本文讲解如何使用GDB调试二进制文件，方便大家更好理解二进制漏洞利用。原文链接: https://azeria-labs.com/debugging-with-gdb-introduction/

This is a very brief introduction into compiling ARM binaries and basic debugging with GDB. As you follow the tutorials, you might want to follow along and experiment with ARM assembly on your own. In that case, you would either need a spare ARM device, or you just set up your own Lab environment in a VM by following the steps in this short How-To.

这是一个非常简单的介绍，介绍如何如何将代码编译成ARM二进制文件和使用GDB进行基本的调试。学习教程时，您可能想一步步跟随教程，并在自己的设备上实践ARM 汇编，所以你要么需要一个备用的ARM设备，要么在how-To里搭建自己的实验环境。

You can use the following code from Part 7 – Stack and Functions, to get familiar with basic debugging with GDB.

可以用第七部分：栈和函数里的代码，熟悉GDB的基本调试

Personally, I prefer using GEF as a GDB extension. It gives me a better overview and useful features. You can try it out here: GEF – GDB Enhanced Features.

我个人更喜欢使用GDB的扩展GEF，它给我提供了更好的概览和有用的功能，你可以试试看：GEF-GDB增强功能

Save the code above in a file called max.s and compile it with the following commands:

把上面的代码保存到max.s文件后用下面命令编译

The debugger is a powerful tool that can:

Load a memory dump after a crash (post-mortem debugging)

Attach to a running process (used for server processes)

Launch a program and debug it

Launch GDB against either a binary, a core file, or a Process ID:

Attach to a process: $ gdb -pid $(pidof <process>)

Debug a binary: $ gdb ./file

Inspect a core (crash) file: $ gdb -c ./core.3243

调试器是一个强大的工具可用来：

1.       崩溃后加载内存转储（事后调试）

2.       附加到正在运行的进程（用于服务器进程）

3.       启动程序并调试它

无论是二进制文件，核心文件或进程ID都可藉由GDB运行

1.       附加到进程：gdb -pid $(进程的PID)

2.       调试二进制文件：$ gdb ./file

3.       查看核心（崩溃）文件：$ gdb -c ./core.3243

If you installed GEF, it drops you the gef> prompt.

若你安装了GEF会释放gef> 提示符

This is how you get help:

(gdb) h

(gdb) apropos <search-term>

你可通过以下方式获得帮助

(gdb) h

(gdb) apropos <search-term>（译者注：下面将search-term指定为registesr看输出什么）

（译者注：看倒数第8行）

Breakpoint commands:

break (or just b) <function-name>

break <line-number>

break filename:function

break filename:line-number

break *<address>

break  +<offset>  

break  –<offset>

tbreak (set a temporary breakpoint)

del <number>  (delete breakpoint number x)

delete (delete all breakpoints)

delete <range> (delete breakpoint ranges)

disable/enable <breakpoint-number-or-range> (does not delete breakpoints, just enables/disables them)

continue (or just c) – (continue executing until next breakpoint)

continue <number> (continue but ignore current breakpoint number times. Useful for breakpoints within a loop.)

finish (continue to end of function)

断点命令：

1.       break(或只是b) + 函数名

2.       break   行号

3.       break   文件名:函数名

4.       breake   文件名:行号

5.       break *地址

6.       break +偏移

7.       break –偏移

8.       tbreak（设置临时断点）

9.       del 号码（删除断点号码）

10.   delete  （删除所有的断点）

11.   delete 地址范围  （删除范围内的断点）

12.   disable/enable 断点号码或者范围   （不删除断点，只是使能/去使能这些断点）

13.   continue（或只是c）   （继续执行直到下一个断点）

14.   finish   （继续执行直到末尾）

This deletes the first breakpoint and sets a breakpoint at the specified memory address. When you run the program, it will break at this exact location. If you would not delete the first breakpoint and just set a new one and run, it would break at the first breakpoint.

以上代码删除了第一个断点，然后在特定的内存地址下断，当你运行程序会断在准确的地址处，要是你不删第一个断点又下了一个新断点，然后运行，程序会断在第一断点处。

Start and Stop:

Start program execution from beginning of the program

run

r

run <command-line-argument>

Stop program execution

kill

Exit GDB debugger

quit

q

开始和停止：

从程序的开始启动执行：

1.       run

2.       r

3.       run 命令行参数

停止程序执行

1.       kill

退出GDB调试器

1.       quit

2.       q

Now that our program broke exactly where we wanted, it’s time to examine the memory. The command “x” displays memory contents in various formats.

既然程序断在我们希望的地方，现在有时间检查内存，用命令“x”以各种格式显示内存的内容

（译者注：x/10i 就是显示接下来的10条指令， x/16xw 第二个x代表十六进制，w是四字节的字，显示了从PC开始的16个字，每个字用十六进制显示）

Commands for stepping through the code:

Step to next line of code. Will step into a function

stepi

s

step <number-of-steps-to-perform>

Execute next line of code. Will not enter functions

nexti

n

next <number>

Continue processing until you reach a specified line number, function name, address, filename:function, or filename:line-number

until

until <line-number>

Show current line number and which function you are in

where

用于单步执行代码的命令

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！