-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
133 lines (100 loc) · 2.91 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
==============
my_gdb project
==============
===========
DESCRIPTION
===========
Linux x86 debugger
=======
INSTALL
=======
Run the following command:
make
=====
USAGE
=====
./my-dbg [program] [arguments ...]
If program is supplied, my-dbg starts debugging this program.
Arguments are transmitted to the program if any.
===========
DEFINITIONS
===========
tracee: Program being debugged by my-dbg.
========
COMMANDS
========
==> COMMANDS LIST:
Most commandes does not require any argument. If it does, an usage
will be available.
The following commands are available even if no program is loaded:
-> help
Display command name, usage and short description for each command.
-> quit
Exit my-dbg. Kill the tracee if any.
-> attach
Attach a running process. PTRACE_MODE_ATTACH permission is required.
Usage: attach <pid>
The following command are available if my-dbg is debugging a program.
-> info_regs
Display the tracee's registers (cf. placeholders section for a register list).
-> info_memory
Display memory mappings of the tracee.
-> break
Place a breakpoint at the given address.
Usage: break <address>
-> continue
Continue program execution. Program starts interrupted, so you need to continue
to reach placed breakpoints.
-> step_instr
Go to the next assembly instruction.
-> examine
Examine tracee's memory.
3 formats are available:
- x: Hexadecimal memory dump.
- d: Print integers.
- i: Print instructions.
- s: Print string.
Memory is read (<size> bytes) at the address <address>.
Usage: examine <format> <size> <address>
-> backtrace
Print the call stack that led to the current function.
-> tbreak
Place a temporary breakpoint: once the breakpoint is hit, it is disabled.
Usage: tbreak <address>
-> next_instr
Go to the next instruction, but step over calls.
-> breakf
Place a breakpoint on a function using it's name.
Usage: breakf <function>
-> breaks
Place a breakpoint on specified syscall entry.
You can use both syscall and syscall number.
Usage: breaks <syscall | syscall number>
-> break_list
List breakpoints: their types, their address and their status.
-> break_del
Delete a breakpoint by it's ID.
Usage: break_del <ID>
-> disassemble
Disassemble <N> instructions at specified address.
Usage: disassemble <address> <N>
-> finish
Ends current function.
-> list
Print current source code line using debugging informations.
Abbreviations are supported (eg. e -> examine).
For ambiguous cases, cf. aliases.
==> ALIASES:
Because a good developper is a lazy developper, here are some aliases:
b -> break
bt -> backtrace
bs -> breaks
bf -> breakf
==> PLACEHOLDERS:
Please note that the folliwing placeholders are available
when a numeric argument is requested:
%rip %rsp %rbp %eflags %orig_rax %rax %rbx %rcx %rdx %rdi %rsi
%r8 %r9 %r10 %r11 %r12 %r13 %r14 %r15 %cs %ds %es %fs %gs %ss
%fs_base %gs_base
Example: disas %rip 5: dissasemble 5 instructions starting to
the current program position