What does gdb 'x' command do?

前端 未结 2 1131
抹茶落季
抹茶落季 2021-02-02 13:56

I am reading a book about hacking and it has a chapter about assembly.

Following is my tiny program written in C.

#include 

int main(int          


        
相关标签:
2条回答
  • 2021-02-02 14:41
    (gdb) help x
    Examine memory: x/FMT ADDRESS.
    ADDRESS is an expression for the memory address to examine.
    FMT is a repeat count followed by a format letter and a size letter.
    Format letters are o(octal), x(hex), d(decimal), u(unsigned decimal),
      t(binary), f(float), a(address), i(instruction), c(char) and s(string),
      T(OSType), A(floating point values in hex).
    Size letters are b(byte), h(halfword), w(word), g(giant, 8 bytes).
    The specified number of objects of the specified size are printed
    according to the format.
    
    Defaults for format and size letters are those previously used.
    Default count is 1.  Default address is following last thing printed
    with this command or "print".
    
    0 讨论(0)
  • 2021-02-02 14:42

    As to (1), you got that correct.

    As to (2), the x command has up to 3 specifiers: how many objects to print; in which format; and what object size. In all your examples you choose to print as hex (x). As to the first specifier, you ask to print 12, 8, 8 objects.

    As to the last specifier in your cases:
    x/12x has none, so gdb defaults to assuming you want 4-byte chunks (which GDB calls "words", x86 calls "double words"). Generally, I'd always specify what exactly you want as opposed to falling back on default settings.

    x/8xw does the same, for 8 objects, as you explicitly requested dwords now.

    (The x command defaults to the last size you used, but the initial default for that on startup is w words)


    x/8xh requests half-word sized chunks of 2 bytes, so objects printed in 2 byte chunks. (Half-word relative to GDB's standard 32-bit word size; x86 calls this a "word").

    In case you wonder why the concatenation of two neighboring values does not equal what was reported when you printed in dwords, this is because the x86 is a little-endian architecture. What that means is detailed quite well in Erickson's book again - if you look a few pages ahead, he does some calculations you might find helpful. In a nutshell, if you recombine them (2,1) (4,3), ..., you'll see they match.

    0 讨论(0)
提交回复
热议问题