6

I'm learning to use GDB on my own (for the purpose of understanding an assignment that requires binary analysis) and need a little bit of help. I've looked through the manual but can't find an answer to this specific issue.

I know where a 64-bit pointer resides in memory, and I want to change the address that it points to. When I try to set the value of the memory address, it only seems to modify the last 32 bits instead of the entire 64 bits.

(gdb) x/xg $rbp-8
0x7fffffffe338: 0x0000000000400a2d
(gdb) set *0x7fffffffe338 = 0x7fffffffe130
(gdb) x/xg $rbp-8
0x7fffffffe338: 0x00000000ffffe130

What's going on here?

Thanks in advance!

too honest for this site
  • 12,050
  • 4
  • 30
  • 52
UnknownBeef
  • 418
  • 3
  • 17

1 Answers1

3

Workaround:

I was able to work around this issue by setting 32 bits at a time rather than all 64 bits at once:

(gdb) x/xg $rbp-8
0x7fffffffe548: 0x0000000000400a2d

#little-endian
(gdb) set *0x7fffffffe548 = 0xffffe130
(gdb) set *0x7fffffffe54c = 0x00007fff

(gdb) x/2xw $rbp-8
0x7fffffffe548: 0xffffe130      0x00007fff
(gdb) x/xg $rbp-8
0x7fffffffe548: 0x00007fffffffe130

EDIT:

As mentioned by @MarkPlotnick in the comments, the reason and correct method of assignment for this is:

(gdb) whatis *0x7fffffffe338 returns int, which is 32-bits wide on x86_64.

Casting to int64_t or char** will force GDB to set all 64-bits of memory in the assignment:

set *(int64_t *)0x7fffffffe338 = 0x7fffffffe130
or
set *(char **)0x7fffffffe338 = 0x7fffffffe130
results in 

(gdb) x/xg $rbp-8
0x7fffffffe548: 0x00007fffffffe130
UnknownBeef
  • 418
  • 3
  • 17