@oro-oro 2015-08-18T03:17:20.000000Z 字数 5399 阅读 2068

五、GDB 基础

AndroidARM

$ adb shell
# cd /data/local/tmp
# ./hello
./hello
Hello ARM World!

下面开始调试 hello，尝试反汇编、断点、查看寄存器等操作。

# ./gdb -q hello
./gdb -q hello
Reading symbols from /data/local/tmp/hello...(no debugging symbols found)...done.

`gdb disassemble/disas [function-name]`

反汇编一下main函数的内容。

(gdb) disas main
disas main
Dump of assembler code for function main:
   0x00008258 <+0>:     push    {r11, lr}
   0x0000825c <+4>:     add     r11, sp, #4
   0x00008260 <+8>:     sub     sp, sp, #32
   0x00008264 <+12>:    str     r0, [r11, #-32]
   0x00008268 <+16>:    str     r1, [r11, #-36] ; 0x24
   0x0000826c <+20>:    ldr     r3, [pc, #52]   ; 0x82a8 <main+80>
   0x00008270 <+24>:    add     r3, pc, r3
   0x00008274 <+28>:    sub     r12, r11, #24
   0x00008278 <+32>:    mov     lr, r3
   0x0000827c <+36>:    ldm     lr!, {r0, r1, r2, r3}
   0x00008280 <+40>:    stmia   r12!, {r0, r1, r2, r3}
   0x00008284 <+44>:    ldr     r3, [lr]
   0x00008288 <+48>:    strb    r3, [r12]
   0x0000828c <+52>:    sub     r3, r11, #24
   0x00008290 <+56>:    mov     r0, r3
   0x00008294 <+60>:    bl      0x8234
   0x00008298 <+64>:    mov     r3, #0
   0x0000829c <+68>:    mov     r0, r3
   0x000082a0 <+72>:    sub     sp, r11, #4
   0x000082a4 <+76>:    pop     {r11, pc}
   0x000082a8 <+80>:    andeq   r0, r0, r4, ror #1
End of assembler dump.

第9行就是main函数的入口，适合第一个断点。
第19行就是函数调用，这里下断点，查看寄存器的值，应该会看到要打印的字符串的。

`break/b address/line_number`

下断点

(gdb) b *0x0000826c
b *0x0000826c
Breakpoint 1 at 0x826c
(gdb) b *0x00008290 @这里下到18行
b *0x00008290
Breakpoint 2 at 0x8290

`info/i`

查看信息，可以查看断点信息、寄存器信息等。

i b查看断点

(gdb) i b
i b
Num     Type           Disp Enb Address    What
1       breakpoint     keep y   0x0000826c <main+20>
2       breakpoint     keep y   0x00008290 <main+56>

`delete/d num`

删除断点

(gdb) b *0x000082a8
b *0x000082a8
Breakpoint 3 at 0x82a8
(gdb) i b
i b
Num     Type           Disp Enb Address    What
1       breakpoint     keep y   0x0000826c <main+20>
2       breakpoint     keep y   0x00008290 <main+56>
3       breakpoint     keep y   0x000082a8 <main+80>
(gdb) d 3
d 3
(gdb) i b
i b
Num     Type           Disp Enb Address    What
1       breakpoint     keep y   0x0000826c <main+20>
2       breakpoint     keep y   0x00008290 <main+56>

`run/r`

让程序跑起来

(gdb) r
r
Starting program: /data/local/tmp/hello
BFD: /system/bin/linker: warning: sh_link not set for section `.ARM.exidx'
BFD: /system/bin/linker: warning: sh_link not set for section `.ARM.exidx'
warning: Unable to find dynamic linker breakpoint function.
GDB will be unable to debug shared library initializers
and track explicitly loaded dynamic code.
Breakpoint 1, 0x0000826c in main ()
(gdb) n
n
Single stepping until exit from function main,
which has no line number information.
Breakpoint 2, 0x00008290 in main ()

查看寄存器的内容

(gdb) i r
i r
r0             0x6c6c6548       1819043144
r1             0x5241206f       1379999855
r2             0x6f57204d       1867980877
r3             0xbeed3c4c       -1091748788 @ r3 的值会赋给r0，此时还没有赋值
r4             0x8258   33368
r5             0x1      1
r6             0xafd41504       -1345055484
r7             0xbeed3cac       -1091748692
r8             0x0      0
r9             0x0      0
r10            0x0      0
r11            0xbeed3c64       -1091748764
r12            0xbeed3c5c       -1091748772
sp             0xbeed3c40       0xbeed3c40
lr             0x836c   33644
pc             0x8290   0x8290 <main+56>
cpsr           0x10     16
(gdb) x 0xbeed3c4c
x 0xbeed3c4c
0xbeed3c4c:      "Hello ARM World!"

