Here are two lines of a binary I am debugging in gdb. This was C code compiled by gcc for an IA32:
8049345: 8b 45 08 mov 0x8(%ebp),%eax
8049348: 89 04 24 mov %eax,(%esp)
I have a display $eax set up so it will show the value after each step. After the first line, the display says: 6: $eax = 134527652.
I can x 134527652 or x $eax and I see 0x804baa4 <input_strings+100>: "1 1 1 1 1 1" Why do display and x give me different results?
The next line I believe says to move eax into the address stored by esp? I had a display $esp setup and it says: 2: $esp = (void *) 0xffffd540.
Before the second mov, I x 0xffffd540 and see: 0xffffd540: "" after the mov I repeat and see:
0xffffd540: "\244\272\004\bY\233\004\b\210\325\377\377\214\325\377\377\220\325\377\377\224\325\377\377\230\325\377\377\234\325\377\377\001"
I thought this line was going to mov eax into this address, but I am obviously not understanding something here? Let me know if you would like to see any other lines from the binary.
I think your confusion may be caused by the fact that the
xcommand is printing the data at address 0xffffd540 as a string. Presumably before the store to that address, the first byte at 0xffffd540 is a 0 byte, treated as terminating a string, and thus you’re seeing"", the empty string. After writing the value 0x804baa4 to this address, you’re seeing its representation in bytes:where
\244(octal escape) is 0xa4,\272is 0xba,\004is 0x04, and\b(the escape for backspace character, U+0008) is 0x08.You see more junk after it in the string printed because there doesn’t happen to be a null terminator anymore.