All geek questions in one place

How to read local variables using gdb?

I know that you can find any parameters by looking at a positive offset from $ ebp using gdb:

(gdb) x/4wx $ebp

Then I would look at the 3rd and 4th addresses using x/s , because they will be the first and second parameter. What about local variables? How would I look at values ​​with a negative offset from $ ebp? Also, is there anyway to look at the value of $ eax? Whenever I try to print the value of $ eax using x/s $eax , the address is not connected or the value is 0, which I am sure that this is not because I just put a constant value in the register.

I tried info locals , but got the message "No character table information."

+6
source share
2 answers

First you need to compile the debugging characters into your binary. To do this, use the -g option to gcc with your current command. If you use another compiler, you will need to consult its documentation. After that, "locals data" and the print command will work.

To look at any local variable, all you have to do is use the print command. For example, looking at the local variable "i" is as simple as "print i".

You should be able to handle $ eax just like $ ebp. I suspect you are having problems because you are using x / s. x / s will try to print the line, and so it will continue until it has a zero character. If this does not happen for a long time, the length of the string will go beyond. Try "x / d $ eax". You can even do "print $ eax". You can also use "information registers" to get all the register data.

+6
source

I know that you can find any parameters by looking at a positive offset from $ ebp using gdb

This only works for some processors and some calling conventions and by no means universally.

Assuming that you only care about x86 and that your code was compiled with pointers to frames (which used to be standard, but was no longer the default value for GCC 4.6 in option mode), local people stand out with a fixed negative offset from %ebp .

Obviously, if you can rebuild your code using debugging symbols (using -g ), then GDB can simply print its values, and you don’t have to worry about how GDB detects them.

If you cannot (for example, because the code came from a third party), you will have to carefully look at the disassembly and guess. If you guessed that some value is stored in %ebp-8 , you can check this value with GDB in the same way as you study positive offsets: (gdb) x/wx $ebp-8 .

Beware: the compiler is free to host locally in any way, so if you declare

 int x, y, z;

the compiler can store x on %ebp-16 , y on %ebp-20 and z on %ebp-12 .

0
source

Source: https://habr.com/ru/post/887787/

More articles:


All Articles