标签:
| Gdb Command | Abbreviation command | Description |
|---|---|---|
| gdb ./binary_name | start gdb | |
| run command_line | r command_line | Start the program being debugged, possibly with command line arguments args. [run] |
| break function | b function | Set a breakpoint at the beginning of function [break] |
| break filename:linenumber |
b filename:linenumber | Set a breakpoint at line number of the current file. [break] |
| delete n | Delete breakpoint number n [delete] | |
| info break | info b | List all breakpoints [info] |
| list [optional_line] | l [optional_line] | List next listsize lines. If optional_line is given, list the lines centered around optional_line. [list] |
| backtrace | bt | print callstack |
| frame number | f number | jump to caller functions |
| print var_name[expression] | p var_name[expression] | print variable, expression(any kind of combinations of variables) |
| continue | c | run until next breakpoint |
| next | n | Step over step by step |
| step | s | Step into functions. [step] |
| finish | Step out of the current function. Execute the rest of the current function. [finish] | |
| watch var_name[*(int*)add] | watch a variable or the content of memroy address | |
| q | quit gdb [quit] |
Here is an example code. This example code store two strings together. The memory layout is: [str1_len, str1, str2_len, str2]. str2_len locates in the middle of the memory. It‘s possible that str1 is longer than the max string size( g_str_max_size), then str2 will overrite parts of str1.
1 #include "stdio.h" 2 #include "stdlib.h" 3 #include "string.h" 4 #include "assert.h" 5 const int g_str_max_size = 10; 6 void store_string(void *mem, char *str) 7 { 8 int len = strlen(str); 9 *(int*)mem = len; 10 strcpy(mem + sizeof(int), str); 11 } 12 void print_strings(void *mem) 13 { 14 printf("Length of string a: %d\n", *(int*) mem); 15 printf("string s: %s\n\n", (char*)(mem + sizeof(int))); 16 17 printf("Length of string b: %d\n", *(int*) (mem + (g_str_max_size * sizeof(char) + sizeof(int)))); 18 printf("string s: %s\n", (char*)(mem + (g_str_max_size * sizeof(char) + sizeof(int) * 2))); 19 } 20 int main(int argc, char *argv[]) 21 { 22 if(argc != 3) 23 { 24 printf("usage: ./two_strings string1 string2\n"); 25 return 0; 26 } 27 28 void *mem = malloc(2 * (g_str_max_size * sizeof(char) + sizeof(int))); 29 memset(mem, 0, 2 * (g_str_max_size * sizeof(char) + sizeof(int))); 30 31 // char *str1 = "string b."; 32 // char *str2 = "This is string a."; 33 // assert(strlen(str1) < g_str_max_size); 34 // assert(strlen(str2) < g_str_max_size); 35 36 // strlen1 --> *(int*) mem + sizeof(int) 37 // strlen2 --> *(int*)(mem + (g_str_max_size * sizeof(char) + 2 * sizeof(int))) 38 store_string(mem , argv[1]); 39 store_string(mem + (g_str_max_size * sizeof(char) + sizeof(int)), argv[2]); 40 41 print_strings(mem); 42 43 return 0; 44 }
To use GDB, we‘d bettter build the binary without optimization flags, such as -O0. Let‘s build and run it:
$ gcc -O0 -g mem_pool.c -o mem_pool $ ./mem_pool "This is string a." "string b." Length of string a: 17 string s: This is st Length of string b: 9 string s: string b. $ |
Oops, we can see that str1 is only partly printed. We will use gdb to find out why it happens.
$ gdb ./mem_pool ....(gdb informations) (gdb) r "This is string a." "string b." Starting program: /home/jxion/jp4/depot/lechin/users/jxion/test_toys/test_gdb/mem_pool "This is string a." "string b." Length of string a: 17 string s: This is st Length of string b: 9 string s: string b. [Inferior 1 (process 22105) exited normally] |
You can find we can re-produce the issue in gdb.
(gdb) b mem_pool.c:18 Breakpoint 1 at 0x400701: file mem_pool.c, line 18. (gdb) r Starting program: /home/jxion/jp4/depot/lechin/users/jxion/test_toys/test_gdb/mem_pool "This is string a." "string b." Length of string a: 17 Breakpoint 1, print_strings (mem=0x602010) at mem_pool.c:18 |
The breakpoint line will be in the midlle. If you want to let the line13 in the middle, use "list 13" or "l 13".
