So I am debugging an x86 program using GDB. I am in a certain function called func1.

I would like to examine the stack and see the arguments passed into it. So by doing the following:

(gdb) info frame 0
Stack frame at 0x7fffffffe1f0:
 rip = 0x400e70 in func4; saved rip 0x40115a
 called by frame at 0x7fffffffe210
 Arglist at 0x7fffffffe1e0, args: 
 Locals at 0x7fffffffe1e0, Previous frame's sp is 0x7fffffffe1f0
 Saved registers:
  rip at 0x7fffffffe1e8

I know that the arguments are in 0x7fffffffe1e0. By doing:

(gdb) x/8x 0x7fffffffe1e0
0x7fffffffe1e0: 0x08    0xe3    0xff    0xff    0xff    0x7f    0x00    0x00

So why does this address contain all those hex numbers? What are they? Also how would I know how many arguments are there? Doing info locals or info args says no symbol table loaded.

Also, I know that the first argument would be at 0x7fffffffe1e0 + 0x8 and the second at 0x7fffffffe1e0 + 0xc etc… But how would I know how many arguments are there?

By doing:

(gdb) x 0x7fffffffe1e0 + 0x8
0x7fffffffe1e8: 0x5a
(gdb) x/d 0x7fffffffe1e0 + 0x8
0x7fffffffe1e8: 90
(gdb) x/c 0x7fffffffe1e0 + 0x8
0x7fffffffe1e8: 90 'Z'

I know that the first argument is either a Z or a 90. Is there any way to figure out which one it is?

And by doing

(gdb) x 0x7fffffffe1e8 + 0xc
0x7fffffffe1f4: -1 '\377'
(gdb) x/s 0x7fffffffe1e8 + 0xc
0x7fffffffe1f4:  "\377\177"
(gdb) x/d 0x7fffffffe1e8 + 0xc
0x7fffffffe1f4: -1

I know that the second argument could be -1.

Doing

(gdb) x 0x7fffffffe1e8 + 0x10
0x7fffffffe1f8: 10

I know that the third argument “could” be 10.

So how would I know how many arguments are there? And if I found a number or a character, is there a way to determine which one it is?

Thank you!