The following is a brief introduction of GDB commands that you will likely make use of in this course. If you think of any others worth including here, please let us know on Piazza!
The commands within this document are by no means comprehensive—GDB has many other features not shown here. If you'd like to learn more about GDB's capabilities, we encourage you to review its manual (man gdb) or consult one of the many other GDB cheat sheets on the web.
Commands are listed in the form ❬c❭ommand. Bracketed letter(s) represent the abbreviated version of the command (often one or two letters). For example, ❬q❭uit means q is the abbreviation of quit.
Starting a GDB session:
$ gdb --args /path/to/program arg1 arg2 arg3 ...
$ gdb --args program $(python3 script.py)
► run program in current directory using output of script.py as an arg
❬r❭un: run or rerun the program to be debugged:
(gdb) run
❬k❭ill: kill the currently-running program:
(gdb) kill
❬q❭uit: quit the active GDB session:
(gdb) quit
❬b❭reak: set a breakpoint:
breakpoins are preserved when rerunning within the current gdb environment
(gdb) break *main # A function's entry point. Breakpoint 1 at 0x804a1db: file src.c, line 6. (gdb) break *main+22 # An offset from a function entry. Breakpoint 2 at 0x804a1f1: file src.c, line 10. (gdb) break src.c:12 # A line number in a source file. Breakpoint 3 at 0x804a1fa: file src.c, line 12. (gdb) break *0x0804a213 # An instruction address. Breakpoint 4 at 0x804a213: file src.c, line 14.
❬d❭elete: delete breakpoints:
(gdb) delete 1 # Delete breakpoint #1. (gdb) delete # Delete all breakpoints.
❬s❭tep: step through one source instruction (will step into callees):
(gdb) step
❬s❭tep❬i❭: step through one assembly instruction (will step into callees):
(gdb) stepi
❬n❭ext: step through one source instruction (will not step into callees):
(gdb) next
❬n❭ext❬i❭: step through one assembly instruction (will not step into callees):
(gdb) nexti
❬c❭ontinue: continue execution, stopping at next breakpoint:
(gdb) continue
disas: disassemble a function into its assembly representation:
(gdb) disas main Dump of assembler code for function main: 0x08049d55 <+0>: endbr32 0x08049d59 <+4>: lea 0x4(%esp),%ecx 0x08049d5d <+8>: and $0xfffffff0,%esp 0x08049d60 <+11>: pushl -0x4(%ecx) 0x08049d63 <+14>: push %ebp 0x08049d64 <+15>: mov %esp,%ebp 0x08049d66 <+17>: push %edi 0x08049d67 <+18>: push %esi 0x08049d68 <+19>: push %ebx 0x08049d69 <+20>: push %ecx ...
❬b❭ack❬t❭race: prints current stack trace containing each function and its arguments:
(gdb) backtrace #0 fibonacci (n=1) at main.c:45 #1 fibonacci (n=2) at main.c:45 #3 main (argc=2, argv=0xbffff6e4) at main.c:34
❬p❭rint: print current content of variable/memory/register:
(gdb) p *(char *)($esp + $eax + my_ptr_array[13]) 'e'
❬p❭rint/❬x❭: print current content of variable/memory/register as hex:
(gdb) print/x my_var # Print content of variable `my_var`. $1 = 0x1b (gdb) print/x $esp # Print content of register `$esp`. $6 = 0xfff6d958
find: search a memory region for specific contents:
(gdb) find 0xfff6d000,0xffffe000,"AAAA" # Search for "AAAA" between 0xfff6d000—0xffffe000. 0xfff6d8cc # String "AAAA" appears here! 0xfffed930 # String "AAAA" also appears here!
❬x❭/(number)(format)(unit): examine the in-memory data currently at an address:
(gdb) x/6xw 0xfff6d958 # Examine 6 he❬x❭ ❬w❭ords starting at 0xfff6d958. 0xfff6d958: 0xffffd0d8 0x0804a1a0 0x00000001 0xfffed950 0xfff6d968: 0xfffed910 0x00000000 (gdb) x/-6xw 0xfff6d958 # Examine 6 hex words backwards from 0xfff6d958. 0xfff6d940: 0x00000000 0x00000000 0x00000000 0x00000000 0xfff6d950: 0x00000000 0x00000000 (gdb) x/8x $sp # Examine 8 hex words on the current stack from top of the stack down 0xfff6bd2c: 0x00000000 0x00000000 0x00000000 0x00000000 0xfff6bd3c: 0x00000000 0x00000000 0x00000000 0x00000000
info proc map: list process memory regions:
(gdb) info proc map Start Addr End Addr Size Offset objfile 0x8048000 0x8049000 0x1000 0x0 target2 0x8049000 0x80b8000 0x6f000 0x1000 target2 0x80b8000 0x80e8000 0x30000 0x70000 target2 0x80e8000 0x80ea000 0x2000 0x9f000 target2 0x80ea000 0x80ec000 0x2000 0xa1000 target2 0x80ec000 0x810e000 0x22000 0x0 [heap] 0xf7ff8000 0xf7ffc000 0x4000 0x0 [vvar] 0xf7ffc000 0xf7ffe000 0x2000 0x0 [vdso] 0xfff6d000 0xffffe000 0x91000 0x0 [stack]
info ❬b❭reak: list active breakpoints:
(gdb) info break Num Type Disp Enb Address What 1 breakpoint keep y 0x0804a1db in main at src.c:6 2 breakpoint keep y 0x0804a1f1 in main at src.c:10 3 breakpoint keep y 0x0804a1fa in main at src.c:12 4 breakpoint keep y 0x0804a213 in main at src.c:14
info args: print arguments to the current stack frame's function:
(gdb) info args argc = 1 argv = 0xfffed950
info locals: print variables of the current stack frame's function:
(gdb) info locals var1 = "foo" var2 = 1234
info ❬r❭eg: print the current contents of all registers:
(gdb) info reg eax 0xfff6e90c -595700 ecx 0xfff6e910 -595696 edx 0xfa0 4000 ebx 0x80ea000 135176192 esp 0xfff6d958 0xfff6d958 ebp 0xfff6d958 0xfff6d958 esi 0xffffd0f0 -12048 edi 0x10 16 eip 0x804a1e2 0x804a1e2 <main+7> eflags 0x296 [ PF AF SF IF ] cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x63 99
info function (regex): prints the functions matching the regex with their associated addresses:
(gdb) info function exit All functions matching regular expression "exit": Non-debugging symbols: 0x08050810 __run_exit_handlers 0x08050b00 exit 0x08050b30 __new_exitfn 0x08050c30 __internal_atexit 0x08050d60 __cxa_atexit 0x08079a4a _exit 0x080ac410 _dl_call_pltexit