下面是我的代码(test.c):
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv) {
char passwd[] = "pass";
if (argc < 2) {
printf("usage: %s <given-password>\n", argv[0]);
return 0;
}
if (!strncmp(passwd, argv[1],4)) {
printf("Green light!\n");
return 1;
}
printf("Red light!\n");
return 0;
}
我编译使用:
gcc -o test test.c
And I started debugger: `gdb ./test`
(gdb) disassemble main
Dump of assembler code for function main:
0x08048404 <main+0>: lea 0x4(%esp),%ecx
......
0x08048456 <main+82>: mov 0x4(%edx),%eax
0x08048459 <main+85>: add $0x4,%eax
0x0804845c <main+88>: mov (%eax),%eax
0x0804845e <main+90>: movl $0x4,0x8(%esp)
0x08048466 <main+98>: mov %eax,0x4(%esp)
0x0804846a <main+102>: lea -0x9(%ebp),%eax
0x0804846d <main+105>: mov %eax,(%esp)
0x08048470 <main+108>: call 0x8048318 <strncmp@plt>
0x08048475 <main+113>: test %eax,%eax
0x08048477 <main+115>: jne 0x804848e <main+138>
0x08048479 <main+117>: movl $0x804859c,(%esp)
0x08048480 <main+124>: call 0x8048308 <puts@plt>
0x08048485 <main+129>: movl $0x1,-0x18(%ebp)
...........
0x080484a8 <main+164>: pop %ebp
0x080484a9 <main+165>: lea -0x4(%ecx),%esp
0x080484ac <main+168>: ret
End of assembler dump.
我在main + 108设置断点并运行prog!
(gdb) break *main+108
Breakpoint 1 at 0x8048470
(gdb) run p@ss
Starting program: /etc/hien/test p@ss
Breakpoint 1, 0x08048470 in main ()
eax 0xbfffe9ff -1073747457
ecx 0xbfffea20 -1073747424
edx 0xbfffea20 -1073747424
ebx 0xaebff4 11452404
esp 0xbfffe9e0 0xbfffe9e0
ebp 0xbfffea08 0xbfffea08
esi 0x994ca0 10046624
edi 0x0 0
eip 0x8048470 0x8048470 <main+108>
eflags 0x282 [ SF IF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
(gdb) x/s $eax
0xbfffe9ff: "pass"
(gdb) x/s $ecx
0xbfffea20: "\002"
(gdb)
哪个寄存器可以显示“argv [1]”的值? 请帮帮我!谢谢!
答案 0 :(得分:5)
调用约定应该是所有参数都被推送到堆栈。所以试试
(gdb) x/s *(0 + (void**)$esp)
# should show "pass"
(gdb) x/s *(1 + (void**)$esp)
# should show argv[1]
(gdb) x/d *(2 + (void**)$esp)
# should show 4