英文:
How to look at a series of values stored in memory
问题
在GDB中,要查看存储在内存地址0x3409处的字符串值,你可以使用以下命令:
x/s 0x3409
这将显示在地址0x3409处存储的以空字符结尾的字符串,即答案中的文本。不要使用print或x来查看整数值,因为这不会解释存储在该地址中的字符串。使用x/s命令将以字符串形式显示内存中的内容,这对于查看答案的文本非常有用。
英文:
As part of a large project for a class I'm taking, I need to decipher large chunks of assembly. To judge that, I need to find the answers to different "phases" of a "bomb", via debugging that code. The goal is to not explode the bomb.
Dump of assembler code for function phase_2:
0x000000000000160b <+0>: endbr64
0x000000000000160f <+4>: push %rbp
0x0000000000001610 <+5>: push %rbx
0x0000000000001611 <+6>: sub $0x28,%rsp
0x0000000000001615 <+10>: mov %fs:0x28,%rax
0x000000000000161e <+19>: mov %rax,0x18(%rsp)
0x0000000000001623 <+24>: xor %eax,%eax
0x0000000000001625 <+26>: mov %rsp,%rsi
0x0000000000001628 <+29>: callq 0x1eea <read_six_numbers>
0x000000000000162d <+34>: cmpl $0x1,(%rsp)
0x0000000000001631 <+38>: jne 0x163d <phase_2+50>
0x0000000000001633 <+40>: mov %rsp,%rbx
0x0000000000001636 <+43>: lea 0x14(%rsp),%rbp
0x000000000000163b <+48>: jmp 0x1652 <phase_2+71>
0x000000000000163d <+50>: callq 0x1ea8 <explode_bomb>
//more code after this that I don't think is relevant to my question
After looking over this, I decided that I needed to see what was in read_six_numbers, which is as follows:
Dump of assembler code for function read_six_numbers:
0x0000000000001eea <+0>: endbr64
0x0000000000001eee <+4>: sub $0x8,%rsp
0x0000000000001ef2 <+8>: mov %rsi,%rdx
0x0000000000001ef5 <+11>: lea 0x4(%rsi),%rcx
0x0000000000001ef9 <+15>: lea 0x14(%rsi),%rax
0x0000000000001efd <+19>: push %rax
0x0000000000001efe <+20>: lea 0x10(%rsi),%rax
0x0000000000001f02 <+24>: push %rax
0x0000000000001f03 <+25>: lea 0xc(%rsi),%r9
0x0000000000001f07 <+29>: lea 0x8(%rsi),%r8
0x0000000000001f0b <+33>: lea 0x14f7(%rip),%rsi # 0x3409
0x0000000000001f12 <+40>: mov $0x0,%eax
0x0000000000001f17 <+45>: callq 0x12f0 <__isoc99_sscanf@plt>
0x0000000000001f1c <+50>: add $0x10,%rsp
0x0000000000001f20 <+54>: cmp $0x5,%eax
0x0000000000001f23 <+57>: jle 0x1f2a <read_six_numbers+64>
0x0000000000001f25 <+59>: add $0x8,%rsp
0x0000000000001f29 <+63>: retq
0x0000000000001f2a <+64>: callq 0x1ea8 <explode_bomb>
End of assembler dump.
This led to me wanting to know what was in 0x3409, which is as follows.
0x00003400 6c6f776e 2075702e 00256420 25642025 lown up..%d %d %
0x00003410 64202564 20256420 25640045 72726f72 d %d %d %d.Error
The answers to all the different phases are supposedly all strings. And so I thought that my answer would be the six numbers stored in the different %d's However, when I typed print 0x3409 into gdb I got 13321, which is the decimal number for 0x3409 instead of the values actually stored in memory. So what should I type in order to get the actual values in the %d's?
Edit: When I typed x 0x3409 it shot back 0x3409: 0x25206425 which I don't think is what it wanted either.
答案1
得分: 2
但是,当我在gdb中输入
print 0x3409时,我得到的是13321,这是0x3409的十进制表示,而不是实际存储在内存中的值。
这就是print命令的作用。
显然,您想要的是examine 0x3409或x 0x3409。然而,那里不是数字,而是输入格式中的字符%、d、空格 、%、d等等。
代码从标准输入(可能是stdin)中读取了六个数字,但这不太可能告诉您程序实际期望的数字是什么。
英文:
> However, when I typed print 0x3409 into gdb I got 13321, which is the decimal number for 0x3409 instead of the values actually stored in memory.
That's what print command does.
What you apparently wanted was examine 0x3409, or x 0x3409. However, that's not where the numbers are -- that's where the characters %, d, , %, d, etc. from the input format are.
The code reads six numbers (probably from stdin), and that's unlikely to tell you which numbers the program actually expects.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论