Complete Guide to Debugging Running Processes with GDB on Linux

Basic Methods for Attaching GDB to Running Processes

In Linux systems, the GNU Debugger (GDB) provides powerful capabilities for debugging processes that are currently running. By attaching to target processes, developers can perform real-time debugging analysis without interrupting program execution.

Detailed Process Attachment Commands

GDB offers two primary methods for attaching to running processes:

Direct Command Line Attachment:

gdb -p <PID>

Where <PID> is the process identifier of the target process. This method specifies the process to attach during GDB startup.

Internal GDB Attachment Command:

(gdb) attach <PID>

Using the attach command within an active GDB session allows dynamic attachment to specified processes. This command supports process IDs, process names, or device files as parameters.

Process ID Acquisition Methods

Before attaching, accurate acquisition of the target process PID is essential:

ps -C program_name -o pid h
# Alternatively use pgrep
pgrep program_name

To obtain PID from within GDB, use the shell command:

(gdb) shell ps -C program_name -o pid h

Linux Security Mechanisms and ptrace Configuration

Modern Linux systems impose restrictions on ptrace system calls for security reasons. The Yama security module may prevent process attachment by non-privileged users by default.

ptrace_scope Configuration Options:

/proc/sys/kernel/yama/ptrace_scope

Available configuration values and their meanings:

• 0 - Classic ptrace permissions: Processes with same UID can attach to each other
• 1 - Restricted ptrace: Can only attach to child processes or debuggers declared via prctl
• 2 - Admin-only attach: Requires CAP_SYS_PTRACE capability
• 3 - No attach: Completely disables ptrace functionality

Temporary configuration modification:

echo 0 > /proc/sys/kernel/yama/ptrace_scope

Debugging Information Acquisition and Configuration

Effective debugging requires corresponding debugging information. For self-compiled programs, add debugging options during compilation:

gcc -g -Og program.c -o program

The -g option generates debugging information, while -Og provides debug-friendly optimization level.

For system-installed program packages, use the debuginfo-install tool to automatically obtain debugging information:

debuginfo-install package_name

Complete Debugging Process Example

Below is a complete example of debugging a running process:

# 1. Find target process PID
ps -C myapp -o pid h
# Output: 1234

# 2. Check ptrace permission configuration
cat /proc/sys/kernel/yama/ptrace_scope

# 3. Attach to process
gdb -p 1234

# 4. Load symbol information in GDB
(gdb) file /path/to/myapp

# 5. Set breakpoints and begin debugging
(gdb) break main
(gdb) continue

Debugging Commands and Techniques

After attaching to a process, standard GDB commands can be used for debugging:

• break - Set breakpoints
• continue - Continue execution
• step - Step into functions
• next - Step over functions
• print - Examine variable values
• backtrace - View call stack

Multi-threaded and Process Forking Debugging

For programs with multiple threads or forked processes, GDB provides specialized debugging support:

# Set fork follow mode
(gdb) set follow-fork-mode child

# View thread information
(gdb) info threads

# Switch current debugging thread
(gdb) thread 2

Common Issues and Solutions

Permission Denied Errors: Check ptrace_scope settings and user permissions

Missing Symbol Information: Ensure programs are compiled with debugging information or install corresponding debuginfo packages

Abnormal Process States: Certain process states (like zombie processes) cannot be attached for debugging

Best Practice Recommendations

• Use ptrace cautiously in production environments, considering security implications
• Pre-configure debugging information for critical service processes
• Use non-intrusive debugging tools (like strace, ltrace) for preliminary analysis
• Record debugging sessions for subsequent analysis