[英]GDB and opcodes
來自Windows環境,當我進行內核調試或者甚至是用戶模式時,我可以以非常詳細的方式看到反匯編的代碼,例如:
80526db2 6824020000 push 224h 80526db7 6808a14d80 push offset nt!ObWatchHandles+0x8dc (804da108) 80526dbc e81f030100 call nt!_SEH_prolog (805370e0) 80526dc1 a140a05480 mov eax,dword ptr [nt!__security_cookie (8054a040)]
第一個數字是地址非常明顯,但第二個數字代表操作碼字節,而且在GDB上缺少,或者至少,我不知道如何獲得類似的結果。
我通常會這樣做:
(gdb):display / i $ pc
但我得到的是這樣的:
x / i $ pc 0x21c4c:pop%eax
我可以看到代碼字節是什么,這對我來說有時是一個問題。 我可以用顯示器做些什么可以幫忙嗎?
編輯:Mac OS X 10.8.3上有問題的GDB是6.3.50。
我認為disassemble /r
應該給你你想要的東西:
(gdb) help disass
Disassemble a specified section of memory.
Default is the function surrounding the pc of the selected frame.
With a /m modifier, source lines are included (if available).
With a /r modifier, raw instructions in hex are included.
With a single argument, the function surrounding that address is dumped.
Two arguments (separated by a comma) are taken as a range of memory to dump,
in the form of "start,end", or "start,+length".
(gdb) disass /r main
Dump of assembler code for function main:
0x004004f8 <+0>: 55 push %ebp
0x004004f9 <+1>: 48 dec %eax
0x004004fa <+2>: 89 e5 mov %esp,%ebp
0x004004fc <+4>: 48 dec %eax
0x004004fd <+5>: 83 ec 10 sub $0x10,%esp
0x00400500 <+8>: 89 7d fc mov %edi,-0x4(%ebp)
0x00400503 <+11>: 48 dec %eax
0x00400504 <+12>: 89 75 f0 mov %esi,-0x10(%ebp)
0x00400507 <+15>: bf 0c 06 40 00 mov $0x40060c,%edi
0x0040050c <+20>: b8 00 00 00 00 mov $0x0,%eax
0x00400511 <+25>: e8 0a ff ff ff call 0x400420
0x00400516 <+30>: bf 00 00 00 00 mov $0x0,%edi
0x0040051b <+35>: e8 10 ff ff ff call 0x400430
End of assembler dump.
(gdb)
如果使用lldb,則可以使用-b選項進行反匯編以獲得相同的效果:
(lldb) disassemble -b -p
Sketch`main + 46 at SKTMain.m:17:
-> 0x10001aa0e: 48 89 c7 movq %rax, %rdi
0x10001aa11: b0 00 movb $0, %al
0x10001aa13: e8 f2 48 00 00 callq 0x10001f30a ; symbol stub for: NSLog
0x10001aa18: 48 8d 35 99 fa 00 00 leaq 64153(%rip), %rsi ; @Sketch`.str3
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.