-
Notifications
You must be signed in to change notification settings - Fork 159
GDB Expressions
brkzlr edited this page Oct 27, 2025
·
2 revisions
Simply put, they are expressions like in other programming languages where you can combine various constant, variables, operators and even function calls to analyze the program in greater detail.
GDB expressions are used in many input fields of PINCE. For example:
- In
AddAddressManuallydialog, in the address field, try typing any widely used library function (such asmalloc,open,printf,scanf, etc...).- PINCE will return the value residing in the function's starting address.
- Pressing the OK button will cause PINCE to add the function's address and its value to the address list.
- You can also use this inside register edit fields to set registers to the result of expression!
- Have the process paused by using F1 or F2.
- Double click on any of the registers inside Memory Viewer window and try typing a function name in the field or any other expression. You'll see that the registers will be set to the result of the expression.
- Additionally, you can use register values in other places, like the aforementioned
AddAddressManuallydialog.- Try inputting some register expressions such as
$rip,$rsp+6,$rip+$rax
- Try inputting some register expressions such as
There's another use case with expressions that you can find useful, you can allocate memory on demand!
After stopping the process (by using F1 or F2), some GDB expressions like the ones below will allocate memory depending on the context:
-
"asdf"will return a string. -
{0x00ffba42}will return a 4 bytes integer. -
{0x00000023,0x00513245}will return an array of 2 integers.
After pressing OK button, PINCE will add the allocated memory address to the table
You can also use GDB expressions for setting breakpoint conditions like this:
$eax==0x523$rax>0 && ($rbp<0 || $rsp==0)printf($r10)==3
You can also use single quotes(') to grab the demangled function names, for example:
- Open up Memory Viewer to see the Disassembler View.
- Right click any disassembled instruction and select "Go to expression".
- You can also use the default (CTRL+G) keybinding.
- Type in
'KMinesScene::metaObject() const'which will translate to_ZNK11KMinesScene10metaObjectEv- Obviously this can fail if your process does not have that function symbol but you get the gist.