blob: 7a43ca140a357681019e7e0bf4fe030873cc85ef (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
# gdb(1)
# CLI
```markdown
gdb [opts] [prg [-c coredump | -p pid]]
gdb [opts] --args prg <prg-args>
opts:
-p <pid> attach to pid
-c <coredump> use <coredump>
-x <file> execute script <file> before prompt
-ex <cmd> execute command <cmd> before prompt
--tty <tty> set I/O tty for debugee
```
# Interactive usage
```markdown
tty <tty>
Set <tty> as tty for debugee.
Make sure nobody reads from target tty, easiest is to spawn a shell
and run following in target tty:
> while true; do sleep 1024; done
set follow-fork-mode <child | parent>
Specify which process to follow when debuggee makes a fork(2)
syscall.
sharedlibrary [<regex>]
Load symbols of shared libs loaded by debugee. Optionally use <regex>
to filter libs for symbol loading.
break [-qualified] <sym> thread <tnum>
Set a breakpoint only for a specific thread.
-qualified: Tred <sym> as fully qualified symbol (quiet handy to set
breakpoints on C symbols in C++ contexts)
rbreak <regex>
Set breakpoints matching <regex>, where matching internally is done
on: .*<regex>.*
command [<bp_list>]
Define commands to run after breakpoint hit. If <bp_list> is not
specified attach command to last created breakpoint. Command block
terminated with 'end' token.
<bp_list>: Space separates list, eg 'command 2 5-8' to run command
for breakpoints: 2,5,6,7,8.
info functions [<regex>]
List functions matching <regex>. List all functions if no <regex>
provided.
info variables [<regex>]
List variables matching <regex>. List all variables if no <regex>
provided.
info handle [<signal>]
Print how to handle <signal>. If no <signal> specified print for all
signals.
handle <signal> <action>
Configure how gdb handles <signal> sent to debugee.
<action>:
stop/nostop Catch signal in gdb and break.
print/noprint Print message when gdb catches signal.
pass/nopass Pass signal down to debugee.
catch signal <signal>
Create a catchpoint for <signal>.
```
# User commands (macros)
Gdb allows to create & document user commands as follows:
```markdown
define <cmd>
# cmds
end
document <cmd>
# docu
end
```
To get all user commands or documentations one can use:
```markdown
help user-defined
help <cmd>
```
# Hooks
Gdb allows to create two types of command `hooks`
- `hook-` will be run before `<cmd>`
- `hookpost-` will be run after `<cmd>`
```markdown
define hook-<cmd>
# cmds
end
define hookpost-<cmd>
# cmds
end
```
# Examples
## Catch SIGSEGV and execute commands
This creates a `catchpoint` for the `SIGSEGV` signal and attached the `command`
to it.
```markdown
catch signal SIGSEGV
command
bt
c
end
```
## Run `backtrace` on thread 1 (batch mode)
```markdown
gdb --batch -ex 'thread 1' -ex 'bt' -p <pid>
```
## Script gdb for automating debugging sessions
To script gdb add commands into a file and pass it to gdb via `-x`.
For example create `run.gdb`:
```markdown
set pagination off
break mmap
command
info reg rdi rsi rdx
bt
c
end
#initial drop
c
```
This script can be used as:
```markdown
gdb --batch -x ./run.gdb -p <pid>
```
# Know Bugs
## Workaround `command + finish` bug
When using `finish` inside a `command` block, commands after `finish` are not
executed. To workaround that bug one can create a wrapper function which calls
`finish`.
```markdown
define handler
bt
finish
info reg rax
end
command
handler
end
```
|
