中被廣泛使用。 sed是一種流編輯器,它一次處理一行內容。處理時,把

QT中PRO檔案寫法的詳細介紹有用重要!

在QT中,有一個工具qmake可以生成一個makefile檔案,它是由.pro檔案生成而來的,.pro檔案的寫法如下: 1. 註釋 從“#”開始,到這一行結束。 2.模板變數告訴qmake為這個應用程式生成哪種makefile。下面是可供使用的選擇: TEMPLATE = app

辦公室常用的英語接待口語進外企後會有用

詢問訪客身份:    May I have your name, please? 請問您貴姓?What company are you from?您是哪個公司的? Could you tell me what company you are representing? 能告訴我您代表什麼公司嗎?如果碰到了老朋

Qt可用的gdb編譯以及交叉編譯gdbserver以及配置QtCreator遠端除錯

專案中用了ARM的板,希望配置gdbserver進行遠端除錯,結果卻遇到了很多問題。先把坑說了:1)要支援遠端除錯,arm板需要支援ssh2)要gdb能在Qt上用,必須在configure gdb的時候使用--with-python選項啟用python支援3)需要安裝pyth

linux grep,最有用的搜尋命令中文版

1.作用 Linux系統中grep命令是一種強大的文字搜尋工具,它能使用正則表示式搜尋文字,並把匹 配的行打印出來。grep全稱是Global Regular Expression Print,表示全域性正則表示式版本,它的使用許可權是所有使用者。 2.格式 grep [options] 3.主要引數 [o

Pycharm下執行除錯Python專案時除錯既需要給除錯的程式傳入命令列引數又需要程式在設定的斷點處停下里檢視變數時的解決方法

  今天在除錯了一個複雜的Python專案,其中這個專案的除錯需要事先從命令列讀取引數,並且在除錯期間需要再事先設定的斷點處停下來。檢查相關的變數。   問題是,在Pycharm的Terminal 輸入檔名+引數後,程式就處於執行狀態,除非程式出錯,否則程式會一

提高軟體測試能力的20個方法真的有用~~

1. 想客戶之所想,思客戶之所思 在測試的過程中時刻想著使用者。培養自己對使用者需求的共鳴。和使用者溝通並且觀察他們怎們樣使用你的軟體。多從使用者的角度去考慮問題,從小白的角度去使用,用專家的態度去更改。 2. 多讀Bug 如果你和一個團隊的軟體測試工程師一起工作,那麼請閱

gdb的gui除錯視窗與gdb命令列的切換

有錯的地方,或者不同意見的,煩請留言,或者發郵箱。 郵箱地址:[email protected] ————————————————————————————————— 當我們使用gdb的gui視窗是發現,上下鍵(up&&down鍵)只能移動程式碼,不能移動下面的命

setlocale(LC_ALL, ""); 取值為空字串" "(注意不是NULL)則locale與本地環境所使用的編碼方式相同(在本地化時應該有用);

在C執行庫提供的多位元組字元-寬字元轉換函式:mbstowcs()/wcstombs()中,需要用到全域性變數locale( locale encoding ),以指定多位元組字元的編碼型別 1. 功能: 用來定義全域性變數:locale(locale encoding) 標頭檔案: setlocal

一步一步學除錯——gdb命令小結

之前想驗證一些關於堆疊的問題,但是沒什麼好方法,printf實在侷限,流於表面,只間表象(值、範圍、規律)不見真身(地址、暫存器、過程),所以想到了gdb——一個強大的除錯工具,還能看彙編程式碼,現在先把這兩天學的常用的命令做一個小結,以後有用到的可能再來更新一下: 括號

11 個少人知道但有用的 Linux 命令

Linux命令列吸引了大多數Linux愛好者。一個正常的Linux使用者一般掌握大約50-60個命令來處理每日的任務。Linux命令和它們的轉換對於Linux使用者、Shell指令碼程式設計師和管理員來說是最有價值的寶藏。有些Linux命令很少人知道,但不管你是新手還是高階使用者,它們都非常方便有用。