继续给19行下断点，再查看r0的值。

(gdb) disas main
disas main
Dump of assembler code for function main:
   0x00008258 <+0>:     push    {r11, lr}
   0x0000825c <+4>:     add     r11, sp, #4
   0x00008260 <+8>:     sub     sp, sp, #32
   0x00008264 <+12>:    str     r0, [r11, #-32]
   0x00008268 <+16>:    str     r1, [r11, #-36] ; 0x24
   0x0000826c <+20>:    ldr     r3, [pc, #52]   ; 0x82a8 <main+80>
   0x00008270 <+24>:    add     r3, pc, r3
   0x00008274 <+28>:    sub     r12, r11, #24
   0x00008278 <+32>:    mov     lr, r3
   0x0000827c <+36>:    ldm     lr!, {r0, r1, r2, r3}
   0x00008280 <+40>:    stmia   r12!, {r0, r1, r2, r3}
   0x00008284 <+44>:    ldr     r3, [lr]
   0x00008288 <+48>:    strb    r3, [r12]
   0x0000828c <+52>:    sub     r3, r11, #24
=> 0x00008290 <+56>:    mov     r0, r3
   0x00008294 <+60>:    bl      0x8234
   0x00008298 <+64>:    mov     r3, #0
   0x0000829c <+68>:    mov     r0, r3
   0x000082a0 <+72>:    sub     sp, r11, #4
   0x000082a4 <+76>:    pop     {r11, pc}
   0x000082a8 <+80>:    andeq   r0, r0, r4, ror #1
End of assembler dump.
(gdb) b *0x00008294
b *0x00008294
Breakpoint 4 at 0x8294
(gdb) n
n
Single stepping until exit from function main,
which has no line number information.
Breakpoint 4, 0x00008294 in main ()
(gdb) i r
i r
r0             0xbeed3c4c       -1091748788 @ r0 就是 puts 函数的参数
r1             0x5241206f       1379999855
r2             0x6f57204d       1867980877
r3             0xbeed3c4c       -1091748788
r4             0x8258   33368
r5             0x1      1
r6             0xafd41504       -1345055484
r7             0xbeed3cac       -1091748692
r8             0x0      0
r9             0x0      0
r10            0x0      0
r11            0xbeed3c64       -1091748764
r12            0xbeed3c5c       -1091748772
sp             0xbeed3c40       0xbeed3c40
lr             0x836c   33644
pc             0x8294   0x8294 <main+60>
cpsr           0x10     16
(gdb) x 0xbeed3c4c
x 0xbeed3c4c
0xbeed3c4c:      "Hello ARM World!"

`where/whe`

查看当然程序运行所在的位置

(gdb) whe
whe
#0  0x00008294 in main ()
(gdb)

`commands`

调试的时候，自动执行某些命令。
譬如，让断点2触发时，自动显示寄存器信息。（第6-16行）

(gdb)  i b
 i b
Num     Type           Disp Enb Address    What
1       breakpoint     keep y   0x0000826c <main+20>
        breakpoint already hit 1 time
2       breakpoint     keep y   0x00008290 <main+56>
        breakpoint already hit 1 time
4       breakpoint     keep y   0x00008294 <main+60>
(gdb) commands 2            // -------------------------- 开始 -------------------------
commands 2
Type commands for breakpoint(s) 2, one per line.
End with a line saying just "end".
>i r
i r
>end                        // -------------------------- 结束 --------------------------
end
(gdb) n
n
Single stepping until exit from function main,
which has no line number information.
Breakpoint 4, 0x00008294 in main ()
(gdb) n
n
Single stepping until exit from function main,
which has no line number information.
Hello ARM World!
0xafd14dba in __libc_init () from /system/lib/libc.so
(gdb) r
r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
y
Starting program: /data/local/tmp/hello
BFD: /system/bin/linker: warning: sh_link not set for section `.ARM.exidx'
BFD: /system/bin/linker: warning: sh_link not set for section `.ARM.exidx'
warning: Unable to find dynamic linker breakpoint function.
GDB will be unable to debug shared library initializers
and track explicitly loaded dynamic code.
Breakpoint 1, 0x0000826c in main ()
(gdb) n
n
Single stepping until exit from function main,
which has no line number information.
Breakpoint 2, 0x00008290 in main ()
r0             0x6c6c6548       1819043144
r1             0x5241206f       1379999855
r2             0x6f57204d       1867980877
r3             0xbefbcc4c       -1090794420
r4             0x8258   33368
r5             0x1      1
r6             0xafd41504       -1345055484
r7             0xbefbccac       -1090794324
r8             0x0      0
r9             0x0      0
r10            0x0      0
r11            0xbefbcc64       -1090794396
r12            0xbefbcc5c       -1090794404
sp             0xbefbcc40       0xbefbcc40
lr             0x836c   33644
pc             0x8290   0x8290 <main+56>
cpsr           0x10     16
(gdb)

`continue/c`

继续运行，跟next/n 效果差不多。

(gdb) c
c
Continuing.
Breakpoint 4, 0x00008294 in main ()
(gdb) c
c
Continuing.
Hello ARM World!
Program exited normally.
(gdb)

五、GDB 基础

gdb disassemble/disas [function-name]

break/b address/line_number

info/i

delete/d num

run/r

where/whe

commands

continue/c

内容目录