blob: c11a85da719616a34becde2d55629d16e919dc3a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
# gdb(1)
# CLI
```markdown
gdb [opts] [prg [-c coredump | -p pid]]
gdb [opts] --args prg <prg-args>
opts:
-p <pid> attach to pid
-c <coredump> use <coredump>
-x <file> execute script <file> before prompt
-ex <cmd> execute command <cmd> before prompt
--tty <tty> set I/O tty for debugee
```
# Interactive usage
```markdown
tty <tty>
Set <tty> as tty for debugee.
Make sure nobody reads from target tty, easiest is to spawn a shell
and run following in target tty:
> while true; do sleep 1024; done
set follow-fork-mode <child | parent>
Specify which process to follow when debuggee makes a fork(2)
syscall.
sharedlibrary [<regex>]
Load symbols of shared libs loaded by debugee. Optionally use <regex>
to filter libs for symbol loading.
break [-qualified] <sym> thread <tnum>
Set a breakpoint only for a specific thread.
-qualified: Tred <sym> as fully qualified symbol (quiet handy to set
breakpoints on C symbols in C++ contexts)
rbreak <regex>
Set breakpoints matching <regex>, where matching internally is done
on: .*<regex>.*
command [<bp_list>]
Define commands to run after breakpoint hit. If <bp_list> is not
specified attach command to last created breakpoint. Command block
terminated with 'end' token.
<bp_list>: Space separates list, eg 'command 2 5-8' to run command
for breakpoints: 2,5,6,7,8.
info functions [<regex>]
List functions matching <regex>. List all functions if no <regex>
provided.
info variables [<regex>]
List variables matching <regex>. List all variables if no <regex>
provided.
info handle [<signal>]
Print how to handle <signal>. If no <signal> specified print for all
signals.
handle <signal> <action>
Configure how gdb handles <signal> sent to debugee.
<action>:
stop/nostop Catch signal in gdb and break.
print/noprint Print message when gdb catches signal.
pass/nopass Pass signal down to debugee.
catch signal <signal>
Create a catchpoint for <signal>.
```
# User commands (macros)
```markdown
define <cmd>
# cmds
end
document <cmd>
# docu
end
help user-defined List user defined commands.
help <cmd> List documentation for command <cmd>.
```
# Hooks
Gdb allows to create two types of command `hooks` which will be either executed
before or after a certain command.
```markdown
define hook-<cmd> Run commands defined in hook before
# cmds executing <cmd>.
end
define hookpost-<cmd> Run commands defined in hookpost after
# cmds executing <cmd>.
end
```
# Flows
## Catch SIGSEGV and execute commands on occurrence
```markdown
catch signal SIGSEGV
command
bt
c
end
```
## Run `backtrace` on thread 1 (batch mode)
```markdown
gdb --batch -ex 'thread 1' -ex 'bt' -p <pid>
```
## Script gdb for automating debugging sessions
```markdown
# run.gdb
set pagination off
break mmap
command
info reg rdi rsi rdx
bt
c
end
#initial drop
c
```
This script can be used as:
```markdown
gdb -p <pid> -x ./run.gdb --batch &> run.log
```
## Workaround `command + finish` bug
When using `finish` action inside a `command` block, actions after `finish` are
not executed anymore. To workaround that bug one can create a wrapper function
which calls `finish`.
```markdown
define handler
bt
finish
info reg rax
end
command
handler
end
```
|
