Best IT Recipes

How can I get gdb to understand?

I try to parse the program to see the syscall assembly instruction (the INT instruction, I believe), and the GDB handler wrote a small program (see below) for it that opens and closes the file. I was able to make the call to open with GDB until it made the call. When I tried to tell GDB "parse 0x ...." (call address), he answered "No function contains the specified address." Is it possible to get GDB to disassemble (or display it in assembler as best as possible) this memory address? If so, how?

#include <stdio.h> #include <stdlib.h> int main() { FILE* f; f = fopen("main.c", "r"); if (!f) { perror("open"); return -1; } fclose(f); return 0; }
+49
disassembly gdb
Aug 6 '09 at 7:54
source share
8 answers

Do you only want to make out your core? If yes, try the following:

 (gdb) info line main (gdb) disas STARTADDRESS ENDADDRESS

Same:

 USER@MACHINE /cygdrive/c/prog/dsa $ gcc-3.exe -g main.c USER@MACHINE /cygdrive/c/prog/dsa $ gdb a.exe GNU gdb 6.8.0.20080328-cvs (cygwin-special) ... (gdb) info line main Line 3 of "main.c" starts at address 0x401050 <main> and ends at 0x401075 <main+ (gdb) disas 0x401050 0x401075 Dump of assembler code from 0x401050 to 0x401075: 0x00401050 <main+0>: push %ebp 0x00401051 <main+1>: mov %esp,%ebp 0x00401053 <main+3>: sub $0x18,%esp 0x00401056 <main+6>: and $0xfffffff0,%esp 0x00401059 <main+9>: mov $0x0,%eax 0x0040105e <main+14>: add $0xf,%eax 0x00401061 <main+17>: add $0xf,%eax 0x00401064 <main+20>: shr $0x4,%eax 0x00401067 <main+23>: shl $0x4,%eax 0x0040106a <main+26>: mov %eax,-0xc(%ebp) 0x0040106d <main+29>: mov -0xc(%ebp),%eax 0x00401070 <main+32>: call 0x4010c4 <_alloca> End of assembler dump.

I do not see your system interrupt call. (it has been a while since the last time I tried to make a system call in the assembly. INT 21h, though, the last time I remember

+39
Aug 07 '09 at 16:17
source share

Yes, a disassembler is not the best team to use here. The command you want is "x / i" (check as instructions):

 (gdb) x/i 0xdeadbeef
+82
Oct 09 '09 at 19:12
source share

This is not a direct answer to your question, but since you just want to parse the binary, maybe you can just use objdump :

 objdump -d program

That should give you a showdown. You can add -S if you want it to be annotated with source code.

+27
Aug 07 '09 at 16:25
source share

fopen () is a C library function, so you won't see any syscall commands in your code, but just a regular function call. At some point, he calls open (2), but he does it through a trampoline. There is simply a transition to the VDSO page, which is provided by the kernel for each process. VDSO then provides the code to call the system. On modern processors, SYSCALL or SYSENTER commands will be used, but you can also use INT 80h on x86 processors.

+7
Jan 25 '10 at 2:22
source share

You can force gcc to output directly to assembly code by adding the -S switch

 gcc -S hello.c
+6
Sep 18 '09 at 17:44
source share

If all you want to do is see disassembly with an INTC call, use objdump -d like someone else, but use the -static option when compiling. Otherwise, the fopen function will not be compiled into an elf and bound at run time.

+3
Oct 22 '09 at 16:51
source share

You do not need to use gdb. GCC will do it.

  gcc -S foo.c

This will create foo.s, which is the assembly.

 gcc -m32 -c -g -Wa,-a,-ad foo.c > foo.lst

In the above version, a list file will be created in which there is both C and the assembly generated by it. GCC Questions

+1
Jul 23 '14 at 3:43 on
source share

The gdb disassembler has a / m to include source code along with instructions. This is equivalent to objdump -S, with the added benefit of restricting only one function (or address range) of interest.

+1
Feb 26 '15 at 19:12
source share


More articles:


All Articles