How to disassemble a memory range with GDB

Question

I m trying to disassemble a program to see a syscall assembly instruction  the INT instruction  I believe  and the handler with GDB and have written a little program  see below  for it that opens and closes a file   I was able to follow the call to fopen with GDB until it executed a call   When I tried to tell GDB  disassemble 0x       address of call  it responded with  No function contains specified address    Is it possible to force GDB to disassemble  or display it in assembler as good as possible  that memory address  If so  how     include  lt stdio h gt   include  lt stdlib h gt   int main         FILE  f      f   fopen  main c    r        if   f           perror  open          return -1            fclose f       return 0

User · Answer

You can force gcc to output directly to assembly code by adding the -S switch  gcc -S hello c

User · Answer

You don t have to use gdb   GCC will do it      gcc -S foo c   This will create foo s which is the assembly    gcc -m32 -c -g -Wa -a -ad foo c  gt  foo lst   The above version will create a listing file that has both the C and the assembly generated by it   GCC FAQ

User · Answer

Yeah  disassemble is not the best command to use here  The command you want is  x i   examine as instructions     gdb  x i 0xdeadbeef

User · Answer

Do you only want to disassemble your actual main  If so try this    gdb  info line main   gdb  disas STARTADDRESS ENDADDRESS   Like so   USER MACHINE  cygdrive c prog dsa   gcc-3 exe -g main c  USER MACHINE  cygdrive c prog dsa   gdb a exe GNU gdb 6 8 0 20080328-cvs  cygwin-special       gdb  info line main Line 3 of  main c  starts at address 0x401050  lt main gt  and ends at 0x401075  lt main   gdb  disas 0x401050 0x401075 Dump of assembler code from 0x401050 to 0x401075  0x00401050  lt main 0 gt      push    ebp 0x00401051  lt main 1 gt      mov     esp  ebp 0x00401053  lt main 3 gt      sub     0x18  esp 0x00401056  lt main 6 gt      and     0xfffffff0  esp 0x00401059  lt main 9 gt      mov     0x0  eax 0x0040105e  lt main 14 gt     add     0xf  eax 0x00401061  lt main 17 gt     add     0xf  eax 0x00401064  lt main 20 gt     shr     0x4  eax 0x00401067  lt main 23 gt     shl     0x4  eax 0x0040106a  lt main 26 gt     mov     eax -0xc  ebp  0x0040106d  lt main 29 gt     mov    -0xc  ebp   eax 0x00401070  lt main 32 gt     call   0x4010c4  lt  alloca gt  End of assembler dump    I don t see your system interrupt call however   its been a while since I last tried to make a system call in assembly  INT 21h though  last I recall

User · Answer

fopen   is a C library function and so you won t see any syscall instructions in your code  just a regular function call   At some point  it does call open 2   but it does that via a trampoline   There is simply a jump to the VDSO page  which is provided by the kernel to every process   The VDSO then provides code to make the system call   On modern processors  the SYSCALL or SYSENTER instructions will be used  but you can also use INT 80h on x86 processors

User · Answer

If all that you want is to see the disassembly with the INTC call  use objdump -d as someone mentioned but use the -static option when compiling  Otherwise the fopen function is not compiled into the elf and is linked at runtime

User · Answer

This isn t the direct answer to your question  but since you seem to just want to disassemble the binary  perhaps you could just use objdump   objdump -d program   This should give you its dissassembly  You can add -S if you want it source-annotated

User · Answer

gdb disassemble has a  m to include source code alongside the instructions  This is equivalent of objdump -S  with the extra benefit of confining to just the one function  or address-range  of interest

[gdb] How to disassemble a memory range with GDB?

Examples related to gdb

Examples related to disassembly