Search code examples
assemblygdbx86-64gnu

Why GDB examination results differ depending on whether I examined a string beforehand?

I cannot figure out why GDB is returning different results when examining RAM addresses, depending on whether I examine my string beforehand or not:

  • If I Examine my string ("hello, world" in 0x404028 address), GDB is returning a single byte when I'm examining addresses from my main function (x/x 0x401110 = 0xb8)
  • If I Examine my main fuction without examining the string beforehand, GDB is returning 4 bytes instead (x/x 0x401110 = 0x000001b8)

Examining further addresses shows that 0x401111 is essentially 0x401110 shifted by 1 byte and so on. I'm wondering which one is accurate, whether 0x401110 is actually referring to 4 bytes or a single byte. Both results + x86_64 Assembly source code

Solution

  • help x says:

    Defaults for format and size letters are those previously used.

    Apparently the s format implicitly sets the size to byte size.

    You can manually specify the size by adding a b or w size specifier:

    x/xw 0x401110 (32-bit)

    x/xb 0x401110 (8-bit)