gdb

1. can give some tips:
2. launch gdb with app:
3. gdb ./app
4. launch gdb with app and args
5. gdb --args ./app first_arg second_arg etc
6. attach to running app
7. gdb ./app 123
8. where 123 is PID. probably will require to run from superuser like root. sudo gdb ./app 123
9.  
10. break *0x123 -- breakpoint on address 0x123
11.  
12. stepi -- step into opcode
13. nexti -- step over opcode
14. c -- continue until breakpoint
15.  
16. if you send empty line by hitting enter, it will repeat last command, so very useful:
17. nexti
18. <enter>
19. <enter>
20. <enter>
21.  
22. p -- to write var
23. for example
24. p $eax -- output what value eax has
25. /x option -- output in hex
26. p /x $eax -- output eax in hex
27.  
28. display args of func which has __cdecl call convention:
29. break on its start (first opcode)
30. then, for 32 bit system:
31. p *(void**)($esp) -- return address
32. p *(void**)($esp + 4) -- first arg
33. p *(void**)($esp + 4 + 4) -- second arg
34. p *(void**)($esp + 4 + 4 + 4) -- third arg
35. and so on
36.  
37. for example, we want to know args to fopen:
38. p *(char**)($esp + 4)
39. p *(char**)($esp + 8)
40. -- will print "file_path" and "rb" for example.
41.  
42. also
43. bt
44. -- shows backtrace (call stack)
45.  
46. next, sometimes you want to always see disassembly, use
47. layout asm
48. -- will show disassembly always
49. but it has downsides. up and down keys scroll disassembly, doesn't look commands in history. similarly left-right doesn't move carret, but scroll disassembly.
50. to exit this view use CTRL+X and then A.
51.  
52. similarly there is
53. layout src
54. -- will always display source
55. it's useful when you debug open-source app / library, or at least when your app interact with library which has open sources.
56.  
57. in layout src often useful
58. next -- step over single operation of src
59. step -- step into single operation of src
60. [
61. 18:41
62. ]
63. r57shell
64. :
65. sometimes you want to see $eax in hex ALWAYS, after each issued gdb command.
66. it's done like this:
67. display $eax
68. if you want to see it always in hex
69. display /x $eax
70. and, if you want to see all files opened by fopen, use:
71. break fopen
72. display *(char**)($esp + 4)
73.  
74. next, if you want to setup breakpoint on write on address, use:
75. watch *0x123
76. -- here 0x123 is address where to setup breakpoint
77.  
78. you may disable breakpoint / watchpoint by:
79. disable 5
80. -- here 5 is index of breakpoint / watchpoint
81.  
82. i b
83. -- will display current breakpoints.
84.  
85. you may make conditions on breakpoints.
86. condition 5 ($eax > 10)
87. will set condition on breakpoint index 5 to break only if $eax > 10
88.  
89. you may tell gdb execute command instead of break on breakpoint.
90.  
91. you may override register / data using:
92. set $eax = 10
93. -- will set $eax to 10
94. similarly
95. set *(int*)(0x123) = 123
96. will set int on address 0x123 to 123.
97.  
98. you can call functions.
99. for example
100. call glGetError()
101. to find out why opengl failed something, but developers didnt check error code, so you may retrieve it without patching!!!!
102. you can use it as an interactive C
103. but I don't know how to use it when you need to pass pointer where result will be stored. perhaps you may call malloc first. didn't check.
104.  
105. and, in the end:
106. when app is running under GDB you can hit CTRL+C in console and you'll be able to issue commands in gdb.
107. and when you want to restart gdb from the start without loosing of all breakpoints / display etc, just use run command.