GDB 使用笔记

近来在搞LINUX, GDB边学边用，感觉这个工具比较不上ollydbg和windbg, 还算够用。做了一些笔记，防止忘了，命令行的东东比较容易忘一些.

 1.ptype 打印类型结构信息
  2.info register 打印寄存器信息
  3. x/nfu addr
   x addr
   x Use the x command to examine memory.
   n, f, and u are all optional parameters that specify how much memory to display and how
   to format it; addr is an expression giving the address where you want to start displaying
   memory. If you use defaults for nfu, you need not type the slash ‘/’. Several commands set
   convenient defaults for addr.
   n, the repeat count
   The repeat count is a decimal integer; the default is 1. It specifies how much
   memory (counting by units u) to display.
   f, the display format
   The display format is one of the formats used by print (‘x’, ‘d’, ‘u’, ‘o’, ‘t’,
   ‘a’, ‘c’, ‘f’, ‘s’), and in addition ‘i’ (for machine instructions). The default is
   ‘x’ (hexadecimal) initially. The default changes each time you use either x or
   print.
   u, the unit size
   The unit size is any of
   b Bytes.
   h Halfwords (two bytes).
   w Words (four bytes). This is the initial default.
   g Giant words (eight by
   
    4. 符号名有::的,如 boost::share_pointer_bas, 使用'来括住,
     例: print ('boost::share_pointer_bas') 0x2343434f
     
    5. stepi 机器指令步入,对应 step
   
    6. nexti 机器指令步过, 对应 next
   
    7. thread {tid},切换线程， info threads 打印线程信息
   
    8. where 打印全部堆栈信息
   
    9. break 文件名::数行
   
    10. stl_views.gdb可以打印stl容器
   
    11. 使用 *0x1103204(VAR) 取值， &VAR(ADDRESS) 取址
    
    12. frame n 切换调用栈, 方便在调用栈中查看不同上下文的变量和数据。
   
    13. disassemble 显示汇编  ，例:disas 0x32c4 0x32e4
   
    14. finish 执行到函数返回, 类假VC shift+f11 或ollydebug的 ctrl+f9
   
    15. php.所有对象的store及GC管理.
     打印4个对象库中的对象
    print (zend_object_store_bucket)*executor_globals.objects_store.object_buckets@4
   
    16. 跟入子进程
      If you want to follow the child process instead of the parent process, use the command
    set follow-fork-mode.
    例:set follow-fork-mode on.
   
  17.  gdb --pid < script.gdb 使用让gdb接收stdin方法来执行自动debug脚本。
  
    whereall.sh
     6 pid_array=`ps aux | grep $1 | grep -v "grep" | awk '{print $2}'`
     7
     8 for spid in $pid_array
     9 do
    10 echo "-PID: $spid  ---------------------------"
    11 gdb --pid $spid  < whereall.gdb
    12 echo "----------------------------------------"
    13 done

     whereall.gdb
      1 where
     2 detach
     3 quit
    ~
    18. ulimit -c number或unlimited来让系统在异常的情况下产生coredump文件当前目录下,文件名是core.pid