understanding assembly and stack %ebp above vs below


if my assembly code ...

   0x08048cc4 <+0>:     push   %ebp
   0x08048cc5 <+1>:     mov    %esp,%ebp
   0x08048cc7 <+3>:     push   %esi
   0x08048cc8 <+4>:     push   %ebx
   0x08048cc9 <+5>:     sub    $0x20,%esp
   0x08048ccc <+8>:     lea    -0x10(%ebp),%eax    // input 3
   0x08048ccf <+11>:    mov    %eax,0xc(%esp)
   0x08048cd3 <+15>:    lea    -0xc(%ebp),%eax     // input 2
   0x08048cd6 <+18>:    mov    %eax,0x8(%esp)
   0x08048cda <+22>:    movl   $0x804a1aa,0x4(%esp)
   0x08048ce2 <+30>:    mov    0x8(%ebp),%eax      // input 1
   0x08048ce5 <+33>:    mov    %eax,(%esp)
   0x08048ce8 <+36>:    call   0x804870c <__isoc99_sscanf@plt>

Is there a way to print value of input 1,2,3 if I set the break point at <+36> ?

I know I can keep break at <+8> and do some (gdb) i r to get %eax each time. but is there a better way to do this at one break point at <+36>

my input is 14, 115 ( input 2, input 3 ) input 1 is format ( "%d, %d")

I have tried to do something like, but haven't quite understand what I am reading ..

(gdb) x /20wx $esp
0xbffff070: 0x0804b820  0x0804a1aa  0xbffff08c  0xbffff088
0xbffff080: 0x00000001  0x7a000002  0x00000073  0x0000000e
0xbffff090: 0xbffff168  0xbffff164  0xbffff0c8  0x08048a4d
0xbffff0a0: 0x0804b820  0x08049f2c  0x00000000  0xb7e5164d
0xbffff0b0: 0xb7fc93c4  0xb7fff000  0xb7fc9000  0x00000000

(gdb) x /20wx $ebp
0xbffff098: 0xbffff0c8  0x08048a4d  0x0804b820  0x08049f2c
0xbffff0a8: 0x00000000  0xb7e5164d  0xb7fc93c4  0xb7fff000
0xbffff0b8: 0xb7fc9000  0x00000000  0x08049e60  0x00000000
0xbffff0c8: 0x00000000  0xb7e37a83  0x00000002  0xbffff164
0xbffff0d8: 0xbffff170  0xb7feccea  0x00000002  0xbffff164

(gdb) x /20wd $ebp
0xbffff098: -1073745720 134515277   134527008   134520620
0xbffff0a8: 0   -1209723315 -1208183868 -1207963648
0xbffff0b8: -1208184832 0   134520416   0
0xbffff0c8: 0   -1209828733 2   -1073745564
0xbffff0d8: -1073745552 -1208038166 2   -1073745564
asked on Stack Overflow Oct 6, 2015 by JPC

1 Answer


At +36 sscanf has not yet been invoked, so you'd only see random memory garbage for the two output variables that you call input2/3.

Input1 is not the format, it is the string to be parsed.

What that call looks like is: sscanf(input1, "%d %d", &input2, &input3)

You can of course examine the variables, using x/s $eax for input1 and x/d for the input2/3:

(gdb) x/s $eax
0xffffdba6:     "14 115"
(gdb) ni
(gdb) x/d $ebp-0xc
0xffffd97c:     14
(gdb) x/d $ebp-0x10
0xffffd978:     115

(Note I have printed input1 before the sscanf, but the others after.) See the gdb help for format specifiers.

answered on Stack Overflow Oct 6, 2015 by Jester

User contributions licensed under CC BY-SA 3.0