Now i have got a machine instruction'address from EIP register. This machine instruction could change the value of a certain area of memory, i do want but cannot get the address of this memory.
Of course,i could read the data from machine instruction'address, but the content is machine instruction like:0x8b0c4d8b......, it's unreadable(i can not use debugging tools like gdb).
How to get the address that one machine instruction will write to?
If you know the machine code EIP points to and you just want to disassemble it, do something like this (I took your example of 0x8b0c4d8b):
#create binary file $ echo -en "\x8b\x0c\x4d\x8b" > foo.bin #disassemble it $ objdump -D -b binary -m i386 foo.bin foo.bin: file format binary Disassembly of section .data: 00000000 : 0: 8b .byte 0x8b 1: 0c 4d or $0x4d,%al 3: 8b .byte 0x8b
So, in this case, it doesn't change any memory location but if it did, you can easily see it from the assembly code.
Edit: It seems from the comments that you want to do this programmatically. Take a look at udis86. It allows examining operands of instructions. For ARM, see disarm.