Home/ Questions/Q 8460937
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T13:44:31+00:00

I’m having a problem with GDB. I’m studying buffer overflow right now and I

  • 0

I’m having a problem with GDB. I’m studying buffer overflow right now and I need to run the command $Info reg to find information about ebp, eip and esp but I get no results from any of them. I tried out Info reg $name with each one of them but only ebp works.

Basicly this is what happens:

(gdb) i r
rax            0x7fffffffe180   140737488347520

rbx            0x0  0

rcx            0x7fffffffe570   140737488348528

rdx            0x7fffffffe1a6   140737488347558

rsi            0x6  6

...

...

...



es             0x0  0

fs             0x0  0

---Type <return> to continue, or q <return> to quit---+

gs             0x0  0

and 

(gdb) info reg $ebp

ebp            0x41414141   1094795585

but

(gdb) info reg $eip

Invalid register `eip'

How can I get the values to these parts of memory?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    there is no reg called eip in amd64 arch

    let me show what is bp/ebp/rbp, a data register contains 64 bits on amd64 arch:

    64 ---------------------------- 32 ---------- 16 ---- 8 ---- 0
| <--------------------------- rbp ------------------------> |
                                 | <--------- ebp ---------> |
                                               | <--- bp --> |

    so you can access corresponding bits by different name.

    but you always access rip as a whole word, because there is no reason to access the lower bits of instruction pointer, as a result, there aro no eip/ip registers in amd64 arch

    • 0