GDB Print value relative to case

Question

GDB Print value relative to case

Okay, so basically I'm wondering how to print the value of a memory address that is offset from the address stored in the register in GDB. For example, take this assembly line:

mov 0x34(%esp),%edx

In my understanding, this takes the value 52 bytes after the address pointed to by the stack pointer and stores that value inside the edx register. In this case, the value is a string, so it will store char *. When using the validation command inside GDB in the edx register:

 x/s $edx

It prints the line as intended. However, when I try to print the line directly by examining the location, it was copied from this command:

 x/s $esp + 0x34

He prints trash. Why is this? Am I misunderstood the syntax of the GDB command, or is it something else?

+9

c assembly x86 memory gdb

Chris frretz Oct 24 '13 at 1:22

source share

2 answers

dbrank0 · Answer 1 · 2013-10-24T07:11:06+0000

Team

x prints the data to the address indicated by the specified register. For example, x/s $edx prints a line starting with the address specified by the value of the edx . It must also print the address itself.

Suppose the value of esp is 0x7fffff00 , and the value downloaded from 0x34(%esp) to edx is 0x43210 . x/s $edx will print a line at location 0x43210 in a manner similar to this:

 (gdb) x/s $esp 0x0x43210: "hello world!"

So far, x/s $esp + 0x34 will try to print a line starting with 0x7fffff34 . There is a pointer to the actual line, so if you do x/wx $esp + 0x34 , you should see a pointer to your line ( 0x43210 ). The "trash" you see is a pointer (and the following data), represented as a string.

Sun yi-ming · Answer 2 · 2019-05-19T16:51:00+0000

 x/s *(void**)($esp + 0x34)

working

GDB Print value relative to case

More articles: