GDB Cheatsheet (linux)

This article provides an overview of essential GDB commands and shortcuts for debugging and reverse-engineering binary applications.

Summary

[I] General presentation

*What is GDB?

GDB is a powerful command-line tool used for debugging programs written in languages like C and C++. It allows developers to inspect the internal workings of a running application, step through code line by line, analyze variables, set breakpoints, and even reverse-engineer binaries. Whether you're troubleshooting a crash or tracking down elusive bugs, GDB gives you full control over program execution and memory analysis—essential for deep diagnostics and performance tuning.

The following article presents various GDB commands for debugging binaries.

To explore GDB’s features and commands in detail, refer to the GDB manpage.

[II] Starting GDB & executing binaries

*Open GDB

Run this command to launch the GDB shell.

auditer@linux:#
gdb

*File selection

From within the GDB shell, execute the following command to specify the file to be analyzed (e.g., unknown.bin)

>(gdb)
file unknown.bin

*Binary execution

It’s recommended to execute the binary at least once before conducting further analysis, as this helps obtain accurate assembly addresses.

>(gdb)
run

*Continue execution after a breakpoint

When execution halts at a breakpoint, this command resumes the binary’s execution until either the next breakpoint or the program’s termination.

>(gdb)
c

[III] Inspecting functions

*List functions

Display all defined functions in the loaded binary, including their memory addresses.

>(gdb)
info functions

*Filter functions by Name

Display only functions matching a Name Replace (Example: `info functions main` will show only functions matching "main".

>(gdb)
info functions main

*Inspect a function content (disas)

The following command disassembles a function to analyze its behavior (e.g., main).

>(gdb)
disas main

[IV] Breakpoint management

*List breakpoints

The following command list the defined breakpoint.

>(gdb)
info b

*Add a breakpoint

This command sets a new breakpoint at a specified memory address (I.e 0x000055555555532f).

>(gdb)
b *0x000055555555532f

*Delete a breakpoint

This command delete a previously set breakpoint defined by its breakpoint number (I.e 1).

>(gdb)
delete 1

*Delete all breakpoints

This command delete all previously set breakpoints.

>(gdb)
delete

[V] Analyzing variables & registers

*View registers

View the contents of CPU registers.

>(gdb)
info registers

*Extended Register Views

To include floating-point and vector registers (like xmm, ymm, st0–st7), use:

>(gdb)
info all-registers

*Show a variable

Show a variable content. The variable should exist in the souce code when triggered (I.e variable str).

>(gdb)
x/s str

Back