0

This is the disassembly of a very simple C program (strcpy() a constant string and print it):

No symbol table is loaded.  Use the "file" command.
Reading symbols from string...done.
(gdb) break 6
Breakpoint 1 at 0x6b8: file string.c, line 6.
(gdb) break 7
Breakpoint 2 at 0x6f2: file string.c, line 7.
(gdb) r
Starting program: /home/wsllnx/Detached/string

Breakpoint 1, main () at string.c:6
6               strcpy(buf, "Memento Mori\n\tInjected_string");
(gdb) disass main
Dump of assembler code for function main:
0x00005555554006b0 <+0>:     push   %rbp
0x00005555554006b1 <+1>:     mov    %rsp,%rbp
0x00005555554006b4 <+4>:     sub    $0x70,%rsp
0x00005555554006b8 <+8>:     lea    -0x70(%rbp),%rax
0x00005555554006bc <+12>:    movabs $0x206f746e656d654d,%rdx
0x00005555554006c6 <+22>:    mov    %rdx,(%rax)
0x00005555554006c9 <+25>:    movabs $0x6e49090a69726f4d,%rcx
0x00005555554006d3 <+35>:    mov    %rcx,0x8(%rax)
0x00005555554006d7 <+39>:    movabs $0x735f64657463656a,%rsi
0x00005555554006e1 <+49>:    mov    %rsi,0x10(%rax)
0x00005555554006e5 <+53>:    movl   $0x6e697274,0x18(%rax)
0x00005555554006ec <+60>:    movw   $0x67,0x1c(%rax)
0x00005555554006f2 <+66>:    lea    -0x70(%rbp),%rax
0x00005555554006f6 <+70>:    mov    %rax,%rdi
0x00005555554006f9 <+73>:    mov    $0x0,%eax
0x00005555554006fe <+78>:    callq  0x555555400560 <printf@plt>
0x0000555555400703 <+83>:    mov    $0x0,%eax
0x0000555555400708 <+88>:    leaveq
0x0000555555400709 <+89>:    retq
End of assembler dump.
(gdb)

I am currently learning how to fully use GBD and I was wondering:

  • How can I access particular address like '0x206f746e656d654d'? When I try to do so with x/x or x/s GDB says:

     '0x206f746e656d654d:     Cannot access memory at address 0x206f746e656d654d'

Same goes for 0x6e49090a69726f4d, 0x735f64657463656a and so on...

Thanks in advance to all the useful answers.

Improve this question

1 Answer 1

Reset to default
2

Those aren't actually memory addresses. It's a compiler optimization to represent ASCII values using 64-bit constants. Instead of actually calling strcpy() the compiler is moving the string constant values through registers.

0x206f746e656d654d is the ASCII values for the string 'Memento ' (with a space) in x86 little-endian format.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I worked out the GDB constant and it's true. Thanks a lot!
@KmerPadreDiPdor One useful debugging skill is to recognize ASCII when you see pointers that look like 0x206f746e656d654d.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.