I'm learning to use GDB on my own (for the purpose of understanding an assignment that requires binary analysis) and need a little bit of help. I've looked through the manual but can't find an answer to this specific issue.
I know where a 64-bit pointer resides in memory, and I want to change the address that it points to. When I try to set the value of the memory address, it only seems to modify the last 32 bits instead of the entire 64 bits.
(gdb) x/xg $rbp-8
0x7fffffffe338: 0x0000000000400a2d
(gdb) set *0x7fffffffe338 = 0x7fffffffe130
(gdb) x/xg $rbp-8
0x7fffffffe338: 0x00000000ffffe130
What's going on here?
Thanks in advance!
答案 0 :(得分:1)
解决方法:
我能够通过一次设置32位而不是一次设置所有64位来解决此问题:
(gdb) x/xg $rbp-8
0x7fffffffe548: 0x0000000000400a2d
#little-endian
(gdb) set *0x7fffffffe548 = 0xffffe130
(gdb) set *0x7fffffffe54c = 0x00007fff
(gdb) x/2xw $rbp-8
0x7fffffffe548: 0xffffe130 0x00007fff
(gdb) x/xg $rbp-8
0x7fffffffe548: 0x00007fffffffe130
修改
正如@MarkPlotnick在评论中所提到的,原因和正确的分配方法是:
(gdb) whatis *0x7fffffffe338返回int,在x86_64上为32位宽。
转换为int64_t或char **将强制GDB在赋值中设置所有64位内存:
set *(int64_t *)0x7fffffffe338 = 0x7fffffffe130
或
set *(char **)0x7fffffffe338 = 0x7fffffffe130
结果
(gdb) x/xg $rbp-8
0x7fffffffe548: 0x00007fffffffe130