How to use:

1] To use compile your program with -g flag

2] Run gdb program_executable_name
3] Run gdb program_executable_name core_file_name

GDB Basic commands

===================
1] Breakpoint(b) commands tells gdb to stop execution of program at a particular
point.
break <function_name>
break <file_name>:<line_number>
break <line_number>
break <address>
info break // To print all breakpoints
delete <breakpoint_number>
delete // To delete all breakpoints

2] Watchpoint commands tells gdb to stop execution of program when a particular

variable is modified.
watch <variable_name>
info watch
3] Run commands
run
r
4] Printf commands tells gdb to print a particular value.
print <format_string>

5] step commands tells gdb to execute a single instruction.

step
next

6] Continue commands tells gdb to continue execution of program until until next
breakpoint.
continue

7] list commands tells gdb to print source code of a particular function.

list <function_name>
list <file_name>:<line_number>
list <line_number>

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++

Memory inception in GDB

========================

1] use x command to print memory address of a variable.

x <address_of_variable> //this will print 1 byte of memory // this is same as
address of variable
x/12 <address_of_variable> //this will print 12 bytes of memory
x/12x <address_of_variable> //this will print 12 bytes of memory in hexadecimal
format
x/12w <address_of_variable> //this will print 12 bytes of memory in word format
x/12b <address_of_variable> //this will print 12 bytes of memory in byte format
x/12s <address_of_variable> //this will print 12 bytes of memory in string
format
x/12c <address_of_variable> //this will print 12 bytes of memory in character
format
2] use p command to print value of a variable.

3] Structure padding:
-> Compiler didn't read one byte at a time it read one word, size of one word
in 32bit processor is 4 bytes and in 64bit processor it is 8 bytes.
-> struct size is multiple of largest data type in struct.
-> #pragma pack(1) // this will tell compiler to read one byte at a time. this
avoid padding
e.g.
typedef struct {
char ch;
int x;
char name[10];
double y;
} Point;
Memory layout
Offset: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
+----+----+----+----+----+----+----+----+----+----+----+----+----+----+----
+----+----+----+----+----+----+----+----+----+----+----+----+----+----+----+----+
| ch | PADDING | x (int) | name[10]
| PADDING | y (double) |
+----+----+----+----+----+----+----+----+----+----+----+----+----+----+----
+----+----+----+----+----+----+----+----+----+----+----+----+----+----+----+----+
|1byte| 3 bytes | 4 bytes | 10 bytes
| 6 bytes | 8 bytes |

//
===================================================================================
===================================================================================
===========================

1] For repetative task

-> The init.gdb file is used to configure the GNU Debugger (GDB) by specifying
a set of commands that GDB will automatically execute upon startup. This can be
useful for setting up your debugging environment, defining custom commands, or
automating repetitive tasks.
-> gdb executable -x /path/to/init.gdb file
-> e.g. og init.gdb file
# Set a breakpoint at the main function
break main
# Define a custom command 'my_command'
define my_command
info registers
x/10i $pc
end
# Set some environment variables
set environment MY_VAR=1
# Load additional symbol files
add-symbol-file /path/to/additional/symbols
# Customize display settings
set print pretty on
# Run the program automatically
run

2] Valgrid
-> Valgrind is a tool for debugging and profiling programs written in C and C+
+. It can detect many memory-related errors, such as memory leaks, invalid memory
accesses, and double frees.
-> how to use it
valgrind ./executable_file

3] Assert
-> assert(condition, message)
-> if condition is false then it will print message and exit the program

4] Segmentation fault
-> Segmentation fault is a type of error that occurs when a program attempts to
access a memory location that is not allocated to it. This can happen for a variety
of reasons, such as trying to access a memory location that is out of bounds, or
trying to access a memory location that has been freed.

5] Memory leak vs Memory corruption

-> Memory leak is when a program allocates memory but does not free it, causing
the memory to be unavailable for future allocations. This can lead to a buildup of
unused memory that can eventually cause the program to crash.
-> Memory corruption is when a program accesses memory that is not allocated to
it, causing it to be corrupted and potentially causing the program to crash or
behave in unexpected ways.

6] Heap Corruption
Heap corruption occurs when a program modifies the memory allocated on the heap
beyond its allocated boundaries. This can lead to unpredictable behavior, crashes,
or security vulnerabilities.
examples:
1] Buffer overflow:
char* buffer = malloc(10);
strcpy(buffer, "This is a long string that overflows the buffer");

2] Double Free or Incorrect Free:

char* ptr = malloc(10);
free(ptr);
free(ptr); // Double free

3] Use After Free:

char* ptr = malloc(10);
free(ptr);
printf("%s", ptr); // Use after free

4] Incorrect Use of Pointer:

int* ptr = NULL;
*ptr = 10; // Dereferencing a null pointer

7] Conditional Breakpoint
e.g.
1] break file_no:line_no if (x>1000)

8] A "zombie process" in Unix-like operating systems is a process that has

completed execution but still has an entry in the process table. This occurs when
the process has finished executing (terminated) but has not been properly cleaned
up by its parent process.
fork() creates a new process by duplicating the calling process. The new
process is referred to as the child process.
Each process has it Process control Block (PCB) which contains information
about the process such as its PID, parent PID, state, and other information.
Each thread has it Thread control Block (TCB) which contains information about
the thread such as its PID, parent PID, state, and other information.
9] ltrace and strace
strace is used to trace system calls made by a process. A system call is a way
for programs to interact with the operating system kernel. For example, reading a
file, writing to a file, creating a new process, or communicating over a network
typically involves making system calls.
e.g.
1] strace ./executable_file
2] strace ls //any linux command

ltrace is used to trace library calls made by a process. A library call is a

way for programs to interact with the standard C library. For example, printf() is
a library call that is used to print text to the console.
e.g.
1] ltrace ./executable_file
2] ltrace ls //any linux command

//
===================================================================================
===================================================================================
=====================

1] Debugging with Multithread Program in GDB

-> info thread
this will give the information about the thread. Acetreck(*) before id
indicate that we are currently inside that thread.
Whenever we are creating new thread gdb always go to the main thread by
default.
-> thread 1
this will switch to the thread 1
-> thread apply all bt
this will print the backtrace of all the thread
-> thread apply all bt full
this will print the full backtrace of all the thread

//Doing nothing