Programming 31variable i for the for loop. If that memory is examined right now, it will
contain nothing but random garbage. The memory at this location can be
examined several different ways.
(gdb) i r ebp
ebp 0xbffff808 0xbffff808
(gdb) x/4xb $ebp - 4
0xbffff804: 0xc0 0x83 0x04 0x08
(gdb) x/4xb 0xbffff804
0xbffff804: 0xc0 0x83 0x04 0x08
(gdb) print $ebp - 4
$1 = (void *) 0xbffff804
(gdb) x/4xb $1
0xbffff804: 0xc0 0x83 0x04 0x08
(gdb) x/xw $1
0xbffff804: 0x080483c0
(gdb)
The EBP register is shown to contain the address 0xbffff808, and the
assembly instruction will be writing to a value offset by 4 less than that,
0xbffff804. The examine command can examine this memory address
directly or by doing the math on the fly. The print command can also be
used to do simple math, but the result is stored in a temporary variable in
the debugger. This variable named $1 can be used later to quickly re-access
a particular location in memory. Any of the methods shown above will accom-
plish the same task: displaying the 4 garbage bytes found in memory that
will be zeroed out when the current instruction executes.
Let’s execute the current instruction using the command nexti, which is
short for next instruction. The processor will read the instruction at EIP, execute
it, and advance EIP to the next instruction.
(gdb) nexti
0x0804838b 6 for(i=0; i < 10; i++)
(gdb) x/4xb $1
0xbffff804: 0x00 0x00 0x00 0x00
(gdb) x/dw $1
0xbffff804: 0
(gdb) i r eip
eip 0x804838b 0x804838b <main+23>
(gdb) x/i $eip
0x804838b <main+23>: cmp DWORD PTR [ebp-4],0x9
(gdb)
As predicted, the previous command zeroes out the 4 bytes found at EBP
minus 4, which is memory set aside for the C variable i. Then EIP advances to
the next instruction. The next few instructions actually make more sense to
talk about in a group.