All geek questions in one place

In gdb, how do I parse the previous address instruction?

We know that disassembling instructions after a given address (inclusively) can be achieved with something like:

x/5i address

which will print 5 instructions, but how do I parse the previous instruction?

I am debugging JIT code, so things like disassembling a string do not work. I could parse a random range containing the address:

 disas address-10 address+10

but this is very inconvenient, and you will see (bad) (hopefully not in the middle!), and start to worry that you are not getting something right. I am looking for something like:

 x/-5i address

but the above will not work.

+4
source share
2 answers

x / -5i address does not work

On x86 or any architecture with variable instruction size, you cannot even know the start address of the previous instruction, and therefore you cannot reliably parse the previous instruction.

What I am doing (very similar to what you are doing): x/15i $pc-35 . When you back out enough bytes (35 here), disassemblies of the command stream are usually re-synchronized, at first you see only one or two instructions (bad) , but the instructions around $pc look right.

+5
source

You can parse the current instruction ( $pc ), and then just try to parse a few bytes back until the second command you see is correct.

 (lldb) x/3i $pc -> 0xeccac5d4: 0x6913 ldr r3, [r2, #0x10] 0xeccac5d6: 0xaa02 add r2, sp, #0x8 0xeccac5d8: 0x4798 blx r3 (lldb) x/3i $pc-1 0xeccac5d3: 0x1368 asrs r0, r5, #0xd 0xeccac5d5: 0x0269 lsls r1, r5, #0x9 0xeccac5d7: 0x98aa ldr r0, [sp, #0x2a8] (lldb) x/3i $pc-2 0xeccac5d2: 0x6802 ldr r2, [r0] -> 0xeccac5d4: 0x6913 ldr r3, [r2, #0x10] <------ Correct! 0xeccac5d6: 0xaa02 add r2, sp, #0x8
0
source

Source: https://habr.com/ru/post/1479200/

More articles:


All Articles