Unsuccessful with GDB and Info Reg Command. Can't seem to find the ebp, eip and esp values

Question

I'm having a problem with GDB. I'm studying buffer overflow right now and I need to run the command $Info reg to find information about ebp, eip and esp but I get no results from any of them. I tried out Info reg $name with each one of them but only ebp works.

Basicly this is what happens:

(gdb) i r
rax            0x7fffffffe180   140737488347520

rbx            0x0  0

rcx            0x7fffffffe570   140737488348528

rdx            0x7fffffffe1a6   140737488347558

rsi            0x6  6

...

...

...



es             0x0  0

fs             0x0  0

---Type <return> to continue, or q <return> to quit---+

gs             0x0  0

and

(gdb) info reg $ebp

ebp            0x41414141   1094795585

but

(gdb) info reg $eip

Invalid register `eip'

How can I get the values to these parts of memory?

Zang MingJie · Accepted Answer · 2012-09-04T05:22:32.427

2

there is no reg called eip in amd64 arch

let me show what is bp/ebp/rbp, a data register contains 64 bits on amd64 arch:

64 ---------------------------- 32 ---------- 16 ---- 8 ---- 0
| <--------------------------- rbp ------------------------> |
                                 | <--------- ebp ---------> |
                                               | <--- bp --> |

so you can access corresponding bits by different name.

but you always access rip as a whole word, because there is no reason to access the lower bits of instruction pointer, as a result, there aro no eip/ip registers in amd64 arch

edited Sep 04 '12 at 05:22

answered Aug 31 '12 at 05:56

Zang MingJie

5,164
1
14
27

I haven't studied all the 64-bit stuff yet, but in i386 `bh` and `bl` are parts of `bx`, not `bp`. I'd be surprised if they changed that in amd64. – Alan Curry Aug 31 '12 at 23:29

Unsuccessful with GDB and Info Reg Command. Can't seem to find the ebp, eip and esp values

1 Answers1