1. 查看寄存器
(gdb) i r
(gdb) i r a # 查看所有寄存器(包括浮點、多媒體)
(gdb) i r esp #x86
(gdb) i r pc #arm 的eip
2. 查看內存
(gdb) x /wx 0x80040000 # 以16進制顯示指定地址處的數據
(gdb) x /8x $esp
(gdb) x /16x $esp+12
(gdb) x /16s 0x86468700 # 以字符串形式顯示指定地址處的數據
(gdb) x /24i 0x8048a51 # 以指令形式顯示指定地址處的數據(24條)
3. 修改寄存器的值
(gdb) set $r0 = 0x004000000
(gdb) set $pc = 0xbfc00000
4. 修改內存的值
(gdb) set {unsigned int}0x112233=0x0
(gdb) set *(unsigned int*)0x112233=0x55aa55aa
5. 內存搜索
Usage: find <start> <end> <count> <value>
(gdb) define find
set $ptr = $arg0
set $cnt = 0
while ( ($ptr<=$arg1) && ($cnt<$arg2) )
if ( *(unsigned int *)$ptr == $arg3 )
x /wx $ptr
set $cnt = $cnt + 1
end
set $ptr = $ptr + 4
end
end
6. 斷點、監測點
(gdb) b *0x80400000
(gdb) watch *(unsigned int *)0xbffff400==0x90909090
7.反彙編分析
set disassembly-flavor 設置ATT或INTEL格式
(gdb) disas /r 0x401265,0x401270
(gdb) p /x *(int*)0x401265 查看機器碼
(gdb) p *(int*)0x401365 =0x9090 修改並查看機器碼