0

currently I am doing a CTF challenge and I use gdb a lot. For overflows (getting information via printf or overwriting the RET pointer with puts) it is very helpful to get the locals pointer from the info frame command (because here you will find the stack canary and the return pointer):

Stack level 5, frame at 0x7fff2baf0c70:
 rip = 0x55cf7d42e27f in cannary_words (main.c:40); saved rip = 0x55cf7d42e36a
 called by frame at 0x7fff2baf0c90, caller of frame at 0x7fff2baf0bb0
 source language c.
 Arglist at 0x7fff2baf0c60, args:
 Locals at 0x7fff2baf0c60, Previous frame's sp is 0x7fff2baf0c70
 Saved registers:
  rbp at 0x7fff2baf0c60, rip at 0x7fff2baf0c68

In this example the locals pointer is 0x7fff2baf0c60. Because it is very tedious to copy it by hand all the time and not nice for scripting I would like to know if there is a convenience variable that stores its value. By trial and error I found $rip is holding the rip value. I could not find anything helpful with the show convenience command.

Anybody an idea?

Improve this question

1 Answer 1

Reset to default
-1

found it. to print the address do:

print $rbp
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The $rbp is not a convenience variable pointing to locals -- it's a register. And it points to locals only in code compiled with -fno-omit-frame-pointer, which isn't the default for x86_64 optimized code.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.