Breaking into a forked child in gdb

Disclaimer: I am a noob at gdb.

To use intel syntax and display the current instruction:

(gdb) set disassembly-flavor intel
(gdb) display/i $pc

Next, setting a breakpoint where 0xdeadbeef is the address of call fork instruction. Get gdb to follow fork child instead of parent, which is the default behaviour. Step over the fork to land in the child process:

(gdb) break *0xdeadbeef
(gdb) run
(gdb) set follow-fork-mode child
(gdb) nexti

Bonus, setting a rwx data breakpoint:

(gdb) awatch *0xbabecafe
(gdb) continue

Now I am not sure which is the greater evil, gdb or windbg…

Advertisements