how to interpret stack memory from gdb

0

Fairly new to assemly, Having trouble understanding how to interpret stack memory when using gdb. I understand that what bt and info frame shows. x/10x shows the first 10 values starting at the current stack pointer but how do you interpret it? the first column is the stack level, im assuming this means stack frame? and there are 32 bits after the first column, what do each of those hex value mean?

(gdb) bt
#0  zzz () at zzz.c:96
#1  0xf7d39cba in yyy (arg=arg@entry=0x0) at yyy.c:542
#2  0xf7d3a4f6 in yyyinit () at yyy.c:590
#3  0x0804ac0c in gnninit () at gnn.c:374
#4  main (argc=1, argv=0xffffd5e4) at gnn.c:389

(gdb) info frame
Stack level 0, frame at 0xffeac770:
eip = 0x8049047 in main (goo.c:291); saved eip 0xf7f1fea1
source language c.
Arglist at 0xffeac768, args: argc=1, argv=0xffffd5e4
Locals at 0xffeac768, Previous frame's sp is 0xffeac770
Saved registers:
ebx at 0xffeac75c, ebp at 0xffeac768, esi at 0xffeac760, edi at 0xffeac764, 
eip at 0xffeac76c

(gdb) x/10x $sp
0xffeac63c: 0xf7d39cba  0xf7d3c0d8  0xf7d3c21b  0x00000001
0xffeac64c: 0xf78d133f  0xffeac6f4  0xf7a14450  0xffeac678
0xffeac65c: 0x00000000  0xf7d3790e
assembly
memory
x86
stack
asked on Stack Overflow Apr 12, 2018 by cloudiebro

1 Answer

1
(gdb) x/10x $sp
0xffeac63c: 0xf7d39cba  0xf7d3c0d8  0xf7d3c21b  0x00000001
0xffeac64c: 0xf78d133f  0xffeac6f4  0xf7a14450  0xffeac678
0xffeac65c: 0x00000000  0xf7d3790e

First column is memory address of the first byte following.

The other four columns are four 32 bit values stored in memory.

I.e. the first line means that at address 0xffeac63c the memory contains byte value 0xba, at address 0xffeac63d there is value 0x9c, etc.. up till address 0xffeac64b where the value 0x00 is stored (Intel is little endian, so dword 0xf7d39cba is stored in memory as bytes ba 9c d3 f7).

What those values means .. well, 0xf7d39cba is 0xf7d39cba, a 32 bit value. Content of memory doesn't mean anything, until you give those values some meaning by the code which is using them.

I.e. if next instruction to execute is ret and esp is pointing at 0xf7d39cba, then that value is used as return address.

If next instruction is pop eax, then that value will be fetched into register eax, and used for whatever the code does further with value in eax...

answered on Stack Overflow Apr 12, 2018 by Ped7g

User contributions licensed under CC BY-SA 3.0