A useful GDB initilization script .gdbinit (a local copy here) Detailed explanation here
add_com add_com_alias add_info add_info_aliaswhere add_info add a hook to the implementation of commands beginning with info.
For example, info functions command is added in function _initialize_symtab gdb/symtab.c as
add_info ("functions", functions_info,
_("All function names, or those matching REGEXP."));
so the actual implementation is functions_info
| gdb program | ||
| gdb program -c core | Debug a program with core file | |
| gdb -p pid | Debug a running process whose ID is pid | |
| gdb --args program arg1 arg2 | Debug program and pass arg1 arg2 to program |
| r > outputfile | Run the debuggee and redirect all console output to outputfile |
| start | Run the debuggee and stop at main |
| kill | Kill the debuggee. Use "r" again to restart the debuggee. |
| set args arg1 arg2 | Set the command-line arguments arg1 arg2 for debuggee |
| show args | |
| set env varname=value | Set the environment varname=value for debuggee |
| unset env varname | Remove the environment variable varname |
| set exec-wrapper env 'LD_PRELOAD=libfoo.so' | Run the debuggee with wrapper program env and use 'LD_PRELOAD=libfoo.so' as env's command-line argument |
| show env | |
| attach pid | Attach to the running process pid |
| info threads | List threads |
| thread threadID | Switch to thread threadID |
| set non-stop on | When one thread stops, GDB will not stop other threads. |
| set scheduler-locking on | Only the current thread may run when the debuggee is resumed. |
| set scheduler-locking step | In the single-step mode, only the current thread may run. |
| info inferiors | List processes |
| shell command string | Invoke a standard shell to execute command string |
One should set the environmental variable LD_BIND_NOW to 1 if one wants to set a break point in a function in a dynamic link library.
| set breakpoint pending on | When setting a break point on a not-yet-loaded dynamic library, this will automatically create a pending break point WITHOUT asking. |
| b function | Set a break point at first line of function |
| tbreak function | Set one-time break point at first line of function |
| b num | Set a break point at line number num |
| b *0x12345 | Set a break point at address 0x12345 |
| b *function | Set a break point at actual starting address of function |
| b *0x12345 if foo==5 | Stop at address 0x12345 if foo==5
See here for more details on conditional break points. |
| watch foo | Stop if the variable foo changed.
The number of watch points is limited (depending on hardware). On x86, only 4 hardware watch points can be set simultaneously. |
| set can-use-hw-watchpoint 0 | Do not use hardware watch points. |
| watch *0x12345 | Stop if the value at address 0x12345 changed |
| rwatch foo | Stop if the variable foo is read. This feature is hardware dependent. |
| awatch foo | Stop if the variable foo is read or written. This feature is hardware dependent. |
| catch syscall | Stop when a system call occurs. |
| catch syscall [name| number] | Stop when a specified system call occurs. |
| catch throw | Stop when a C++ exception is thrown. |
| handle signal stop handle signal nostop handle signal print |
Signal handling. |
b function if foo==5
commands
silent
printf "x is %d\n",x
c
end
|
Execute the commands "silent", "print...", and "c" after reaching the break point at function |
| info break | List all break/watch points |
| clear | Remove all break/watch points |
| clear function | Remove the break point at function |
| disable num | Disable the break point num (use "info break" first to get a list of break/watch points) |
| c | Continue execution after reaching a break point |
| rc | Reverse execution until reaching a break point |
| finish | Continue execution until the current function returns |
| return 1 | Return from current function immediately with value 1 |
| s | Execute one line of source code |
| n | Same as above, but don't jump into function calls |
| si | Execute one machine instruction |
| ni | Same as above, but don't jump into function calls |
| reverse-step | Reverse execute one line of source code.
