run <args>run a program with argumentsstart <args>run a program with arguments and stop at main()file <executable>读入一个可执行文件
info source查看当前活跃的source file, 直接指定行号时影响的文件i[nfo] b[reakpoints]查看所有断点i[nfo] display查看所有display点
b <function>b <line_number>b <file_name>:<line_number>b <file_name>:<function>b +offset / -offset当前栈帧中正在执行的源代码前后设置断点b *address在虚拟内存地址处设置断点d <breakpoint_num>delete breakpoint, the number is showed byinfo b, 不提供number的话则删除所有的断点enable <breakpoint_num>disable <breakpoint_num>disable breakpointsdisable all breakpoints
利用x86架构的debug registers, 从而可以让程序全速执行; 否则每执行一条指令时都需要检查表达式的值, 效率极低
watch <expression>当表达式的值发生变化时, 停止执行watch -l/-location <expression>当表达式的值对应的内存地址处的值发生变化时, 停止执行watch <expression> thread 3watch on specific threadwatch foo if foo > 10conditional watch
int a = 1;
int b = 2;
int c = 1;
int *p = &a;
// watch *p
p = &c; // not break
p = &b; // break
// watch -l p
p = &c; // break
p = &b; // breakrwatch <expression>当表达式的值被读取时, 停止执行rwatch -l/-location <expression>当表达式的值对应的内存地址处的值被读取时, 停止执行
nextc/cpp程序中的下一行(step over)nexti汇编中的下一条指令stepstep intostepistep into function call at assembly levelfinishexit current function and return to the caller functionuntil [location]Execute until past the current line or past alocation
disass[emble]反汇编set disassembly-flavor intel使用Intel语法(默认是AT&T语法)
p <var>print variable only once, which has the form$num = valuethisnumcan be further referenced as value historydisplay <var>print the value of a variable at every stepundisplay <display_num>the number is shown byinfo displayprintf "<format>", <var>用C printf函数的格式显示变量的值(only once)x/<fmt> <address>examine memory at addressinfo regshow values of registersinfo variablesshow addresses and symbol names for all global and static variablesinfo localsshow names and values of all local variables of current stack frameinfo argsshow names and values of all arguments of current stack frame (function arguments)info symbol <address>describe what symbol is at location address, only for global or static symbolsp &<symbol_name>print the address of the symbol$nhistory value of number n$lastest value$$[n]n value before lastest valueshow valuesprint last ten values in value historyshow values nprint ten values centered at history item number nshow values +print ten values just after the values last printed
print x=4set x to 4 and print the resultset x=4only set x to 4 and do not change the value historyset variable x=4set has many subcommannd, preferset variableto avoid conflictsset {int}0x83040 = 4store values into arbitrary memory location
backtracedisplay the call stack of current function, current function is at topffast show where I amf[rame] [level] <frame_num>select stack frame with level n, frame 0 is the innermost (currently executing) framef address <stack_address>select stack frame with stack address- check the address using
info frame
- check the address using
f function <function_name>select the stack frame for function function-name- If there are multiple stack frames for function function-name then the inner most stack frame is selected.
f view <stack_address> [pc_addr]view a frame that is not part of GDB's backtrace giving a optional program counter address- This is useful mainly if the chaining of stack frames is damaged by a bug, making it impossible for GDB to assign stack numbers
up [num]move num frame up the stack toward outermost frame (if num is positive)down [num]num defaults to 1sel[ect] framesame as frame without print information
info proccheck the process id (PID) of debugged executableinfo proc mappingscheck virtual memory layoutcat /proc/<PID>/mapscheck virtual memory layout of the given processmaintenance info sectionscan examine elf file sections information and their corresponding loading addressinfo proc cwd
info sharedlibrarylist currently loaded shared librariesinfo functionslist all known function symbolsadd-symbol-file <elf_file>load extra symbols from the given file
gdb -p <PID> <program>
In recent Linux kernel, if you try to attach debugger to a running process, even if by the same user, gdb will politely refuse with error message:
ptrace: Operation not permitted.
The reason is a newly enabled security feature YAMA to specifically restrict inspecting memory of other programs.
- To enable once, as root
echo 0 > /proc/sys/kernel/yama/ptrace_scope - To enable permanently,
echo kernel.yama.ptrace_scope = 0 > /etc/sysctl.d/10-ptrace.conf
shell <command>to run shell commandpython <command>to run python command
- gdb will capture the debugged program's signals and decide want to do
info signalscheck the gdb handlers for different signalshandle <signals_num> [no]stop [no]print [no]passchange the signal handler behaviorsSIGINT & SIGTRAPare special, which are used for stop and breakpoint, and will not be passed into the debugged program- gdb can add a trap-related instruction to set breakpoints
info threadsthread apply <thread_num> <command>thread apply all <command>
recordbegin the recording of following instructionsset exec direction reverse/forwardmakenextintoreverse-nextshow/set record insn-number-maxcontrols the limit (default 200000) for how many instructions gdb will storeshow/set record stop-at-limit <on/off>linear-mode / circular-mode when the buffer is fullinfo record insn-numbershow how many instructions are currently saved
- GDB provides a way to build an index, which speeds up startup. A convenient program called
gdb-add-indexcan be used to add the index to a symbol file. - To create an index file, use the
save gdb-indexcommand - Once you have created and index file, we can merge it into the symbol file using
objcopyobjcopy --add-section .gdb_index=symfile.gdb-index --set-section-flags .gdb_index=readonly symfile symfile
- It's possible for GDB to automatically save a copy of index in cache on disk by
set index-cache enabled on