Finding a value of a variable pointed by debug symbols on a hex editor

0

An example scenario would be compiled with gcc -g:

void main() {
    int find_me = 123;
    char find_me1 = 'h';
}

and from dwarfdump -d:

0000000000001119 <main>:
    1119:       55                      push   %rbp
    111a:       48 89 e5                mov    %rsp,%rbp
    111d:       c7 45 fc 7b 00 00 00    movl   $0x7b,-0x4(%rbp)
    1124:       c6 45 fb 68             movb   $0x68,-0x5(%rbp)
    1128:       90                      nop
    1129:       5d                      pop    %rbp
    112a:       c3                      retq
    112b:       0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)

find_me is in the movl:0x111d as 0x7b

find_me1 is in the movb:0x1123 as 0x68

dwarfdump output:

.debug_str
                      DW_AT_high_pc               <offset-from-lowpc>18
                      DW_AT_frame_base            len 0x0001: 0x9c:
                          DW_OP_call_frame_cfa
                      DW_AT_GNU_all_call_sites    yes(1)
                      DW_AT_sibling               <0x0000006a>
< 2><0x0000004b>      DW_TAG_variable
                        DW_AT_name                  find_me
                        DW_AT_decl_file             0x00000001 /home/vik/code/hexi/ho.c
                        DW_AT_decl_line             0x00000002
                        DW_AT_decl_column           0x00000006
                        DW_AT_type                  <0x0000006a>
                        DW_AT_location              len 0x0002: 0x916c:
                            DW_OP_fbreg -20
< 2><0x0000005a>      DW_TAG_variable
                        DW_AT_name                  find_me1
                        DW_AT_decl_file             0x00000001 /home/vik/code/hexi/ho.c
                        DW_AT_decl_line             0x00000003
                        DW_AT_decl_column           0x00000007
                        DW_AT_type                  <0x00000071>
                        DW_AT_location              len 0x0002: 0x916b:
                            DW_OP_fbreg -21

can I somehow parse the values without running the program from a c program without running it?

c
linux
assembly
gcc
reverse-engineering
asked on Stack Overflow Feb 3, 2021 by katsifolis • edited Feb 4, 2021 by katsifolis

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0