Reputation: 14558
How to read stack memory with gdb
0x0804889a <+361>: mov %eax,0xc(%esp)
0x0804889e <+365>: movl $0x2b,0x8(%esp)
0x080488a6 <+373>: movl $0x1,0x4(%esp)
0x080488ae <+381>: movl $0x8048ab0,(%esp)
program is adding data to %esp (the last line is a string from memory that i can probe)
i'm currently breaking at the last line of the above. and info registers shows
esp 0xffffd704 0xffffd704
when i try to display it i get
$esp = (void *) 0xffffd704
if i try to dump it
(gdb) dump memory mem2 0xffffd704 0xffffffff
Cannot access memory at address 0xffffd704
(gdb) info mem
Using user-defined memory regions.
There are no memory regions defined.
How can I see the data on the stack around esp?
Upvotes: 2
Views: 1830
Answers (3)
Reputation: 13173
You can use display or x
display
Value of $esp (it is an address):
(gdb) display /x *(int*)($esp)
1: /x *(int*)($esp) = 0xb7eebff4
x
Value of $esp and the value of the variable address $esp:
(gdb) x *(int*)($esp)
0xb7eebff4: 0x001a4d7c
Upvotes: 1
Reputation: 3024
I came to this question with the "show value at current esp with display" statement in mind. I couldn't link the question and the answer, however it is OK if OP accepted that.
If someone else finds this topic with the same thing in mind as me, I added it this way:
display /x *(int*)($esp)
/* you can change the type */
Using display /x $esp only shows the value of current stack position. The above command shows the value in that position, which is the last thing we pushed onto stack. (I am working with assembler and needed to see if I cleared the stack correctly, so that the last thing is the return address to calling function).
EDIT: The following will print 8 words around the current stack pointer. I think this is closer to a dump. (4*4 is for 4 words behind it)
display /8wx $esp-4*4
And this dumps 4 words of memory pointed by the value at current stack pointer. (whether code or data)
display /4wx *(int*)$esp
Upvotes: 2
Reputation: 58792
The error message is misleading. According to my tests, gdb prints that if any byte in the range is inaccessible. As such, the problem is with the end address. You can get the stack top from /proc/<pid>/maps, for example for my test program I got:
$ grep stack /proc/8277/maps
fffdd000-ffffe000 rw-p 00000000 00:00 0 [stack]
gdb is able to dump that memory range without problems.
Of course if you only want to read particular values of interest, you can use the x (examine) command.
Upvotes: 1
Related Questions
- Is there any way to know the memory address differernce between %esp and %ebp?
- Unsuccessful with GDB and Info Reg Command. Can't seem to find the ebp, eip and esp values
- Same binary, but different Stack Pointer (ESP) address in different debugger
- Why %esp gets changed imexplitcitly?
- gdb Cannot access memory at address of $ebp
- Accessing memory with gdb, for assembly code?
- Ubuntu gdb can't access memory at address when tryint to view memory at $esp
- Using the command 'x/20x $esp' in GDB, how does the stack work?
- Get %ebp ,%esp in C and output value in stack
- Reading x86 memory