GNU Debugger

GNU Debugger (GDB) is a debugging software mainly used to debug C/C++ programs. It can be installed using:

$ sudo apt-get install gdb

To use it with GCC/G++ executables (clang and others too), or at least to ease your work, remember to add -g/-ggdb flag during compilation.

To load a program within GDB, use:

$ gdb a.out                  # ./a.out
$ gdb -q a.out               # quiet mode
$ gdb --args a.out arg1 arg2 # ./a.out arg1 arg2

Common Usage πŸ“š

You'll place a breakpoint in the code. When one is reached, the code will stop, allowing you to inspect variables...

(gdb) break line_number
(gdb) b line_number
(gdb) break file.c:line_number      
(gdb) b *address
(gdb) delete breakpoint 1

To display the code for line numbers:

(gdb) list         # or l | list the next 10 lines
(gdb) l start,end  # code lines from "start" to "end"

To run the program until the next breakpoint:

(gdb) run      # or r
(gdb) run args # ./a.out args

A few commands you might use once the execution was halted:

(gdb) continue  # c | resume the execution
(gdb) step      # s | execute the current line
(gdb) next      # n | execute the next line

To print the value of a variable or an expression:

(gdb) print ...
(gdb) p ...
(gdb) p[s]@n ...  # print n entries of an array

To examine the memory:

(gdb) x/s 0xXXX   # show a strings

To print the stack trace:

(gdb) backtrace   # or bt

To quit:

(gdb) quit        # or q

Additional Notes

GDB PEDA Assistance

attacking_common_applications

You can use peda (5.7k ⭐) to debug Linux binaries. It's a Python script over GDB that make it easier to use GDB.

$ git clone https://github.com/longld/peda.git ~/peda
$ echo "source ~/peda/peda.py" >> ~/.gdbinit
$ gdb ./some_program
(gdb) do_as_usual

GDB GEF Assistance

Refer to GEF (6.3k ⭐).

Additional Commands

Query the value of a register.

(gdb) info registers eip
(gdb) info frame
(gdb) info proc all

Disassembly

stack_based_buffer_overflows_linux_x86 attacking_common_applications

You can disassemble the code using:

(gdb) set disassembly-flavor att   # Linux team, default
(gdb) set disassembly-flavor intel # Windows team
(gdb) disassemble main
(gdb) disas main

The format is something like:

  • Memory address
  • Address jump (e.g., +x since the previous address)
  • Assembler instruction
  • Operands (e.g., registers and suffixes)

For a permanent change ✨:

$ echo "set disassembly-flavor intel" >> ~/.gdbinit

πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

  • watch
  • x