Intro to GDB debugger By Hugues Leger legerhsmail
Intro to GDB debugger By Hugues Leger / legerhs@mail. uc. edu 9/9/2021 1
Intro to GDB debugger Agenda • • 9/9/2021 Start the debugger Set the Intel disassembly format List debugged source code Dump disassembly code Set a break point Run program (Step by Step) Read registers info / statuses (EIP/EBP/ESP …) Examine memory addresses 2
Intro to GDB debugger - Compile the program $ gcc –g simpleprog. c (-g flag is used to include extra debugging information, which gives GDB access to the source code. - Start the debugger (in quiet mode) gdb –q. /a. out (gdb) - Set disassembly syntax to intel (gdb) set dis intel Note: Configure this setting to run every time GDB starts up, put the command in the file. gdbinit in your home directory $ echo “set dis intel” > ~/. gdbinit - List the source code (gdb) list 9/9/2021 3
Intro to GDB debugger - Dump the disassembly of the main() function (gdb) disassemble main - Set break point at the start of the main() function (gdb) break main - Run the program (gdb) run (Program hits break point and pauses before executing any instructions. - Display all the registers and their statuses (gdb) info registers - Display / check the value of the EIP (Instruction Pointer) (gdb) info register eip (the memory address eip points to) NOTE: eip skips the function prolog 9/9/2021 4
Intro to GDB debugger - Memory can be examined using the command x, which is short for examine. - Expects 2 arguments: The memory location to examine and how to display that memory The display format uses a single letter (x) optionally preceded by a count of items to examine. Some common format letters are as follows: 9/9/2021 o Display in octal x Display in hexadecimal u Display in unsigned, standard base-10 decimal t Display in binary 5
Intro to GDB debugger - Memory can be examined using the command x, which is short for examine. - Examine the content of eip (the value eip contains at that moment) (gdb) x/x $eip - Display the assembly instruction pointed by eip (gdb) x/i $eip - What address does the ebp register currently content? (gdb) i r ebp (gdp) print $ebp - 4 - What is the contain of [ebp – 4] before the instruction is executed? (gdb) x/4 xb $ebp - 4 - Contains random garbage 9/9/2021 6
![Intro to GDB debugger - What is the contain of [ebp – 4] before](http://slidetodoc.com/presentation_image_h2/998a1a52004ffa2e0675d4c3f3dbaeb1/image-7.jpg "Intro to GDB debugger - What is the contain of [ebp – 4] before")
Intro to GDB debugger - What is the contain of [ebp – 4] before the instruction is executed? (gdb) x/4 xb $1 - Execute current instruction using the command nexti (gdb) netxi - Now examine the content of ebp - 4 (gdb) x/4 xb $1 - What does eip point to now? (gdb) i r eip - What assembly instruction is that? (gdb) x/i $eip 9/9/2021 7
Intro to GDB debugger - Display the 10 next instructions (gdb) x/10 i $eip - Run current instruction (gdb) nexti - Check content of eip (gdb) i r eip - Display the assembly instruction (gdp) x/i $eip - Display next 2 instructions (gdb) x/2 i $eip mov DWORD PTR [esp], 0 x 8048484 call 0 x 80482 a 0 <printf@plt> 9/9/2021 8
![Intro to GDB debugger mov DWORD PTR [esp], 0 x 8048484 (write address 0](http://slidetodoc.com/presentation_image_h2/998a1a52004ffa2e0675d4c3f3dbaeb1/image-9.jpg "Intro to GDB debugger mov DWORD PTR [esp], 0 x 8048484 (write address 0")
Intro to GDB debugger mov DWORD PTR [esp], 0 x 8048484 (write address 0 x 8048484 into memory address pointed by esp. - What does esp currently point to? (gdb) i r esp (gdb) x/1 xw $esp - After the instruction esp will point to 0 x 8048484 (gdb) nexti (gdb) x/1 xw $esp - What is so especial about memory address 0 x 8048484? (gdb) x/6 xb 0 x 8048484 (Hello, <space>) (gdb) x/s 0 x 8048484 9/9/2021 9
- Slides: 9
