Search code examples
c++gdbxxd

Addresses in gdb versus xxd dump

I'm trying to find a line of code in an xxd dump. If I open the executable with gdb and add a breakpoint at the line of code, it shows an address like 0x8212224, but my xxd dump only goes as high as 0x3040080.

Is there a way to translate the gdb address to what's in the dump? Or is there a better way for me to get the address in an xxd dump?

Solution

  • I'm trying to find a line of code in an xxd dump.

    What for? What are you really trying to achieve?

    Chances are, you can achieve that much easier with GDB.

    If I open the executable with gdb and add a breakpoint at the line of code, it shows an address like 0x8212224, but my xxd dump only goes as high as 0x3040080.

    You need to understand a lot more about your executable than that.

    Run this command: readelf -l your_exe. That will show you that there are multiple LOAD segments in your executable, and will tell you at which offset these segments begin in the file, at which virtual address these segments should appear in memory, how big they are, and what protection they should have.

    For example:

    $ readelf -l a.out

Elf file type is EXEC (Executable file)
Entry point 0x80482f0
There are 9 program headers, starting at offset 52

Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  PHDR           0x000034 0x08048034 0x08048034 0x00120 0x00120 R E 0x4
  INTERP         0x000154 0x08048154 0x08048154 0x00013 0x00013 R   0x1
      [Requesting program interpreter: /lib/ld-linux.so.2]
  LOAD           0x000000 0x08048000 0x08048000 0x0056c 0x0056c R E 0x1000
  LOAD           0x000f08 0x08049f08 0x08049f08 0x00114 0x00118 RW  0x1000
  DYNAMIC        0x000f14 0x08049f14 0x08049f14 0x000e8 0x000e8 RW  0x4
  NOTE           0x000168 0x08048168 0x08048168 0x00044 0x00044 R   0x4
  GNU_EH_FRAME   0x000490 0x08048490 0x08048490 0x0002c 0x0002c R   0x4
  GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x10
  GNU_RELRO      0x000f08 0x08049f08 0x08049f08 0x000f8 0x000f8 R   0x1

    This tells you that the program executable text (the first LOAD segment) appears in memory at address 0x08048000, and in file at offset 0. That is, an instruction that xxd would show at offset 0x124 into the file will appear at address 0x08048124 in memory.

    Assuming your executable is also linked to load at default address of 0x08048000, the instruction at 0x8212224 in memory will appear at offset 0x1ca224 in xxd output.