CODEWITHSUNDEEP
assemblygdbx86-64disassembly
Shiji.J
Shiji.J

Reputation: 1631

Meaning of 0x8($rsp)

My first time learning Assembly Lang. Here is a part of (gdb) disassembly:

mov    $0x131,%eax
cmp    0x8(%rsp),%eax  //Question here, what is the value of 0x8(%rsp)?




(gdb)i r
rax            0x131    305
rbx            0x7fffffffe578   140737488348536
rcx            0x20     32
rdx            0x7fffffffe478   140737488348280
rsi            0x0      0
rdi            0x1999999999999999       1844674407370955161
rbp            0x0      0x0
rsp            0x7fffffffe470   0x7fffffffe470
r8             0x37ed3bb080     240203313280
r9             0x0      0
r10            0x1e     30
r11            0x0      0
r12            0x400cb0 4197552
r13            0x7fffffffe570   140737488348528
r14            0x0      0
r15            0x0      0
rip            0x400fd9 0x400fd9 <phase_3+129>
eflags         0x212    [ AF IF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0

I have trouble figuring out what does it compare. and what is the value of 0x8(%rsp).

(I know this question sounds like stupid)

Thanks in advance

=-==========

Finally I solved by 

(gdb) p /x *(int *)($rsp+0x8)

with the help of this post How to print -0x4(%rbp) in gdb?

Zack's answer should be right, but it is not working since I'm using a 64 bit OS.

Upvotes: 5

Views: 33751

Answers (2)

Zach Stark
Zach Stark

Reputation: 575

Parentheses generally mean to dereference. 0x8(%rsp) means "get the location on the stack that is 8 bytes away from the stack pointer %rsp, and then take the value at that address."

It moves 0x131 into %eax, and then compares it to the data at that location. cmp sets the eflags register depending on that comparison (like the Zero Flag if the operands were equal, etc.)

To see what is at the address using GDB, type

(gdb) x/1dw 0x8($esp)

This command x examines memory.

  • 1 means examine 1 of whatever unit is specified.

  • d means output in decimal notation (as opposed to hex). I don't know what type of data you are making a comparison to, so you might use c to get a char, or x to get a hex, or s for a string, or whatever.

  • w provides the unit, in this case a word, which is 4 bytes.

So this command looks at 4 bytes at the given address, 0x8(%rsp), and prints whatever is there in decimal format.

Note that accessing register contents includes using $ in place of %.

To learn more about using GDB to see how your memory is changing, reference §10.6 in the user documentation.

Upvotes: 10

Yuxuan Chen
Yuxuan Chen

Reputation: 11

Because the program allocated some stack memory by subtracting the stack pointer. Now when it want to use the allocated stack memory, they need to use a offset to dereference.

Upvotes: 1

Related Questions