See here for a tutorial. |
| reverse-next | Same as above, but don't jump into function calls |
| reverse-stepi | Reverse execute one machine instruction |
| reverse-nexti | Same as above, but don't jump into function calls |
| checkpoint | Save a snapshot of debuggee's state |
| restart checkpoint_id | Restore the debuggee's state to checkpoint_id |
| delete checkpoint checkpoint_id | Delete checkpoint_id |
| info checkpoints | Show all checkpoints |
| (Record and replay the execution) | See here for details and here for a tutorial. |
| bt | Print a backtrace (list of stack frames) |
| f num | Select frame number num |
| down num | Move down num frames (most recent ones) |
| info f | Print info about the frame |
| info args | Print arguments passed to the frame |
| info local | Print local variables of the frame |
| list function | Show source code of function |
| list filename:function | Show source code of function in file filename |
| list *0x12345 | Show source code at address 0x12345 |
| info line function | Show the starting and ending address of the machine code for function |
| disas function | Disassemble function |
| set disassembly-flavor intel set disassembly-flavor att |
Use specified syntax for disassmbly |
| disas/m function | Disassemble function and show the source code side-by-side (the debuggee must be compiled with -g option) |
| disas/r function | Disassemble function and show the raw instructions in hexadecimals |
| set disassemble-next-line on | Disassemble the next instruction whenever GDB stops |
| set print asm-demangle on | Show demangled symbol names in disassembly |
define hook-stop x/i $pc end |
Disassemble the next instruction whenever GDB stops. This is a special example of user-defined hooks. |
| x/4i 0x12345 | Show the machine code for the first 4 instructions starting at address 0x12345 |
| x/4i $pc-6 | Show the machine code of 4 instructions starting at current program counter minus 6 |
| p var | Print the value of var. var can be a register, e.g. $r1 |
| whatis var | Print the data type of var. |
| ptype foo | Print the data type of symbol foo |
| p/t var | Print the value of var in binary |
| p/c var | Print the value of var in format c: x=hexadecimal, c=char, t=binary, d=signed, u=unsigned, o=octal, a=address, f=floating |
| p function::var | Print the value of var in function |
| p *array@len | Print the values of array (allocated by malloc) with length len |
| call getpid() | Print the PID of current process |
| info inferiors | List processes |
| x &var | Print the address of var. |
| info address foo | Print the address of symbol foo. |
| info symbol 0x12345 | Print the name of the symbol which is stored at 0x12345 |
| info macro foo | Print the definition of macro foo. The debuggee must be compiled with -ggdb3 flag. |
| macro expand foo | Expand the definition of macro foo. The debuggee must be compiled with -ggdb3 flag. |
| x/1s 0x12345 | Print 1 null-terminated string starting at 0x12345 |
| x/5xb 0x12345 | Print 5 bytes of memory in hexadecimal starting at 0x12345 |
| x/nfu 0x12345 | n is repeat count f is format (i=instruction, s=string, x=hexadecimal, c=char, t=binary, d=signed, u=unsigned, o=octal, a=address, f=floating) u is unit (b=byte, h=2 bytes, w=4 bytes, g=8 bytes) |
| info registers info float info vector info all-registers |
List regular/floating-point/vector/all registers |
| p/x $pc | Print the program counter |
| display var | Automatically display var each time GDB stops. |
define hook-stop print var end |
Display var each time GDB stops. This is a special example of user-defined hooks. |
| display/nfu 0x12345 | Display address 0x12345 (with format nfu) each time GDB stops. |
| info display | List all automatic displays |
| undisplay num | Remove display num |
| find start_addr, +len, val1 [, val2, ...] | Search memory |
| heap | Show heap usage and classify heap objects This is a Fedora extension for GDB. See here and here for details. |
| set var foo+=5 | Set the value of variable foo to increment by 5 |
| set {int}0x12345=6 | Set the value of at address 0x12345 to be 6 (treat as an integer) |
| set $rax=$rbx+5 | Set the value of x86_64 register RAX to be the sum of 5 and register RBX |
| set $ps=$ps|1 set $ps=$ps&~1 |
Set/Clean the Carry flag (x86) |
| set $ps=$ps|0x4 | Set the Parity flag (x86) |
| set $ps=$ps|0x40 | Set the Zero flag (x86) |
| set $ps=$ps|0x80 | Set the Sign flag (x86) |
| set $ps=$ps|0x800 | Set the Overflow flag (x86) |
| set write on | Make text region writeable |
| signal SIGSEGV | Send the signal SIGSEGV to debuggee |
| generate-core-file | Create a core dump file |
| info scope foo | Print all variables in the scope of function foo |
| info shared | Print info about the shared libraries |
| info source | Print info about the source file |
| info functions | Print info about all functions |
| info variables | Print info about all variables |
| dump memory file 0x12345 0x34567 | Dump the memory region 0x12345 to 0x34567 to file |
| restore file 0 0x12345 | Load file content to memory starting at 0x12345 |
| mem 0x12345 0x34567 ro | Set the memory region from 0x12345 to 0x34567 to be read-only (this restriction applies to GDB only) |
| info mem | List all memory regions |
| delete mem num | Remove memory region num |
| disable mem num | Disable memory region num |
| trace foo.c:121 | Set a tracepoint at line 121 of foo.c |
| action | Set a series of actions for tracepoint |
| tstart | Start the trace experiment |
| tdump | Dump the trace |
| tstatus | Print info about current trace data collection |
$ LD_PRELOAD=/lib/libpthread.so.0 gdb --args ./myappsor at GDB prompt (untested!),
(gdb) set exec-wrapper env 'LD_PRELOAD=/lib/libpthread.so.0'
(gdb) start (gdb) rwatch foo