1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
|
title:Notes on videos
keywords:math,statistics
# GDB helper functions
```text
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ GDB helper functions +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ INDEX +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1. Intro
2. Source
3. First run
4. Breakpoints
5. Registers
6. Helper commands
7. ToDo
8. Links
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1.Intro +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
GDB is GNU debugger. It comes as standard tool in gcc toolchain and all distros
have it as package. It work on all arch'es that gcc supports and it also can be
used as remote debugger. To debug it uses Linux kernel debugging functionality
of ptrace. For first moment its quite confusing tool too many command to type
and it doesn't have GUI or TUI.
What here will be added is command to show XMM registers, general purpose
registers and eflags with one command. This command make gdb more fun tool
to use.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2.Source +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
You can find GDB source here http://ftp.gnu.org/gnu/gdb/
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 3.First run +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
For first run we have example of program that just prints some string and
that's all. If you just run program with debugger and you haven't given commands
to debugger it will run program as expected if everything is OK with program.
SOURCE: main1.c
#include
{
printf("Works fine\n");
}
Firs run is
gdb ./main1
then in gdb command line type
(gdb) run
And it will show
Starting program: main1
Works fine
[Inferior 1 (process XXX) exit normally]
String "Works fine" comes from printf's. And as everything was alright with
program its terminated "normally". Lets start to go deeper in debugging things.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 4.Breakpoints +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Now lets use break points first breakpoint when to see whats happens in
program is set at main/_start function of C program as its start point
of program. If program is written in assembler then there could be no
main function like in C but still there entry point to program. And
possible why how to get address of entry point(main/_start) to program is
with readelf utility
>readelf -h ./main1 | grep Entry
Entry point address: 0x400410
Setting breakpoint to main function first way is just
>gdb ./main1
(gdb)break main
Breakpoint 1 at 0x40050a
(gdb)run
Start program: ./main1
Breakpoint 1, 0x040050a in main()
Now we called C main function and stopped at needed location.
Entry point is different in C it could be settuped directly with address or
(gdb) break _start
breakpoint on address
(gdb) break *0x400410
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 5.Registers +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Moment when you need debugger is when something "broken" here is example
situation of broken code.
SOURCE: main2.c
int main()
{
int i;
i = i/0;
}
Run until it break and see what happened
gdb ./main2
(gdb) run
Program received signal SIGFPE
(gdb) display/i $pc
=> 0x4004c3 : idiv %ecx
when number is divided on zero CPU usually generates exception and stops
program showing that something bad is happened.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 6.Helper commands +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
To improve your experience there could be written macroses that can improve
your experience with gdb. There is example of gdb macroses that could be useful
and if you want to use them you can put gdbalias file at same directory as
debugged file and load from gdb with
(gdb)source gdbalias
shr32 - show 32 bit general purpose registers
shr32a - show 32 bit registers with 16, 8 bit registers and system registers
shr64 - show 64 bit general purpose registers
shr64a - show 64 bit registers and 32/16/8 bit equivalents
shsse_float - show xmm registers and its 4 32 bit float values
shsse_double - show xmm registers and its 2 64 bit double values
shsse_i8 - show xmm registers and its 16 8 bit integer values
shsse_i16 - show xmm registers and its 8 16 bit integer values
shsse_i32 - show xmm registers and its 4 32 bit integer values
shsse_i64 - show xmm registers and its 2 64 bit integer values
s - one step in debugger
flags - show eflags
showrchanges - on every step show changes from previous step
sc - one step and show changed registers
All register could be printed with gdb command
printf
registers name that are used is $rax, $eax, $ax, $ah, $al and all others
shsee commands are showing xmm0 registers and what is inside depends
on you interpretation that why there is 8 registers
$xmm0,$xmm1,$xmm2,$xmm3,$xmm4,$xmm5,$xmm6,$xmm7
and values depended on interpretation can be accessed as
X - register index, Y - array index
$xmmX.v4_float[0]
$xmmX.v2_double[0]
$xmmX.v16_int8[0]
$xmmX.v8_int16[0]
$xmmX.v4_int32[0]
$xmmX.v2_int64[0]h
Changes on each step are made just by saving registers:
set $oldrax = $rax
and when changes happens if/else:
if ($rax != $oldrax)
printf "RAX:0x016lX ", $rax
end
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 7.ToDo +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Add more descriptions and more basic topics how to use gdb
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 8.Links +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[1] http://ftp.gnu.org/gnu/gdb/
[2] https://en.wikipedia.org/wiki/GNU_Debugger
[3] https://github.com/gdbinit/Gdbinit/blob/master/gdbinit
[4] https://sourceware.org/gdb/onlinedocs/gdb/Define.html
[5] https://github.com/FreeArtMan/gdbalias
[6] http://www.delorie.com/gnu/docs/gdb/gdb_28.html
[7] http://www.delorie.com/gnu/docs/gdb/gdb_29.html
```
## Downloads
http://archive.main.lv/files/writeup/gdb_helper_functions/gdbalias
|
