I am studying book by Jeff Duntemann: Step by Step Assembly. Here is the source code provided:
SECTION .data ; Section containing initialised data
EatMsg: db "Eat at Joe's!",10
EatLen: equ $-EatMsg
SECTION .bss ; Section containing uninitialized data
SECTION .text ; Section containing code
global _start ; Linker needs this to find the entry point!
_start:
nop ; This no-op keeps gdb happy...
mov eax,4 ; Specify sys_write call
mov ebx,1 ; Specify File Descriptor 1: Standard Output
mov ecx,EatMsg ; Pass offset of the message
mov edx,EatLen ; Pass the length of the message
int 80H ; Make kernel call
MOV eax,1 ; Code for Exit Syscall
mov ebx,0 ; Return a code of zero
int 80H ; Make kernel call
I have Ubuntu 12.04 32-bit running on VirtualBoxVM on top of 64 bit MacOS Yosemite.
I am calling:
kdbg eatsyscall
to launch KDBG.
In watches section I have 2 Expressions:EatMsg and EatLen
When I run the code using KDBG for EatMsg I see: 544497989 but for EatLen I see: Cannot Access Memory At 0xe
I have 2 questions:
What is this 544497989 value and why for EatLen I see the "Cannot Access" message?
544497989 is the address of EatMsg, it's just the memory location, i.e. some huge number. If you know C or C++, it's the equivalent of &eatMsg if your declaration is char * eatMsg = "Eat at Joe's!";
EatLen is the length of the EatMsg: $ stands for "address at this point", which is the next location after all bytes of EatMsg. So $-EatMsg is "address after all bytes of EatMsg minus address of beginning of EatMsg" = "length of EatMsg" = 14 decimal = 0x0E hexadecimal.
Your debugger is likely interpreting this length as an address. Small values such as these cannot be referenced as addresses. You should display this merely as a value, not interpret is as address.