LLDB获取argv的内存地址

Question

I'm reading through Jon Erickson's Hacking and on page 61 there's an example using gdb to explore the array of pointers-to-string stored in argv . It looks like when you break at main in gdb, the value of argc and address of argv are part of the log statement. Eg,

Breakpoint 1, main(argc=2, argv=0xbffff894) at convert2.c:14

I'm trying to do the same thing with lldb, and while I can use settings show target.run-args to get the args, what I really want is the address of argv . Is this possible?

Answer 1

For ARM and x86_64, it is quite easy: stop at main, and do:

(lldb) memory read -t "char *" -c `(int) $arg1` $arg2

"memory read -t" is functionally the same as the gdb print's "@" syntax. Just says "read the memory pointed to by the address passed to the command as an array of the type given by the -t argument"

lldb defines "convenience variables" $arg1, $arg2, etc, which are aliases for the registers that are used to pass the first, second, etc arguments to a function. You have to be right at the beginning of the function for these to have the correct value, since these are just registers and they will get reused. 32-bit Intel doesn't use registers for argument passing, so you'll have to get them from the stack.

This command uses $arg2, which will hold the argv variable as the memory address to read.

The other interesting thing about this command is it is using lldb's backtick - which means evaluate this argument as an expression - to read the count from the first (argc) argument.