I am trying to reproduce an example given in the book "The Art of Exploitation" by Jon Erickson. The procedure is actually pretty simple: I want to give commandline-arguments to my program and examine their memory addresses using lldb. The C class looks something like this:
#include <stdio.h>
int main(int arg_count, char *arg_list[]) {
// something
}
To examine the program with lldb i do the following:
lldb ./a.out
(lldb) target create "./a.out"
Current executable set to '/Users/<path>/a.out' (x86_64).
(lldb) b main
Breakpoint 1: where = a.out`main + 22 at commandline.c:7:50, address = 0x0000000100003f06
(lldb) run first second
Process 4161 launched: '/Users/<path>/a.out' (x86_64)
Process 4161 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
frame #0: 0x0000000100003f06 a.out`main(arg_count=3, arg_list=0x00007ffeefbffa40) at commandline.c:7:50
Target 0: (a.out) stopped.
So now I expect the next three memory-words, after the address stored in arg_list, to point to the adresses of the strings given through the command line. I know that the first argument is always a string that contains the path to my ./a.out file.
(lldb) x/3xw arg_list
0x7ffeefbffa40: 0xefbffbb8 0x00007ffe 0xefbffbe9
(lldb) x/s 0xefbffbb8
error: failed to read memory from 0xefbffbb8.
(lldb) x/s 0x00007ffe
error: failed to read memory from 0x7ffe.
So when I try to examine the memory, it always fails. Does anyone know why? The example in the book uses the gdb debugger and it works fine.
The book looks to be written for 32-bit code, but your system is 64-bit. So the pointers are 64 bits each. Try x/3xg arg_list, where the g is for "giant", gdb's size letter for an 8-byte object. This should give you three 64-bit values starting with 0x00007ffeefbffbb8 and then you can x/s 0x00007ffeefbffbb8.
(You may want to find a different book that matches your system better, or set up a 32-bit Linux VM for following along with it.)