Some gdb dumping examples.

I often forget how to dump memory in raw form with various debuggers. Here’s a quick note to myself of how to do it in gdb

As bytes (in hex):

(gdb) x/256xb 0x73d2e0
0x73d2e0:       0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x73d2e8:       0x01    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x73d2f0:       0x01    0x40    0x00    0x00    0x00    0x00    0x00    0x00
...
0x73d3d8:       0x00    0x00    0x00    0x00    0x00    0x00    0x00    0xaa

As 4-byte “words”:

(gdb) x/64xw 0x73d2e0
0x73d2e0:       0x00000000      0x00000000      0x00000001      0x00000000
0x73d2f0:       0x00004001      0x00000000      0x00000000      0x00000000
0x73d300:       0x00000000      0x00000000      0x00000000      0x00000000
0x73d310:       0x00000000      0x00000000      0x00010001      0x00040013
...
0x73d3d0:       0x00000000      0x00000000      0x00000000      0xaa000000

Note that the repeat count isn’t the total number of bytes to dump, but the total number of objects in the size specification:

(gdb) help x
Examine memory: x/FMT ADDRESS.
ADDRESS is an expression for the memory address to examine.
FMT is a repeat count followed by a format letter and a size letter.
Format letters are o(octal), x(hex), d(decimal), u(unsigned decimal),
  t(binary), f(float), a(address), i(instruction), c(char) and s(string).
Size letters are b(byte), h(halfword), w(word), g(giant, 8 bytes).
The specified number of objects of the specified size are printed
according to the format.

Defaults for format and size letters are those previously used.
Default count is 1.  Default address is following last thing printed
with this command or "print".

About these ads