what does -0x4(%rbp) means in gdb disassembly?
Solution 1
Registers in gdb can be referred with the prefix '$'
p *(int *)($rbp - 8)
RBP and RSP most likely refer to memory locations, specifically to stack. Other registers are more or less generic purpose registers and can point to memory too.
Solution 2
It means "the data stored when you subtract eight from the address stored in rbp". Try looking at the stack commands available in gdb: http://www.delorie.com/gnu/docs/gdb/gdb_41.html
Solution 3
The actually meaning of those structures such as -0x8(%rbp) depends on the architecture (or the assembly language). But in this case, -0x8(%rbp) is a memory address, probably value of %rbp minus 8.
In gdb, you can print the value of those memory address by doing something like
info r rbp
p *(int *)(value_of_rbp - 8)
Related videos on Youtube
![Overwriting RBP with an Off-by-One Buffer Overflow - Cake - [Intigriti 1337UP LIVE CTF 2022]](https://i.ytimg.com/vi/jU7yB-elFV8/hqdefault.jpg?sqp=-oaymwEcCOADEI4CSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLCEz4n4f63i8OfwgwzqN_tQJh6G3g)
33 : 51
15 : 36
04 : 47
23 : 42
14 : 47
10 : 20
09 : 56
16 : 06
55 : 12
08 : 51
Red Wolf's Husband
Updated on June 04, 2022Comments
-
Red Wolf's Husband almost 2 years
i am currently working on gdb disassembly to help me understand more detail about the c program so i write a c program:
#include <stdio.h> void swap(int a, int b){ int temp = a; a = b; b = temp; } void main(){ int a = 1,b = 2; swap(a, b); }I use gdb and run
disass /m mainto get those:(gdb) disass /m main Dump of assembler code for function main: 8 void main(){ 0x0000000000400492 <+0>: push %rbp 0x0000000000400493 <+1>: mov %rsp,%rbp 0x0000000000400496 <+4>: sub $0x10,%rsp 9 int a = 1,b = 2; 0x000000000040049a <+8>: movl $0x1,-0x8(%rbp) 0x00000000004004a1 <+15>: movl $0x2,-0x4(%rbp) 10 swap(a, b); 0x00000000004004a8 <+22>: mov -0x4(%rbp),%edx 0x00000000004004ab <+25>: mov -0x8(%rbp),%eax 0x00000000004004ae <+28>: mov %edx,%esi 0x00000000004004b0 <+30>: mov %eax,%edi 0x00000000004004b2 <+32>: callq 0x400474 <swap> 11 } 0x00000000004004b7 <+37>: leaveq 0x00000000004004b8 <+38>: retq End of assembler dump.My question is those
-0x8(%rbp)means what?A memory or a register?
I do know that 1 is store in
-0x8(%rbp)and 2 is in-0x4(%rbp), How can i show the value in thoes kind of 'place' ? I try to use(gdb) p -0x8(%rbp)but get this:A syntax error in expression, near `%rbp)'.-
Aki Suihkonen about 10 yearsShouldn't you want to write
void swap(int *a, int *b)? Otherwise the change is not reflected to the caller.
-
-
Red Wolf's Husband about 10 yearsGreat! and another question %edx mean memory too?
-
Lee Duhem about 10 years@RedWolf'sHusband No,
%edxmeans a register namededx. For example,mov -0x4(%rbp),%edxmeans, I guess, moving (copying, actually) the contents in address%rbp - 4to register%edx. -
harperville over 4 yearsThe link now redirects to gnu.org I don't know how long these links will be around but I found some that can be of use for those who are interested: gnu.org/software/hurd/gdb.html and sourceware.org/gdb/download/onlinedocs/gdb/index.html
