Stack smashing with gdb is fun but the interface is somehow lacking. I find myself typing info reg to look at register information and x/32wx $esp to see the stack with each next command.
I found a .gdbinit on github that I really liked.
This is what you’ll see. With each step, it prints out the registers, the stack, the data section and the code.
gdb$ r $(ruby -e 'puts "A"*200')
Starting program: /home/vagrant/src/q1 $(ruby -e 'puts "A"*200')
--------------------------------------------------------------------------[regs]
EAX: 0xFF975AA0 EBX: 0xF76AB000 ECX: 0xFF977680 EDX: 0xFF975B64 o d I t s z a p c
ESI: 0x00000000 EDI: 0x00000000 EBP: 0xFF975B28 ESP: 0xFF975A80 EIP: 0x080483F3
CS: 0023 DS: 002B ES: 002B FS: 0000 GS: 0063 SS: 002B
[0x002B:0xFF975A80]------------------------------------------------------[stack]
0xFF975AD0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AC0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AB0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AA0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975A90 : 00 00 00 00 00 00 00 00 - 00 00 00 00 00 B0 6A F7 ..............j.
0xFF975A80 : A0 5A 97 FF BC 75 97 FF - 01 00 00 00 F8 F8 6F F7 .Z...u........o.
[0x002B:0xFF975A80]-------------------------------------------------------[data]
0xFF975A80 : A0 5A 97 FF BC 75 97 FF - 01 00 00 00 F8 F8 6F F7 .Z...u........o.
0xFF975A90 : 00 00 00 00 00 00 00 00 - 00 00 00 00 00 B0 6A F7 ..............j.
0xFF975AA0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AB0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AC0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AD0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AE0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AF0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
--------------------------------------------------------------------------[code]
=> 0x80483f3 <main+63>: lea eax,[ebp-0x88]
0x80483f9 <main+69>: mov DWORD PTR [esp+0x4],eax
0x80483fd <main+73>: mov DWORD PTR [esp],0x8048524
0x8048404 <main+80>: call 0x80482b4 <printf@plt>
0x8048409 <main+85>: mov DWORD PTR [ebp-0x8c],0x0
0x8048413 <main+95>: mov eax,DWORD PTR [ebp-0x8c]
0x8048419 <main+101>: leave
0x804841a <main+102>: ret
--------------------------------------------------------------------------[]
Breakpoint 1, 0x080483f3 in main ()
And when you step through with next
gdb$ n
--------------------------------------------------------------------------[regs]
EAX: 0xFF975AA0 EBX: 0xF76AB000 ECX: 0xFF977680 EDX: 0xFF975B64 o d I t s z a p c
ESI: 0x00000000 EDI: 0x00000000 EBP: 0xFF975B28 ESP: 0xFF975A80 EIP: 0x080483F9
CS: 0023 DS: 002B ES: 002B FS: 0000 GS: 0063 SS: 002B
[0x002B:0xFF975A80]------------------------------------------------------[stack]
0xFF975AD0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AC0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AB0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AA0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975A90 : 00 00 00 00 00 00 00 00 - 00 00 00 00 00 B0 6A F7 ..............j.
0xFF975A80 : A0 5A 97 FF BC 75 97 FF - 01 00 00 00 F8 F8 6F F7 .Z...u........o.
--------------------------------------------------------------------[ObjectiveC]
0xff975aa0: 'A' <repeats 200 times>
[0x002B:0xFF975A80]-------------------------------------------------------[data]
0xFF975A80 : A0 5A 97 FF BC 75 97 FF - 01 00 00 00 F8 F8 6F F7 .Z...u........o.
0xFF975A90 : 00 00 00 00 00 00 00 00 - 00 00 00 00 00 B0 6A F7 ..............j.
0xFF975AA0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AB0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AC0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AD0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AE0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0xFF975AF0 : 41 41 41 41 41 41 41 41 - 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
--------------------------------------------------------------------------[code]
=> 0x80483f9 <main+69>: mov DWORD PTR [esp+0x4],eax
0x80483fd <main+73>: mov DWORD PTR [esp],0x8048524
0x8048404 <main+80>: call 0x80482b4 <printf@plt>
0x8048409 <main+85>: mov DWORD PTR [ebp-0x8c],0x0
0x8048413 <main+95>: mov eax,DWORD PTR [ebp-0x8c]
0x8048419 <main+101>: leave
0x804841a <main+102>: ret
0x804841b: nop
--------------------------------------------------------------------------[]
0x080483f9 in main ()
gdb$
As you can see it helps to see the movements in the registers and stack. I highly recommend you to check it out.
Published on 22 Apr 2013 by Stanley Tan