Programming 35
(gdb) x/6cb 0x8048484
0x8048484: 72 'H' 101 'e' 108 'l' 108 'l' 111 'o' 32 ' '
(gdb) x/s 0x8048484
0x8048484: "Hello, world!\n"
(gdb)
These commands reveal that the data string "Hello, world!\n" is stored at
memory address 0x8048484. This string is the argument for the printf() func-
tion, which indicates that moving the address of this string to the address
stored in ESP (0x8048484) has something to do with this function. The following
output shows the data string’s address being moved into the address ESP is
pointing to.
(gdb) x/2i $eip
0x8048393 <main+31>: mov DWORD PTR [esp],0x8048484
0x804839a <main+38>: call 0x80482a0 printf@plt
(gdb) x/xw $esp
0xbffff800: 0xb8000ce0
(gdb) nexti
0x0804839a 8 printf("Hello, world!\n");
(gdb) x/xw $esp
0xbffff800: 0x08048484
(gdb)
The next instruction is actually called the printf() function; it prints the
data string. The previous instruction was setting up for the function call, and
the results of the function call can be seen in the output below in bold.
(gdb) x/i $eip
0x804839a <main+38>: call 0x80482a0 printf@plt
(gdb) nexti
Hello, world!
6 for(i=0; i < 10; i++)
(gdb)
Continuing to use GDB to debug, let’s examine the next two instructions.
Once again, they make more sense to look at in a group.
(gdb) x/2i $eip
0x804839f <main+43>: lea eax,[ebp-4]
0x80483a2 <main+46>: inc DWORD PTR [eax]
(gdb)
These two instructions basically just increment the variable i by 1. The
lea instruction is an acronym for Load Effective Address, which will load the