栈帧信息
(gdb) info frame
Stack level 0, frame at 0x7ffc286552a0:
rip = 0x55943b2bb8c4 in foo; saved rip = 0x55943b2bb9e9
called by frame at 0x7ffc28655300
Arglist at 0x7ffc28655290, args:
Locals at 0x7ffc28655290, Previous frame's sp is 0x7ffc286552a0
Saved registers:
rbp at 0x7ffc28655290, rip at 0x7ffc28655298进程maps 信息
/proc/11742/maps
---
55943b2bb000-55943b2bc000 r-xp 00000000 08:0a 5772372 /home/xxx/tests/c/gdb/a.out
55943b4bb000-55943b4bc000 r--p 00000000 08:0a 5772372 /home/xxx/tests/c/gdb/a.out
55943b4bc000-55943b4bd000 rw-p 00001000 08:0a 5772372 /home/xxx/tests/c/gdb/a.out
55943b9a8000-55943b9c9000 rw-p 00000000 00:00 0 [heap]
7f4e8b87a000-7f4e8ba50000 r-xp 00000000 08:09 523649 /lib/x86_64-linux-gnu/libc-2.26.so
7f4e8ba50000-7f4e8bc50000 ---p 001d6000 08:09 523649 /lib/x86_64-linux-gnu/libc-2.26.so
7f4e8bc50000-7f4e8bc54000 r--p 001d6000 08:09 523649 /lib/x86_64-linux-gnu/libc-2.26.so
7f4e8bc54000-7f4e8bc56000 rw-p 001da000 08:09 523649 /lib/x86_64-linux-gnu/libc-2.26.so
7f4e8bc56000-7f4e8bc5a000 rw-p 00000000 00:00 0
7f4e8bc5a000-7f4e8bc81000 r-xp 00000000 08:09 523292 /lib/x86_64-linux-gnu/ld-2.26.so
7f4e8be51000-7f4e8be54000 rw-p 00000000 00:00 0
7f4e8be7e000-7f4e8be81000 rw-p 00000000 00:00 0
7f4e8be81000-7f4e8be82000 r--p 00027000 08:09 523292 /lib/x86_64-linux-gnu/ld-2.26.so
7f4e8be82000-7f4e8be83000 rw-p 00028000 08:09 523292 /lib/x86_64-linux-gnu/ld-2.26.so
7f4e8be83000-7f4e8be84000 rw-p 00000000 00:00 0
7ffc28637000-7ffc28658000 rw-p 00000000 00:00 0 [stack]
7ffc286aa000-7ffc286ad000 r--p 00000000 00:00 0 [vvar]
7ffc286ad000-7ffc286af000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] 计算
- rip 指向a.out 的 .text 段
r-xp - rip - a.out .text 段基址 = 0x55943b2bb8c4 - 0x55943b2bb000 = 0x8c4
objdump
objdump -ds a.out > a.txt
00000000000008a0 :
8a0: 55 push %rbp
8a1: 48 89 e5 mov %rsp,%rbp
8a4: 5d pop %rbp
8a5: e9 66 ff ff ff jmpq 810
00000000000008aa :
8aa: 55 push %rbp
8ab: 48 89 e5 mov %rsp,%rbp
8ae: 48 89 7d e8 mov %rdi,-0x18(%rbp)
8b2: c7 45 fc 00 00 00 00 movl $0x0,-0x4(%rbp)
8b9: c7 45 fc 03 00 00 00 movl $0x3,-0x4(%rbp)
8c0: 48 8b 45 e8 mov -0x18(%rbp),%rax
8c4: 8b 00 mov (%rax),%eax
8c6: 89 45 fc mov %eax,-0x4(%rbp)
8c9: 90 nop
8ca: 5d pop %rbp
8cb: c3 retq
00000000000008cc :
8cc: 55 push %rbp
8cd: 48 89 e5 mov %rsp,%rbp
8d0: 48 83 ec 50 sub $0x50,%rsp
... a.c 的内容:
void foo(int *p)
{
int a = 0;
a = 1 + 2;
a = *p;
}
int main()
{
...
foo(0);
...
}定位
0x8c4 即foo函数中 mov (%rax),%eax 对应的a = *p; 一句。
完成!