Finding a value of a variable pointed by debug symbols on a hex editor
An example scenario would be compiled with gcc -g:
void main() {
int find_me = 123;
char find_me1 = 'h';
}
and from dwarfdump -d:
0000000000001119 <main>:
1119: 55 push %rbp
111a: 48 89 e5 mov %rsp,%rbp
111d: c7 45 fc 7b 00 00 00 movl $0x7b,-0x4(%rbp)
1124: c6 45 fb 68 movb $0x68,-0x5(%rbp)
1128: 90 nop
1129: 5d pop %rbp
112a: c3 retq
112b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
find_me is in the movl:0x111d as 0x7b
find_me1 is in the movb:0x1123 as 0x68
dwarfdump output:
.debug_str
DW_AT_high_pc <offset-from-lowpc>18
DW_AT_frame_base len 0x0001: 0x9c:
DW_OP_call_frame_cfa
DW_AT_GNU_all_call_sites yes(1)
DW_AT_sibling <0x0000006a>
< 2><0x0000004b> DW_TAG_variable
DW_AT_name find_me
DW_AT_decl_file 0x00000001 /home/vik/code/hexi/ho.c
DW_AT_decl_line 0x00000002
DW_AT_decl_column 0x00000006
DW_AT_type <0x0000006a>
DW_AT_location len 0x0002: 0x916c:
DW_OP_fbreg -20
< 2><0x0000005a> DW_TAG_variable
DW_AT_name find_me1
DW_AT_decl_file 0x00000001 /home/vik/code/hexi/ho.c
DW_AT_decl_line 0x00000003
DW_AT_decl_column 0x00000007
DW_AT_type <0x00000071>
DW_AT_location len 0x0002: 0x916b:
DW_OP_fbreg -21
can I somehow parse the values without running the program from a c program without running it?
katsifolis0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0