1 #include<stdio.h>
2 #include<stdlib.h>
3
4 int test(int a)
5 {
6 int b;
7 b=a+1;
8 }
9 void main()
10 {
11 int a=123456;
12 int b=56789;
13 test(a);
14 }
1. gcc -g main.c -o main
2. gdb main
(gdb) break 13
Breakpoint 1 at 0x8048321: file main.c, line 13.
(gdb) step
The program is not being run.
(gdb) run
Starting program: /home/test/main
/bin/bash: line 15: 1R6/bin:/usr/local/sbin:/root/bin:/bin: No such file or directory
Breakpoint 1, main () at main.c:13
13 test(a);
(gdb) step
test (a=123456) at main.c:7
7 b=a+1;
(gdb) step
8 }
(gdb)
(gdb) bt
(gdb) info f 0
Stack frame at 0xbfffdb28:
eip = 0x8048301 in test (main.c:8); saved eip 0x804832c
called by frame at 0xbfffdb48
source language c.
Arglist at 0xbfffdb28, args: a=123456
Locals at 0xbfffdb28, Previous frame's sp in esp
Saved registers:
ebp at 0xbfffdb28, eip at 0xbfffdb2c
我们可以知道ebp =0xbfffdb28, eip = 0x8048301 in test (main.c:8); saved eip 0x804832c
(gdb) info locals
b = 123457
(gdb) info args
a = 123456
我想首先想知道 frame0 参数和变量存放的位置
b = 123457,a=123456
(gdb) x/20uw 0xbfffdb28-4
0xbfffdb24: 123457 3221216072 134513452 123456
0xbfffdb34: 1073792608 3221216072 134513470 56789
0xbfffdb44: 123456 3221216104 1107383668 1
0xbfffdb54: 3221216148 3221216156 1073829932 1
0xbfffdb64: 134513220 0 134513253 134513411
4个字节为一个单位,
栈的ebp 0xbfffdb28 不仅存贮着栈中一个地址,并且存放着上一层函数调用时的EBP值,
0xbfffdb24: b = *(0xbfffdb28-4); ebp+4
0xbfffdb28:ebp=3221216072 = *(0xbfffdb28); ebp
0xbfffdb2c: eip =134513452 =0x804832c: ebp + 4 为返回地址
(gdb) x/10uw 0xbfffdb28+8
0xbfffdb30: 123456
对于test 栈的结构 (frame 0)
栈从高地址向低的地址扩展,所以
栈的格式为
高(栈低)
+
+
+
0xbfffdb30: 123456(args)(ebp+8)
+
+
0xbfffdb2c: eip (ebp+4)
+
0xbfffdb28:ebp
+
0xbfffdb24: b(ebp -4)
+
低(栈顶)
frame 0 0xbfffdb28:ebp 保存着调用test 的栈的地址
(gdb) p /x *0xbfffdb28
$1 = 0xbfffdb48(此为FRAME 1 的ebp)
(gdb) inf f 1
Stack frame at 0xbfffdb48:
eip = 0x804832c in main (main.c:13); saved eip 0x42015574
called by frame at 0xbfffdb68, caller of frame at 0xbfffdb28
source language c.
Arglist at 0xbfffdb48, args:
Locals at 0xbfffdb48, Previous frame's sp in esp
Saved registers:
ebp at 0xbfffdb48, eip at 0xbfffdb4c
分析下 fram 1 的结构
(gdb) x/20uw 0xbfffdb48-8
0xbfffdb40: 56789 123456 3221216104 1107383668
0xbfffdb50: 1 3221216148 3221216156 1073829932
0xbfffdb60: 1 134513220 0 134513253
0xbfffdb70: 134513411 1 3221216148 134513460
0xbfffdb80: 134513508 1073792608 3221216140 0
可以得出main 函数局部变量的参数了
高地址
+
+
+
+
+
+
+
+
+
+
+
+
+
参考 http://blog.csdn.net/absurd/archive/2006/06/22/822885.aspx