Skip to content

Commit f422d24

Browse files
hexylenahexylena
committed
add other syntax
1 parent 4443030 commit f422d24

File tree

1 file changed

+72
-23
lines changed

1 file changed

+72
-23
lines changed

_resources/assembly-stack.md

Lines changed: 72 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,14 @@
22

33
When entering/exiting a function.
44

5+
You can use
6+
7+
```
8+
set disassembly-flavor [intel|att]
9+
```
10+
11+
to switch disassembly formats. (Or to include that in your `~/.gdbinit` to set permanently)
12+
513
## C Code
614

715
```
@@ -32,31 +40,31 @@ sudo apt install gcc-multilib lib32gcc-5-dev
3240
## Disassembly
3341

3442
```
35-
(gdb) disas main
43+
(gdb) disas main # Intel Syntax # ATT Syntax
3644
Dump of assembler code for function main:
37-
0x080483f4 <+0>: push ebp
38-
0x080483f5 <+1>: mov ebp,esp
39-
0x080483f7 <+3>: push 0x5
40-
0x080483f9 <+5>: push 0x4
41-
0x080483fb <+7>: push 0x3
42-
0x080483fd <+9>: call 0x80483db <blah>
43-
0x08048402 <+14>: add esp,0xc
44-
0x08048405 <+17>: mov eax,0x0
45-
0x0804840a <+22>: leave
46-
0x0804840b <+23>: ret
47-
48-
(gdb) disas blah
45+
0x080483f4 <+0>: push ebp push %ebp
46+
0x080483f5 <+1>: mov ebp,esp mov %esp,%ebp
47+
0x080483f7 <+3>: push 0x5 push $0x5
48+
0x080483f9 <+5>: push 0x4 push $0x4
49+
0x080483fb <+7>: push 0x3 push $0x3
50+
0x080483fd <+9>: call 0x80483db <blah> call 0x80483db <blah>
51+
0x08048402 <+14>: add esp,0xc add $0xc,%esp
52+
0x08048405 <+17>: mov eax,0x0 mov $0x0,%eax
53+
0x0804840a <+22>: leave leave
54+
0x0804840b <+23>: ret ret
55+
56+
(gdb) disas blah # Intel Syntax # ATT Syntax
4957
Dump of assembler code for function blah:
50-
0x080483db <+0>: push ebp
51-
0x080483dc <+1>: mov ebp,esp
52-
0x080483de <+3>: sub esp,0x10
53-
0x080483e1 <+6>: mov eax,DWORD PTR [ebp+0x8]
54-
0x080483e4 <+9>: imul eax,DWORD PTR [ebp+0xc]
55-
0x080483e8 <+13>: imul eax,DWORD PTR [ebp+0x10]
56-
0x080483ec <+17>: mov DWORD PTR [ebp-0x4],eax
57-
0x080483ef <+20>: mov eax,DWORD PTR [ebp-0x4]
58-
0x080483f2 <+23>: leave
59-
0x080483f3 <+24>: ret
58+
0x080483db <+0>: push ebp push %ebp
59+
0x080483dc <+1>: mov ebp,esp mov %esp,%ebp
60+
0x080483de <+3>: sub esp,0x10 sub $0x10,%esp
61+
0x080483e1 <+6>: mov eax,DWORD PTR [ebp+0x8] mov 0x8(%ebp),%eax
62+
0x080483e4 <+9>: imul eax,DWORD PTR [ebp+0xc] imul 0xc(%ebp),%eax
63+
0x080483e8 <+13>: imul eax,DWORD PTR [ebp+0x10] imul 0x10(%ebp),%eax
64+
0x080483ec <+17>: mov DWORD PTR [ebp-0x4],eax mov %eax,-0x4(%ebp)
65+
0x080483ef <+20>: mov eax,DWORD PTR [ebp-0x4] mov -0x4(%ebp),%eax
66+
0x080483f2 <+23>: leave leave
67+
0x080483f3 <+24>: ret ret
6068
```
6169

6270
## Step -1 - Before entering
@@ -181,3 +189,44 @@ addr | addr | contents | use
181189
`ebp - 0x8` | `0xffffcf7c` | garbage? |
182190
`ebp - 0xc` | `0xffffcf78` | garbage? |
183191
`ebp - 0x10` | `0xffffcf74` | garbage? | esp
192+
193+
If we want to see multiple values we can do something like:
194+
195+
```
196+
(gdb) x/3d ((int)$ebp + 0x8)
197+
0xffffcf8c: 3 4 5
198+
```
199+
200+
which prints next three values up, as decimals. Or we can view them as integers:
201+
202+
203+
```
204+
(gdb) x/3t ((int)$ebp + 0x8)
205+
0xffffcf8c: 00000000000000000000000000000011 00000000000000000000000000000100 00000000000000000000000000000101
206+
```
207+
208+
The formats available are:
209+
210+
specifier | type
211+
--------- | -----
212+
`o` | octal
213+
`x` | hex
214+
`d` | decimal
215+
`u` | unsigned decimal
216+
`t` | binary
217+
`f` | float
218+
`a` | address
219+
`i` | instruction
220+
`c` | char
221+
`s` | string
222+
`T` | OStype
223+
224+
If you accidentally use `i` expecting `integer`, instead it will treat those as
225+
instructions that appear nowhere in the disassembly and can be a bit confusing.
226+
227+
```
228+
(gdb) x/3i ((int)$ebp + 0x8)
229+
0xffffcf8c: add eax,DWORD PTR [eax]
230+
0xffffcf8e: add BYTE PTR [eax],al
231+
0xffffcf90: add al,0x0
232+
```

0 commit comments

Comments
 (0)