Graphics Programs Reference
In-Depth Information
The first four bytes are shown both in hexadecimal and standard unsigned
decimal notation. A command-line calculator program called
bc
is used to show
that if the bytes are interpreted in the incorrect order, a horribly incorrect
value of
3343252480
is the result. The byte order of a given architecture is an
important detail to be aware of. While most debugging tools and compilers
will take care of the details of byte order automatically, eventually you will
directly manipulate memory by yourself.
In addition to converting byte order, GDB can do other conversions with
the e
x
amine command. We've already seen that GDB can disassemble machine
language instructions into human-readable assembly instructions. The e
x
amine
command also accepts the format letter
i
, short for
instruction
, to display the
memory as disassembled assembly language instructions.
reader@hacking:~/booksrc $ gdb -q ./a.out
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(gdb) break main
Breakpoint 1 at 0x8048384: file firstprog.c, line 6.
(gdb) run
Starting program: /home/reader/booksrc/a.out
Breakpoint 1, main () at firstprog.c:6
6 for(i=0; i < 10; i++)
(gdb) i r $eip
eip 0x8048384 0x8048384 <main+16>
(gdb) x/i $eip
0x8048384 <main+16>: mov DWORD PTR [ebp-4],0x0
(gdb) x/3i $eip
0x8048384 <main+16>: mov DWORD PTR [ebp-4],0x0
0x804838b <main+23>: cmp DWORD PTR [ebp-4],0x9
0x804838f <main+27>: jle 0x8048393 <main+31>
(gdb) x/7xb $eip
0x8048384 <main+16>: 0xc7 0x45 0xfc 0x00 0x00 0x00 0x00
(gdb) x/i $eip
0x8048384 <main+16>: mov DWORD PTR [ebp-4],0x0
(gdb)
In the output above, the
a.out
program is run in GDB, with a breakpoint
set at
main().
Since the EIP register is pointing to memory that actually con-
tains machine language instructions, they disassemble quite nicely.
The previous
objdump
disassembly confirms that the seven bytes EIP is
pointing to actually are machine language for the corresponding assembly
instruction.
8
048384: c7 45 fc 00 00 00 00 mov DWORD PTR [ebp-4],0x0
This assembly instruction will move the value of 0 into memory located
at the address stored in the EBP register, minus 4. This is where the C vari-
able
i
is stored in memory;
i
was declared as an integer that uses 4 bytes of
memory on the
x
86 processor. Basically, this command will zero out the
