I know that you can find any parameters by looking at a positive offset from $ebp using gdb:
(gdb) x/4wx $ebp
Then, I would look at the 3rd and 4th addresses using
x/s because they would be the first and second parameter. What about for local variables? How would I look at the values at a negative offset from $ebp?
Also, is there anyway to look at the value of $eax?
Whenever I try to print the value of $eax using
x/s $eax, the address is out of bound or the value is 0, which I am sure that it is not because I just put a constant value in the register.
info locals but I get the message "No symbol table info available".
First you need to compile debugging the symbols into your binary. Use the -g option on gcc with your current command to do this. If you're using a different compiler you will need to consult its documentation. After this, 'info locals' and the print command will work.
To look at any local variable all you need to do is use the 'print' command. For example to look at the local variable 'i' it's as easy as 'print i'.
You should be able to handle $eax in the same way as $ebp. I suspect you have problems because you're using x/s. x/s will try and print out a string, and so it will continue until it hits a null character. If this doesn't happen for a long time then the length of the string will go out of bounds. Try 'x/d $eax'. You can even do 'print $eax'. You can also use 'info registers' to get all the register data.Answer2:
I know that you can find any parameters by looking at a positive offset from $ebp using gdb</blockquote>
This only works for some processors and some calling conventions, and is by no means universal.
Assuming you only care about x86, and that your code is compiled with frame pointers (which used to be the default, but no longer is the default for GCC 4.6 in opt mode), locals are allocated at a fixed negative offset from
Obviously if you can rebuild your code with debug symbols (with
-g), then GDB will be able to just print their values, and you don't need to care how GDB finds them.
If you can't (e.g. because the code came from third party), you'll have to carefully look at disassembly, and guess. If you guess that some value is stored at
%ebp-8, you can examine that value with GDB exactly the same way you examine positive offsets:
(gdb) x/wx $ebp-8.
Beware: the compiler is free to lay out local any way it wants, so if you declare
int x, y, z;
the compiler is free to store