This might sound incredibly nooby, but I am really trying to understand the inner workings of code instead of just sticking to higher level concepts.
So my problem is this. I am currently reading the "Art of Hacking and exploitation" and while the author is explaining GDB command he comes to explain how to examine a certain memory address.
My issue is with the output of the command
(gdb) x/x $eip
I understand that x stands for hexadecimal, what I don't understand is why is it showing this:
0x8048384  <main+16>:  0x00fc45c7
If I run i r eip the output is 0x8048384, shouldn't then both outputs from x/x $eip be
0x8048384?
On a related topic, what is the purpose of something such as
(gbd) x/2x $eip
He says that it is to examine multiple units at the same address, how can there be multiple units in one address? maybe I am misunderstanding the concept behind memory addresses. I thought that a memory location could hold 1 thing only.
I apologize again if this seems like a dumb question. I would gladly appreciate help and links to further study. I really want to understand this.
In the first example (x/x $eip), the first value displayed (0x8048384) is the address of the next instruction to be executed, while the second value displayed (0x00fc45c7) is the value FOUND at that address, i.e. the binary value of the next instruction to be executed.
As to your second example (x/2x $eip), the "multiple units" are not at the SAME address, but STARTING at the given address... for example, the first value shown (assuming $eip is the same as in your first example) at address 0x8048384 would still be 0x00fc45c7, but the next value would be whatever value is in the next address, 0x8048388. "x/x" is ideal for dumping the values of a RANGE of addresses, i.e., the values in an array, etc.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With