0

My problem is that I don't understand some things in the GDB output by debugging the program.

Here are the following lines of Intel assembly code on Arch Linux.

    segment .text
    global main
main:
    push    rbp
    mov rbp, rsp

Here is the step by step output with GDB (using nexti).

        push    rbp

(gdb) info register rbp rsp
rbp            0x1                 0x1
rsp            0x7fffffffe738      0x7fffffffe738

(gdb) info frame
Stack level 0, frame at 0x7fffffffe740:
 rip = 0x401140 in main (file.asm:12); saved rip = 0x7ffff7ddd790
 source language asm.
 Arglist at 0x7fffffffe730, args: 
 Locals at 0x7fffffffe730, Previous frame's sp is 0x7fffffffe740
 Saved registers:
  rip at 0x7fffffffe738

(gdb) info symbol 0x7ffff7ddd790
__libc_start_call_main + 128 in section .text of /usr/lib/libc.so.6
(gdb) nexti


        mov rbp, rsp

(gdb) info register rbp rsp
rbp            0x1                 0x1
rsp            0x7fffffffe730      0x7fffffffe730

(gdb) info frame
Stack level 0, frame at 0x7fffffffe740:
 rip = 0x401141 in main (stack.asm:13); saved rip = 0x7ffff7ddd790
 source language asm.
 Arglist at 0x7fffffffe730, args: 
 Locals at 0x7fffffffe730, Previous frame's sp is 0x7fffffffe740
 Saved registers:
  rbp at 0x7fffffffe730, rip at 0x7fffffffe738


        next instruction

(gdb) info register rbp rsp
rbp            0x7fffffffe730      0x7fffffffe730
rsp            0x7fffffffe730      0x7fffffffe730

(gdb) info frame
Stack level 0, frame at 0x7fffffffe740:
 rip = 0x401144 in main (stack.asm:14); saved rip = 0x7ffff7ddd790
 source language asm.
 Arglist at 0x7fffffffe730, args: 
 Locals at 0x7fffffffe730, Previous frame's sp is 0x7fffffffe740
 Saved registers:
  rbp at 0x7fffffffe730, rip at 0x7fffffffe738

My questions are:

  • The location of the first saved rip = 0x7ffff7ddd790, at instruction push rbp, is the initial address of the __libc_start_call_main function stack?
  • At the first instruction push rbp, info frame and info register rbp rsp shows that frame size is 8 bytes (between frame at 0x7fffffffe740 and rsp 0x7fffffffe738). What is inside those 8 bytes and how can I examine it?
  • At the first instruction push rbp, if the local variables and the arguments are in the frame, and the frame range is between frame at 0x7fffffffe740 and rsp 0x7fffffffe738, why Arglist and Locals are at 0x7fffffffe730 that is out of the stack range?
Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
kilerin
  • 1
  • 1
  • 1
    1) if you mean the value itself that's the address of the instruction in `__libc_start_call_main` after the `call`. If you mean the location on the stack that is not the "initial" address, that is in fact the last one 2) The saved `rip` as you can see from _"rip at 0x7fffffffe738"_ 3) Locals would start at that address if there were any. Arglist is confusing, that should be on top of the frame after the saved rip – Jester Apr 20 '23 at 11:30
  • @Jester Thank you! In the third answer (3) I don't understand. Function arguments and local variable must be in the stack range `0x7fffffffe740 - 0x7fffffffe738`, but they are out of this range (at address `0x7fffffffe730`). I don't understand that. – kilerin Apr 21 '23 at 14:13
  • Arguments will be outside that range because they are further up the stack (if any arguments were passed on the stack). At the position you have stopped there are no locals yet so it's pointless to say where they are currently. But if you subsequently allocate locals by adjusting the stack pointer then they will be at that address and will be inside the adjusted range. – Jester Apr 21 '23 at 14:15

0 Answers0