gdb教程：6. Advanced gdb Features

6.1 How do I examine memory? 

Use the x command to examine memory. The syntax for the x command is x/FMT ADDRESS. The FMT field is a count followed by a format letter and a size letter. There are many options here, use the help command 'help x' to see them all. The ADDRESS argument can either be a symbol name, such as a variable, or a memory address.

If we have char *s = "Hello World\n", some uses of the x command could be:

Examine the variable as a string:

(gdb) x/s s
0x8048434 <_IO_stdin_used+4>:    "Hello World\n"

Examine the variable as a character:

(gdb) x/c s
0x8048434 <_IO_stdin_used+4>:   72 'H'

Examine the variable as 4 characters:

(gdb) x/4c s
0x8048434 <_IO_stdin_used+4>:   72 'H'  101 'e' 108 'l' 108 'l'

Examine the first 32 bits of the variable:

(gdb) x/t s
0x8048434 <_IO_stdin_used+4>:   01101100011011000110010101001000

Examine the first 24 bytes of the variable in hex:

(gdb) x/3x s
0x8048434 <_IO_stdin_used+4>:   0x6c6c6548      0x6f57206f      0x0a646c72

6.2 How do I see what is in the processor registers? 

Use the info registers command. The output of this command depends on the hardware architecture. The following is part of the output on an intel machine:

(gdb) info registers
eax            0x40123460       1074934880
ecx            0x1      1
edx            0x80483c0        134513600
ebx            0x40124bf4       1074940916
esp            0xbffffa74       0xbffffa74
ebp            0xbffffa8c       0xbffffa8c
esi            0x400165e4       1073833444
...

6.3 How do I debug with a core file? 

When your program segfaults and leaves a core dump file, you can use gdb to look at the program state when it crashed. Use thecore command to load a core file. The argument to the core command is the filename of the core dump file, which is usually "core", making the full commandcore core.

prompt > myprogram
Segmentation fault (core dumped)
prompt > gdb myprogram
...
(gdb) core core
...

6.4 How do I step through my code at the instruction level? 

There are two commands, nexti and stepi, that work similar tonext and step. See the usage of those commands for an idea of how to use these two.

6.5 How do I see the assembly code my program is running?

Use the disassemble command. The argument to this command is a memory address. Here is an example of the disassembly for the main function of a simple program on an intel machine:

(gdb) disassemble main
Dump of assembler code for function main:
0x80483c0 <main>:       push   %ebp
0x80483c1 <main+1>:     mov    %esp,%ebp
0x80483c3 <main+3>:     sub    $0x18,%esp
0x80483c6 <main+6>:     movl   $0x0,0xfffffffc(%ebp)
0x80483cd <main+13>:    mov    0xfffffffc(%ebp),%eax
0x80483d0 <main+16>:    movb   $0x7,(%eax)
0x80483d3 <main+19>:    xor    %eax,%eax
0x80483d5 <main+21>:    jmp    0x80483d7 <main+23>
0x80483d7 <main+23>:    leave  
0x80483d8 <main+24>:    ret    
End of assembler dump.