What if you need to debug a binary that doesn't have any symbols?
(gdb) info files
...
Entry point: 0x804ded8
...
(gdb) break *0x804ded8
(gdb) run
(gdb) display /i $pc
then gdb will show the upcoming instruction each time your program steps.
(gdb) nexti # next instruction, skips over function calls. (gdb) ni # shorthand for nexti (gdb) stepi # step instruction, steps into function calls. (gdb) si # shorthand for stepiTo see the content of registers,
(gdb) info registers (gdb) i r # shorthand for info registers. Note the space.
(gdb) disassemble addr (gdb) disas addr # shorthand for disassemble
The address "addr" can be a symbol name (e.g. phase_1) or address (e.g. 0x08048ea6) or a register (e.g. $pc). If you get the "No function contains specified address" error, you have to indicate the number of bytes to disassemble:
(gdb) disas $pc, +60
(gdb) x /fmt addrwhere /fmt specifies the format at the memory location "addr". Some examples:
(gdb) x /s 0x8049890 # shows the string at address 0x8049890 (gdb) x /16bc $esi # shows 16 bytes of characters at $esi (gdb) x /4wx &node1 # shows 4 words of hex at symbol name node1 (gdb) x /6wx $ebp - 0x20 # shows 6 words of hex at address $ebp - 0x20.
Notice that &node1 is the address of that symbol. If you omit the &, it would try to read a word value at that memory location, and then use the value as the address to show for the x command.
(gdb) info symbol 0x08048cfb phase_2 in section .text (gdb) info symbol 0x804a5fc node1 in section .data
Sometimes the symbol name reveals intent of the program.
objdump -d
dis