I'm using GDB to debug code that was assembled with
nasm -felf64 -Fdwarf
when I want to examine the value at a label symbol, say
var_h: dq -1
using
print var_h
GDB assumes that the value is 32-bit and only gives me the lowest 4 bytes
x \1gx $var_h
gives an error along the lines of "cannot convert value to integer'
Very grateful for any ideas!
This should work:
(gdb) x/gx &var_h
Your other commands, as well as "along the lines of ..." make no sense.
Details matter, and you should always show actual commands you used and output you received, not vague approximations thereof.
Related
First time disassembling a program in a few months using GDB and on a new linux VM. Last time, when I disassembled a program, set a breakpoint, and ran, the value returned by "i r rip" would EXACTLY match the address of one of the program instructions.
This time, the value returned by "i r rip" == 0x5...54699 <main+15" while the assembly address shown for <+15> == "0x0...0699".
Is GDB now using relative addressing and zeroing the more significant (irrelevant?) address bits similar to what Wireshark does for sequence numbers?
This is my screen dump:
Disassembled code and rip query
You are looking at position-independent executable (PIE).
This executable is linked to load at address 0, and is relocated to 0x54... address on execution.
If you disas main before first running the binary, GDB will show the original linked-at addresses. If you do the same command after first run, GDB will show relocated (actual) addresses.
You can also link non-PIE binary with gcc t.c -no-pie. That binary will exhibit the behavior you expect: the output of disas main will not change between before and after first run, and the disassembly will match the actual value of rip at runtime.
I'm working on the bomb lab from CMU CSAPP class from this site, the bomb binary is here.
I found a very interesting thing using gdb while i am defusing phase_3 of the bomb. I need to use a lot p/x [MEMORY_ADDRESS] while defusing phase_3, however, the output of the print command looks strange to me.
I tried to print against different memeory address using p/x *[MEMORY_ADDRESS], the length of the output varied a lot. It sometimes gave me a 8-char output like 0x18244c8b, sometimes gave me a 6-char output like 0x28250c, or sometimes only a 0x0.
In my understanding, while using p/x *[MEMORY_ADDRESS], we are only print the hex value of the single byte resides in that memory address, which should only give us a 2-char output in hex format. How does gdb decide how many bytes it will print while executing p/x?
Thanks for looking at this problem.
My understanding is that, gdb is treating my memory address as a pointer to int, thus will always try to print 4 bytes, the reason i'm seeing varying output is because some ouputs have so many leading zeros. So 0xfe is actually 0x000000fe.
In this scenario, gdb's print command is always printing 4 bytes.
I am trying to troubleshoot a bus error with some inline SSE2 assembly. The source code has a macro that uses 5 pointers, and I suspect one of them is not aligned.
I set a breakpoint on the source line. But when I perform a disass, it disassembles from the top of the function, and not where the debugger is stopped. There are hundreds of lines of assembly, so its not really helpful to me. Pressing ENTER 30 to 40 times in response to "Press ENTER to continue" got old very quickly.
I tried a disass $pc, but it dsassembled from the top of the function. I also tried a disass . (with the dot meaning "here"), but that resulted in:
A syntax error in expression, near `.'.
What does GDB use to denote "here"?
You were correct with the use of $pc to represent the current location. The reason that this did not do what you expected when used with the disassemble command is that the disassemble command tries by default to disassemble the function containing the given address which is what you are seeing.
There are alternative forms that can be given to disassemble, for example start,end where start and end are addresses, or start,+length where start is an address and length is a number of bytes.
Try help disassemble at the gdb prompt for more information.
As an alternative you can also use the x (examine) command to display instructions, without the smart find the beginning of the function behaviour, so x/10i $pc will display 10 instructions starting from $pc. This can be helpful if you only want the instructions disassembled, however you don't have access to the /m or /r modifiers that are available on the disassemble command. These modifiers display interleaved source and assembler (for /m) or the raw instruction bytes (for /r).
Also, if the whole press ENTER to continue thing is getting old then you can try set height 0 to turn off the pager, do make sure that you have enough scroll back in your terminal though :)
I am trying to examine some addresses in gdb. It was printing in hex previously but I'm not sure how I changed it. When I enter x/20 $rsp the result looks like this:
0x7fffffffb060: -20336 32767 -559038737 0
Obviously this is not the end of the world since I can manually convert the values if needed but it is pretty annoying. I've tried exiting gdb and restarting but that does nothing.
gdb uses the last specified setting when printing values. To force hexadecimal, append x: x/20x addr.
faced the same issue, I try to print one byte first and then x/x shows hex values
or
use x/4bx to display 4 bytes in hex, there is an extra x in the end.
I am trying to match the gdb disassemble output (disas [address]) against the source code. I know that such mapping can be done using (gdb) info line *address to find the matching line. However I do not quite understand the format of the output of disassemble. Specifically, what do the following numbers, +4722, and +4281, mean ?
0x00002ad61e45bd02 <+4722>: jmpq 0x2ad61e45bb49 <MsgManager::ForwardMsg(boost::shared_ptr<Channel>, boost::shared_ptr<Msg>, boost::shared_ptr<Context>)+4281>
I am using GNU gdb (GDB) 7.4.1.
Specifically, what do the following numbers, +4722, and +4281, mean
The instruction at address 0x00002ad61e45bd02, which is 4722 bytes from the start of current function (most likely MsgManager::ForwardMsg()) is a jump to address 0x2ad61e45bb49, which is 4281 bytes from the start of MsgManager::ForwardMsg().
You may also find (gdb) disas/m command handy.