(gdb) list
13 }
14
15 void print_strings(void *mem)
16 {
17 printf("Length of string a: %d\n", *(int*) mem);
18 printf("string s: %s\n\n", (char*)(mem + sizeof(int)));
19
20 printf("Length of string b: %d\n", *(int*) (mem + (g_str_max_size * sizeof(char) + sizeof(int))));
21 printf("string s: %s\n", (char*)(mem + (g_str_max_size * sizeof(char) + sizeof(int) * 2)));
22 }
(gdb)
|
(gdb) bt #0 print_strings (mem=0x602010) at mem_pool.c:18 #1 0x0000000000400818 in main (argc=3, argv=0x7fffffffd4e8) at mem_pool.c:45 (gdb) |
You can even operate the variable as your need. Such as "print var1*var2".
(gdb) p (int)mem $11 = 6299664 (gdb) p (int)mem * 100 $12 = 629966400 (gdb) p *(int*) mem + *((int*) mem + 1) $13 = 1936287845 (gdb) |
You can use "bt" to show the callstack, and then jump to any callstack you like by "frame n"
(gdb) bt #0 print_strings (mem=0x602010) at mem_pool.c:18 #1 0x0000000000400818 in main (argc=3, argv=0x7fffffffd4e8) at mem_pool.c:45 (gdb) f 1 #1 0x0000000000400818 in main (argc=3, argv=0x7fffffffd4e8) at mem_pool.c:45 45 print_strings(mem); (gdb) l 40 // strlen1 --> *(int*) mem + sizeof(int) 41 // strlen2 --> *(int*)(mem + (g_str_max_size * sizeof(char) + 2 * sizeof(int))) 42 store_string(mem , argv[1]); 43 store_string(mem + (g_str_max_size * sizeof(char) + sizeof(int)), argv[2]); 44 45 print_strings(mem); 46 47 return 0; 48 } (gdb) p argv[1] $14 = 0x7fffffffd8a1 "This is string a." (gdb) |
(gdb) n
string s: This is st
20 printf("Length of string b: %d\n", *(int*) (mem + (g_str_max_size * sizeof(char) + sizeof(int))));
(gdb) n
Length of string b: 9
21 printf("string s: %s\n", (char*)(mem + (g_str_max_size * sizeof(char) + sizeof(int) * 2)));
(gdb)
|
(gdb) cont Continuing. string s: string b. [Inferior 1 (process 22118) exited normally] (gdb) |
See the summary table.
Use breakpoint we can see that str1 is modified when the program breaks in line 18. We need to locate where the str1 is modified. As the str1‘s memory address is solid all the time, we can use watchpoint to watch who modify the memory.
As the memory may modified outside of the function, we need to use the second type of "watch" command.
(gdb) p (char*)(mem + (sizeof(int)*1)) $18 = 0x602014 "This is st\t" (gdb) p (char*)(mem + (sizeof(int)*1) + 10) $19 = 0x60201e "\t" (gdb) p (mem + (sizeof(int)*1) + 10) $20 = (void *) 0x60201e (gdb) watch *(char *) 0x60201e Hardware watchpoint 2: *(char *) 0x60201e (gdb) |
Now we have find the address where the content is modified incorectly. And it has already been modified, so we need to re-run the program from the start. From my understanding, the memory will not change not matter how many times you run the program as lone as you don‘t quit the gdb.
(gdb) r The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /home/jxion/jp4/depot/lechin/users/jxion/test_toys/test_gdb/mem_pool "This is string a." "string b." Hardware watchpoint 2: *(char *) 0x60201e Old value = <unreadable> New value = 0 ‘\000‘ memset () at ../sysdeps/x86_64/memset.S:65 65 ../sysdeps/x86_64/memset.S: No such file or directory. (gdb) bt #0 memset () at ../sysdeps/x86_64/memset.S:65 #1 0x00000000004007c9 in main (argc=3, argv=0x7fffffffd4e8) at mem_pool.c:33 (gdb) c Continuing. Hardware watchpoint 2: *(char *) 0x60201e Old value = 0 ‘\000‘ New value = 114 ‘r‘ __strcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:792 792 ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S: No such file or directory. (gdb) bt #0 __strcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:792 #1 0x00000000004006dc in store_string (mem=0x602010, str=0x7fffffffd8a1 "This is string a.") at mem_pool.c:12 #2 0x00000000004007e3 in main (argc=3, argv=0x7fffffffd4e8) at mem_pool.c:42 (gdb) c Continuing. Hardware watchpoint 2: *(char *) 0x60201e Old value = 114 ‘r‘ New value = 9 ‘\t‘ store_string (mem=0x60201e, str=0x7fffffffd8b3 "string b.") at mem_pool.c:12 12 strcpy(mem + sizeof(int), str); (gdb) bt #0 store_string (mem=0x60201e, str=0x7fffffffd8b3 "string b.") at mem_pool.c:12 #1 0x000000000040080c in main (argc=3, argv=0x7fffffffd4e8) at mem_pool.c:43 (gdb) |
We can see that the address‘s content is modified three times:
标签:
原文地址:http://www.cnblogs.com/xjsxjtu/p/4625056.html
